| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Links funktionieren nicht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.11.2011, 16:01
| #1 |
| |  Google Links funktionieren nicht mehr Hallo!! Ich habe seit 2 Tagen das Problem, dass ich im Google keine Links mehr öffnen kann. Ich kann zwar noch nach Suchbegriffen suchen (dauert ungewöhnlich lange), aber diese dann nicht mehr öffnen. habe jetzt diese otl-datei wie in der anleitung beschrieben gemacht. hoff, ich hab alles richtig gemacht und ihr könnt mir helfen vielen dank auf jeden fall schon mal im voraus!!! lg, sabine OTL.txt: OTL logfile created on: 12.11.2011 15:29:54 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sabine\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 39,06% Memory free 3,74 Gb Paging File | 2,19 Gb Available in Paging File | 58,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 139,05 Gb Total Space | 62,67 Gb Free Space | 45,07% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 1,07 Gb Free Space | 11,93% Space Free | Partition Type: NTFS Drive F: | 1020,00 Mb Total Space | 976,52 Mb Free Space | 95,74% Space Free | Partition Type: FAT32 Drive G: | 25,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SABINE-NOTEBOOK | User Name: Sabine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.12 15:27:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sabine\Desktop\OTL.exe PRC - [2011.05.28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2010.11.23 16:50:15 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe PRC - [2010.09.16 12:22:39 | 009,319,792 | ---- | M] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) -- C:\Programme\bob internet\bobInternet.exe PRC - [2008.10.31 20:12:10 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.31 20:12:05 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.08.04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2008.06.12 14:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2008.06.02 18:57:40 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2008.06.02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe PRC - [2008.05.30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2008.05.15 23:11:12 | 001,176,824 | ---- | M] (AuthenTec, Inc.) -- c:\Programme\Fingerprint Sensor\AtService.exe PRC - [2008.05.14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2008.05.14 18:54:36 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe PRC - [2008.03.31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2008.03.21 22:58:46 | 000,292,120 | ---- | M] (Infineon Technologies AG) -- c:\Programme\Hewlett-Packard\Embedded Security Software\PSDrt.exe PRC - [2008.03.21 22:54:56 | 000,210,200 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxPsdSv.exe PRC - [2008.01.21 03:25:56 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:56 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:24:16 | 000,117,248 | ---- | M] () -- \\?\C:\windows\System32\wbem\WMIADAP.EXE PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 03:23:55 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.16 17:56:50 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.01.16 17:56:50 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe PRC - [2007.01.19 12:55:00 | 005,674,352 | ---- | M] (Microsoft Corporation) -- C:\Programme\MSN Messenger\msnmsgr.exe PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2011.06.29 18:37:59 | 011,800,576 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.06.29 18:37:44 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.06.29 18:37:09 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll MOD - [2011.06.29 18:18:41 | 005,450,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.06.29 18:18:15 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.06.29 18:18:01 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.06.29 18:16:22 | 007,950,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.06.29 18:15:10 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.08.20 15:14:19 | 001,316,864 | ---- | M] () -- C:\Programme\bob internet\Skins\bob\bob.dbskin MOD - [2010.08.19 18:32:30 | 000,086,016 | ---- | M] () -- C:\Programme\bob internet\resetregistry.dll MOD - [2008.08.04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe MOD - [2008.07.27 19:03:09 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2008.07.27 19:03:08 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.06.30 11:26:21 | 001,679,360 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3063.14741__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l MOD - [2008.06.30 11:26:21 | 000,688,128 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3063.14908__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2008.06.30 11:26:21 | 000,364,544 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3063.14929__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2008.06.30 11:26:21 | 000,253,952 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3063.14702__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.06.30 11:26:21 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3063.14754__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.06.30 11:26:21 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3063.14922__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.06.30 11:26:21 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3063.14889__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.06.30 11:26:21 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3063.14734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.06.30 11:26:21 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3063.14847__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l MOD - [2008.06.30 11:26:21 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3063.14721__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll MOD - [2008.06.30 11:26:20 | 000,483,328 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3063.14951__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.06.30 11:26:05 | 000,352,256 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3063.14897__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.06.30 11:26:05 | 000,147,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3063.14950__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll MOD - [2008.06.30 11:26:05 | 000,135,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3063.14957__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.06.30 11:26:05 | 000,090,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3063.14902__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.06.30 11:26:05 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3063.14714__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.06.30 11:26:05 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3063.14896__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.06.30 11:26:05 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3063.14949__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.06.30 11:26:04 | 000,901,120 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3063.14923__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2008.06.30 11:26:04 | 000,802,816 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3063.14855__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.06.30 11:26:04 | 000,663,552 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3063.14891__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2008.06.30 11:26:04 | 000,585,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3063.14766__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll MOD - [2008.06.30 11:26:04 | 000,479,232 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3063.14849__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.06.30 11:26:04 | 000,446,464 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3063.14842__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.06.30 11:26:04 | 000,438,272 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3063.14722__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll MOD - [2008.06.30 11:26:04 | 000,401,408 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3063.14914__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.06.30 11:26:04 | 000,401,408 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3063.14883__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.06.30 11:26:04 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3063.14771__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.06.30 11:26:04 | 000,217,088 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3063.14760__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.06.30 11:26:04 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3063.14869__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll MOD - [2008.06.30 11:26:04 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3063.14854__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.06.30 11:26:04 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3063.14848__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.06.30 11:26:04 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3063.14771__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll MOD - [2008.06.30 11:26:04 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3063.14854__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.06.30 11:26:04 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3063.14868__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll MOD - [2008.06.30 11:26:04 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3063.14882__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.06.30 11:26:04 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.06.30 11:26:04 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.06.30 11:26:03 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.06.30 11:26:03 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.06.30 11:26:03 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.06.30 11:26:03 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.06.30 11:26:03 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.06.30 11:26:03 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.06.30 11:26:03 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.06.30 11:26:03 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.06.30 11:26:03 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.06.30 11:26:03 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.06.30 11:26:03 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.06.30 11:26:03 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.06.30 11:26:03 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.06.30 11:26:03 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.06.30 11:26:03 | 000,006,656 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.06.30 11:26:02 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.06.30 11:26:02 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.06.30 11:26:02 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.06.30 11:26:02 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.06.30 11:26:02 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.06.30 11:26:02 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.06.30 11:26:02 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l MOD - [2008.06.30 11:26:02 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.06.30 11:26:02 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l MOD - [2008.06.30 11:26:02 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.06.30 11:26:02 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.06.30 11:26:02 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.06.30 11:26:02 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l MOD - [2008.06.30 11:26:02 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.06.30 11:26:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.06.30 11:25:57 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3063.14728__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.06.30 11:25:57 | 000,102,400 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3063.14943__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.06.30 11:25:57 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3063.14694__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.06.30 11:25:57 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3063.14941__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.06.30 11:25:57 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.06.30 11:25:57 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.06.30 11:25:57 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3063.14967__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.06.30 11:25:57 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.06.30 11:25:57 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.06.30 11:25:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.06.30 11:25:57 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.06.30 11:25:57 | 000,006,656 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3063.14693__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.06.30 11:25:56 | 001,511,424 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3063.14709__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.06.30 11:25:56 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3063.14694__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.06.30 11:25:56 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3063.14692__90ba9c70f846762e\APM.Server.dll MOD - [2008.06.30 11:25:56 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3063.14693__90ba9c70f846762e\AEM.Server.dll MOD - [2008.06.30 11:25:56 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.06.30 11:25:56 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3063.14942__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.06.30 11:25:56 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.06.30 11:25:56 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.06.30 11:25:56 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.05.21 10:38:12 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.02.04 21:29:02 | 000,688,128 | ---- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll MOD - [2008.01.16 17:51:00 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.08.14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV - [2008.10.31 20:12:10 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.31 20:12:05 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.06.02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2008.05.30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2008.05.15 23:11:12 | 001,176,824 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- c:\Programme\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2008.05.14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008.03.21 22:54:56 | 000,210,200 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca) SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2011.01.02 19:21:12 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.03.02 13:54:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.03.02 13:54:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.03.02 13:54:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010.02.22 09:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.05.27 16:03:35 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.27 16:03:31 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.05.27 16:03:27 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008.05.30 17:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2008.05.30 17:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2008.05.30 17:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2008.05.30 17:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2008.05.21 11:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.05.15 21:29:32 | 000,475,520 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008.04.10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.04.07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008.04.07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.03.21 22:54:26 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\windows\System32\drivers\psd.sys -- (PersonalSecureDrive) DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.21 03:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=83&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Sabine\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks) ========== Chrome ========== CHR - default_search_provider: ICQ Search () CHR - default_search_provider: search_url = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [msnmsgr] C:\Programme\MSN Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\Sabine\qiload1B.dll (Microsoft Corporation) O4 - Startup: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanrdiskrm82.dll (Microsoft Corporation) O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-AT\local\search.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00DFC09C-0A6E-478A-A72A-C9A9C4F0F2DF}: NameServer = 194.48.139.254 194.48.124.200 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) -C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.16 16:43:21 | 000,000,421 | R--- | M] () - G:\AutoRun.dat -- [ CDFS ] O32 - AutoRun File - [2010.08.11 18:15:32 | 000,342,864 | R--- | M] () - G:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009.05.19 13:56:57 | 000,000,044 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{18c47f8c-4b45-11e0-b546-9d5649a75435}\Shell - "" = AutoRun O33 - MountPoints2\{18c47f8c-4b45-11e0-b546-9d5649a75435}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010.08.11 18:15:32 | 000,342,864 | R--- | M] () O33 - MountPoints2\{18c47f9e-4b45-11e0-b546-9d5649a75435}\Shell - "" = AutoRun O33 - MountPoints2\{18c47f9e-4b45-11e0-b546-9d5649a75435}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010.08.11 18:15:32 | 000,342,864 | R--- | M] () O33 - MountPoints2\{31a08a4c-809d-11e0-88eb-df70dc50563c}\Shell - "" = AutoRun O33 - MountPoints2\{31a08a4c-809d-11e0-88eb-df70dc50563c}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010.08.11 18:15:32 | 000,342,864 | R--- | M] () O33 - MountPoints2\{cf44e32e-4199-11df-afc9-902a72a6be30}\Shell - "" = AutoRun O33 - MountPoints2\{cf44e32e-4199-11df-afc9-902a72a6be30}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010.08.11 18:15:32 | 000,342,864 | R--- | M] () O33 - MountPoints2\{cf44e346-4199-11df-afc9-902a72a6be30}\Shell - "" = AutoRun O33 - MountPoints2\{cf44e346-4199-11df-afc9-902a72a6be30}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010.08.11 18:15:32 | 000,342,864 | R--- | M] () O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010.08.11 18:15:32 | 000,342,864 | R--- | M] () O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\System32\rundll32.exe" "C:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.12 15:27:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sabine\Desktop\OTL.exe [2008.10.31 19:31:54 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll [2008.10.31 19:31:53 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll [1 C:\Users\Sabine\Desktop\*.tmp files -> C:\Users\Sabine\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.12 15:41:32 | 000,000,897 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk [2011.11.12 15:29:39 | 002,107,744 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011.11.12 15:29:39 | 001,073,222 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011.11.12 15:29:39 | 000,617,076 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011.11.12 15:29:39 | 000,541,122 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011.11.12 15:27:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sabine\Desktop\OTL.exe [2011.11.12 15:22:29 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.12 15:21:59 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.12 15:21:58 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.12 15:21:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011.11.12 15:21:46 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys [2011.11.12 15:20:36 | 000,001,660 | ---- | M] () -- C:\windows\bthservsdp.dat [2011.11.12 15:19:50 | 000,000,190 | ---- | M] () -- C:\Users\Sabine\defogger_reenable [2011.11.12 15:18:30 | 000,050,477 | ---- | M] () -- C:\Users\Sabine\Desktop\Defogger.exe [2011.11.12 14:42:04 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.09 20:04:13 | 000,000,680 | ---- | M] () -- C:\Users\Sabine\AppData\Local\d3d9caps.dat [2011.11.04 19:20:40 | 000,036,056 | ---- | M] () -- C:\Users\Sabine\Desktop\EVN - Zwischenabrechnung KdNr 11159762.pdf [2011.11.01 18:46:48 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [1 C:\Users\Sabine\Desktop\*.tmp files -> C:\Users\Sabine\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.12 15:19:28 | 000,000,190 | ---- | C] () -- C:\Users\Sabine\defogger_reenable [2011.11.12 15:18:24 | 000,050,477 | ---- | C] () -- C:\Users\Sabine\Desktop\Defogger.exe [2011.11.12 14:55:17 | 000,000,897 | ---- | C] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk [2011.11.04 19:20:37 | 000,036,056 | ---- | C] () -- C:\Users\Sabine\Desktop\EVN - Zwischenabrechnung KdNr 11159762.pdf [2011.09.23 13:54:20 | 000,002,554 | ---- | C] () -- C:\windows\WAVEMIX.INI [2011.06.19 17:55:12 | 000,095,664 | ---- | C] () -- C:\Users\Sabine\AppData\Roaming\mdbu.bin [2011.05.23 06:20:02 | 000,000,000 | ---- | C] () -- C:\Users\Sabine\AppData\Local\{E052E979-EAFA-4938-926E-45F167AD4BE2} [2011.05.21 08:32:31 | 000,000,000 | ---- | C] () -- C:\Users\Sabine\AppData\Local\{44146EC3-1C8A-4987-90A8-E245C9177B65} [2010.07.19 12:14:11 | 000,284,160 | ---- | C] () -- C:\windows\unin0407.exe [2010.06.08 14:19:24 | 000,692,224 | ---- | C] () -- C:\windows\System32\libeay32.dll [2010.06.08 14:19:24 | 000,151,552 | ---- | C] () -- C:\windows\System32\ssleay32.dll [2010.04.20 15:31:43 | 000,936,832 | ---- | C] () -- C:\windows\System32\M2ElevatedCalls.dll [2010.01.19 20:48:00 | 000,000,680 | ---- | C] () -- C:\Users\Sabine\AppData\Local\d3d9caps.dat [2009.07.28 09:59:53 | 000,012,949 | ---- | C] () -- C:\Users\Sabine\AppData\Roaming\Microsoft Excel 97-2003.CAL [2008.11.04 20:15:49 | 000,028,160 | ---- | C] () -- C:\Users\Sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.01 10:39:44 | 000,000,145 | ---- | C] () -- C:\windows\System32\EBPPORT.DAT [2008.11.01 10:21:46 | 000,000,094 | ---- | C] () -- C:\Users\Sabine\AppData\Local\fusioncache.dat [2008.11.01 10:21:36 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2008.10.31 20:14:33 | 000,106,605 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin [2008.10.31 20:14:33 | 000,018,904 | ---- | C] () -- C:\windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.31 19:31:54 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys [2008.10.31 19:31:54 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2008.10.31 19:31:53 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys [2008.10.31 19:13:30 | 000,001,660 | ---- | C] () -- C:\windows\bthservsdp.dat [2008.06.30 12:17:59 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll [2008.06.30 12:17:59 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll [2008.06.30 12:17:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll [2008.06.30 12:17:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll [2008.06.30 12:17:59 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll [2008.06.30 12:17:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll [2008.06.30 11:50:28 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2008.06.30 11:01:15 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2008.05.30 17:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys [2008.05.21 10:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll [2008.05.21 10:09:24 | 003,107,788 | ---- | C] () -- C:\windows\System32\atiumdva.dat [2008.04.15 21:22:46 | 000,290,748 | ---- | C] () -- C:\windows\System32\perfi007.dat [2008.04.15 21:22:45 | 002,107,744 | ---- | C] () -- C:\windows\System32\perfh007.dat [2008.04.15 21:22:45 | 000,617,076 | ---- | C] () -- C:\windows\System32\perfc007.dat [2008.04.15 21:22:45 | 000,036,916 | ---- | C] () -- C:\windows\System32\perfd007.dat [2008.03.06 11:40:54 | 000,168,883 | ---- | C] () -- C:\windows\System32\atiicdxx.dat [2008.03.04 20:02:00 | 000,090,112 | ---- | C] () -- C:\windows\System32\atibrtmon.exe [2008.01.21 03:25:51 | 000,062,976 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe [2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2006.11.02 13:47:43 | 000,418,288 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 001,073,222 | ---- | C] () -- C:\windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,541,122 | ---- | C] () -- C:\windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll [2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll [1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll ========== LOP Check ========== [2011.07.18 18:28:58 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\HappyFoto [2009.01.10 16:30:12 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\ICQ [2008.10.31 19:25:17 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Infineon [2011.01.02 19:10:52 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\InterVideo [2011.08.26 04:27:50 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\log [2011.11.12 15:20:37 | 000,032,630 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.10.31 19:37:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.06.24 08:45:18 | 000,000,000 | ---D | M] -- C:\50549dacca8f23dae0 [2010.07.12 17:15:53 | 000,000,000 | ---D | M] -- C:\ANNO1602 [2008.04.16 10:47:43 | 000,000,000 | -HSD | M] -- C:\boot [2006.11.02 14:02:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.10.31 19:19:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.12.20 10:16:19 | 000,000,000 | ---D | M] -- C:\Games [2008.06.30 11:48:41 | 000,000,000 | -H-D | M] -- C:\hp [2009.02.01 18:44:04 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 03:33:10 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.06.30 19:16:14 | 000,000,000 | R--D | M] -- C:\Program Files [2011.06.19 17:19:00 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.10.31 19:19:38 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.24 11:56:50 | 000,000,000 | ---D | M] -- C:\SIMTOWER [2011.08.26 04:29:13 | 000,000,000 | ---D | M] -- C:\Swsetup [2011.11.12 15:37:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.10.31 19:35:19 | 000,000,000 | -H-D | M] -- C:\System.sav [2011.06.30 19:19:12 | 000,000,000 | ---D | M] -- C:\UbiSoft [2008.10.31 19:24:57 | 000,000,000 | R--D | M] -- C:\Users [2011.06.20 18:48:19 | 000,000,000 | ---D | M] -- C:\VGigant [2010.06.06 20:25:21 | 000,000,000 | ---D | M] -- C:\VWLUPO [2011.10.29 08:28:08 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 03:25:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:25:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 13:19:42 ========== Alternate Data Streams ========== @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:BC359956 @Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:0E08FC17 < End of report > Extras.txt OTL Extras logfile created on: 12.11.2011 15:29:54 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sabine\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 39,06% Memory free 3,74 Gb Paging File | 2,19 Gb Available in Paging File | 58,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 139,05 Gb Total Space | 62,67 Gb Free Space | 45,07% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 1,07 Gb Free Space | 11,93% Space Free | Partition Type: NTFS Drive F: | 1020,00 Mb Total Space | 976,52 Mb Free Space | 95,74% Space Free | Partition Type: FAT32 Drive G: | 25,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SABINE-NOTEBOOK | User Name: Sabine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A9101D6-9198-453E-BDD0-0EDA6B516363}" = lport=445 | protocol=6 | dir=in | app=system | "{12AC5AC6-7341-4F6E-8F26-C062158F7D9A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{14E0D639-77E5-4315-BB7D-74A1CC93C3BD}" = lport=16051 | protocol=6 | dir=in | name=aris70_name_private | "{16D70E88-B0B3-448F-BAAE-576312A27C8D}" = lport=16056 | protocol=6 | dir=in | name=aris70_local_sybasev | "{17A3F4C2-5B5A-4F69-B862-562868E2BEE1}" = lport=9124 | protocol=6 | dir=in | name=aris70_9124 | "{1913E58D-4D3C-44BA-B362-D9B279AB8144}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1A27B55B-FBAE-437D-A0A5-B0238CAA48F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{223ACED6-5ADE-4546-A7D4-C1FA6A98F65B}" = rport=445 | protocol=6 | dir=out | app=system | "{2A0D73D0-8B6C-464D-BEED-57FAD5DBCEA6}" = lport=138 | protocol=17 | dir=in | app=system | "{2BFFA8A8-ED05-4194-AEB6-1219D23B2DA8}" = lport=16052 | protocol=6 | dir=in | name=aris70_admin | "{31ADB8E7-5533-4065-B9C6-132EC5F1D93F}" = lport=16054 | protocol=6 | dir=in | name=aris70_sybase | "{336DF486-73EA-427A-B4D0-EE354BF22FA1}" = lport=137 | protocol=17 | dir=in | app=system | "{44029861-2315-46C5-ABCA-D06A3AAD9251}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4BAD92AC-D794-44CF-A92F-637D1662E5FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5ACF1866-4AA0-4B90-8B24-94C42F6A654C}" = lport=16057 | protocol=6 | dir=in | name=aris70_local_private | "{60100F34-F476-4DC5-90B8-9717092A56AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{78CDFCE4-6459-4CD7-94FD-7A21DC90EED7}" = lport=16055 | protocol=6 | dir=in | name=aris70_local_public | "{81C3F19D-C878-452D-9F07-26A4E4EDFA54}" = lport=16058 | protocol=6 | dir=in | name=aris70_local_admin | "{8305FDB5-B5DA-41DE-A95F-7E6CC7B2E0D2}" = lport=139 | protocol=6 | dir=in | app=system | "{87EA4BBB-7951-4EAE-A679-E760F4F3E8DB}" = lport=16059 | protocol=6 | dir=in | name=aris70_bp_service | "{8CBE30D1-69B2-4A7D-B89A-883F2AD11F6F}" = lport=16053 | protocol=6 | dir=in | name=aris70_admin_agent | "{8D7B1322-0BD6-4926-B189-F95D84B98A03}" = lport=16050 | protocol=6 | dir=in | name=aris70_name_public | "{9228E6BA-5C03-432A-B60F-DA50F61304BA}" = rport=137 | protocol=17 | dir=out | app=system | "{A19EDC40-BB1E-4A17-875D-51A9355B4D1B}" = lport=9125 | protocol=6 | dir=in | name=aris70_9125 | "{A3E23614-58C0-4818-A3D1-B0419705C529}" = lport=2869 | protocol=6 | dir=in | app=system | "{B37BD1AD-0D63-47C0-84A5-237E4014E1FF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BC87D352-44CD-4BA0-938F-7D61A8BCD2E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{CCAD4863-EF7A-4767-9BF0-DCA8A00152F0}" = rport=138 | protocol=17 | dir=out | app=system | "{D77F4295-F207-4994-A9D8-90345087D35E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E634EE05-8A0D-41CE-BF63-E289A486D9EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EAAAE799-1E1F-41B0-96CB-26980E056BC0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F8305961-F638-4EA0-9B41-68F7F1F9DBF8}" = rport=139 | protocol=6 | dir=out | app=system | "{FBD4E042-00DA-4E33-9A75-3490B1C5F5E4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{080D8E5E-8CEA-4FF1-9ACC-E1CB6355D658}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{18797199-C1C1-49DA-A82F-43524FFA778C}" = protocol=17 | dir=in | app=c:\program files\aris7.0\javaclient\arisadm70.exe | "{1B3AB01F-FB1B-45F3-88AF-57AA25881F62}" = protocol=17 | dir=in | app=c:\program files\aris7.0\localserver\asa9\win32\dbsrv9.exe | "{204E59CB-E4B5-4902-BBDF-735B20AD05D4}" = protocol=17 | dir=in | app=c:\program files\aris7.0\javaclient\aris business architect 7.0.exe | "{24CA7512-642D-4631-B0EE-5F410AD23CD4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{3EB3AEBD-1D26-45CB-AE45-3CC82FB7E38C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4CFAA8FD-2EF8-4CD8-A80F-EDD096970536}" = protocol=17 | dir=in | app=c:\program files\aris7.0\reportserver.exe | "{4F0438F3-1393-4EE0-B618-C2AF84C52C89}" = protocol=6 | dir=in | app=c:\program files\aris7.0\javaclient\aris symbol editor 7.0.exe | "{565E596B-D0BC-4909-9EE3-D55E70C892B9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{5B103368-574E-491A-B117-6A3CD82AD4E0}" = protocol=17 | dir=in | app=c:\program files\aris7.0\javaclient\aris converter 7.0.exe | "{5DDC834D-5B36-4888-80FF-2A2954FD959F}" = protocol=17 | dir=in | app=c:\program files\aris7.0\localserver\jre\bin\java.exe | "{60B9F905-5233-49CA-8F45-07E2EAA1629D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{61CA8528-1176-48C6-A874-9726934CC1B1}" = protocol=6 | dir=in | app=c:\program files\aris7.0\localserver\jre\bin\java.exe | "{69F7AFD0-25EC-46B6-94E9-A50612318069}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{74911FE8-8EEB-4324-8ABF-883988D0FA22}" = protocol=17 | dir=in | app=c:\program files\aris7.0\reportserverlauncher.exe | "{990CE8FD-4F5B-495C-AFAA-B5DD772ED975}" = protocol=6 | dir=in | app=c:\program files\aris7.0\localserver\asa9\win32\dbsrv9.exe | "{9E7B2B2D-75C1-4E3A-8B2F-4A25A90BA472}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9F3B9567-6215-4E88-B568-3E186B56498A}" = protocol=6 | dir=in | app=c:\program files\aris7.0\reportserver.exe | "{B2A0B895-C4B4-4BD2-A270-F4C9D0B12B19}" = protocol=17 | dir=in | app=c:\program files\aris7.0\javaclient\jre\bin\java.exe | "{B4AE76C1-CBE6-4452-A896-3D25797B869D}" = protocol=6 | dir=in | app=c:\program files\aris7.0\localserver\jsl\simusrv.exe | "{B9BB4F5C-5B64-4563-80D2-EB06F29C358C}" = protocol=17 | dir=in | app=c:\program files\aris7.0\arisserverw70.exe | "{C536EA9D-341C-4D0E-BD4D-E42A8AE184B8}" = protocol=17 | dir=in | app=c:\program files\aris7.0\localserver\jsl\simusrv.exe | "{C5B07298-DD56-4F92-BE2D-7DD1C277DD19}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C70EB837-FEF2-4C1D-B66D-60C9F58DAF89}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{C932F4DB-A0CB-4AF0-B5A7-DF19502E1F41}" = protocol=6 | dir=in | app=c:\program files\aris7.0\javaclient\aris business architect 7.0.exe | "{CE3C7485-07B7-4DA7-96AF-97AE3727C336}" = protocol=6 | dir=in | app=c:\program files\aris7.0\javaclient\jre\bin\java.exe | "{D12A84BA-D41F-455E-81F0-07010DBFEC45}" = protocol=6 | dir=in | app=c:\program files\aris7.0\reportserverlauncher.exe | "{D89A6E45-B453-438E-92DE-80B42727E5D4}" = protocol=6 | dir=in | app=c:\program files\aris7.0\javaclient\aris converter 7.0.exe | "{E41D89FB-4100-4CC4-9423-A370901094FE}" = protocol=6 | dir=in | app=c:\program files\aris7.0\javaclient\arisadm70.exe | "{EFBEA68E-FBE2-491C-A232-3F376311CF0E}" = protocol=17 | dir=in | app=c:\program files\aris7.0\javaclient\aris symbol editor 7.0.exe | "{F5F09BE8-9191-4C77-8ACE-8C2631E73DA2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F77874CF-78C8-4112-8B3F-6D9CC18E0F4A}" = protocol=6 | dir=in | app=c:\program files\aris7.0\arisserverw70.exe | "TCP Query User{270725A4-EA0E-4D81-8C75-0B7556DE40CD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{427E0E9C-E157-44F8-850A-09CC015E5386}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{7C381007-844E-495F-A53B-3FAF410A4E59}C:\anno1602\1602.exe" = protocol=6 | dir=in | app=c:\anno1602\1602.exe | "TCP Query User{8330CE84-B00A-41D8-8542-4F0600D4AE40}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{968A46E5-E58B-4A42-8D6A-A659D70EADE7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{9B3052B8-9871-48A2-9036-698121BE25E3}C:\vwlupo\lupo.exe" = protocol=6 | dir=in | app=c:\vwlupo\lupo.exe | "TCP Query User{BB156D25-164E-44D2-A086-9F358F02F304}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{D02FD0C0-FB1E-4888-A7AE-491AB4882ACC}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | "TCP Query User{E6D64ABE-B085-41D2-8344-04CAF91B1CAD}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{F770C020-ADE8-4093-962B-14B124A39172}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{2B73E690-E065-4212-A66C-A1ECBCCA48F3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{2C5130C0-929E-47EF-A72E-FFED2DEEF66F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{430BB387-4E99-4E09-A731-8AAD74AC3D3F}C:\anno1602\1602.exe" = protocol=17 | dir=in | app=c:\anno1602\1602.exe | "UDP Query User{57968795-602A-494A-AA4D-AAF44B448CCC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{5F93C812-6A56-46A4-AF64-8DD3B79BA76E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{6152B654-4C4F-4D77-A00C-09E7CB495DDB}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | "UDP Query User{91806E53-D5D8-40A1-A26A-34B34EB1B8B9}C:\vwlupo\lupo.exe" = protocol=17 | dir=in | app=c:\vwlupo\lupo.exe | "UDP Query User{B555C58C-E98C-48D9-96D6-7B7BD8CD0E8E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{C41FF7CA-F9A8-4974-BF22-939A26258C6F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{FE12C7DE-DFDE-4200-A2D8-282321A8D881}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1 "{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1 "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07B22FB1-6A1E-41E7-8323-A9CA716026ED}" = bob internet "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{084D80A0-A897-F435-CE63-A3A7CDB46D9A}" = CCC Help Danish "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{0E485D10-139A-21B6-471C-7856AF893F42}" = Catalyst Control Center Localization Spanish "{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools "{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application "{196A2093-817C-7237-9FB8-7223FF8D3424}" = Catalyst Control Center Localization Portuguese "{19C6BC99-B7D0-E36A-3F72-24501D2FF8F0}" = Catalyst Control Center Localization Thai "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{2462B5A9-CDE0-A51C-5646-6863B445B717}" = CCC Help Dutch "{2472CC23-7C6E-F1A5-F439-B93CC198D0E2}" = Catalyst Control Center Graphics Light "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger "{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish "{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai "{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish "{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian "{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD "{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding "{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1 "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect "{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese "{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements "{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian "{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech "{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation "{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard "{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish "{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional "{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek "{63C8FE88-478F-4E14-ADD0-B55227CC3234}" = Personalize Your PC "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6C0B7864-DC0E-4C9E-BF4A-23E4AD590A5B}" = ARIS_Client "{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71EBA647-B48F-41DF-A928-6D088AC37E67}" = ARIS Platform 7.0 "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78584C1B-8F7B-4B24-80D1-02B309F67AB3}" = Privacy Manager for HP ProtectTools "{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools "{7BE6A272-9078-5035-FB61-D2D1C15D1EA0}" = Catalyst Control Center Localization Russian "{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian "{8595812B-9104-4196-B629-FD298D819399}" = HP User Guides 0097 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{9320B364-EF7F-90E6-63F8-C58EEB9AE517}" = Catalyst Control Center Graphics Full New "{959B8759-D31A-CE42-6BA1-A8F7812C040B}" = CCC Help Finnish "{959BAC64-7722-EBD6-660E-C74ED44CA0D3}" = Catalyst Control Center Localization Danish "{99A5C123-2741-45BA-276A-8BDA52303CAD}" = CCC Help German "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{9CDB5063-D699-42BA-9135-7B8C4ECAC856}" = BIOS Configuration for HP ProtectTools "{9DEE62F7-3C8A-A6E8-6D00-99BB99B0A19C}" = CCC Help French "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library "{A3EB6C7C-F959-9258-3A35-2A6EDB9CA176}" = CCC Help Hungarian "{A4B50564-9B8D-49DF-4A90-C6EC349A6538}" = Catalyst Control Center Localization Korean "{A55C2FF6-4217-F05B-E603-0544CB9EBD93}" = Catalyst Control Center Localization French "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABE1ADEC-E87A-48F7-808B-18614054D7A0}" = Embedded Security for HP ProtectTools "{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86 "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{B076BAB8-B78C-053A-FAC2-0A9CCD802E0A}" = CCC Help Korean "{B1508FDD-AFC7-373B-8B96-6A6BEC48A9A8}" = Catalyst Control Center Localization Polish "{B3B36E34-2E5A-20E8-AF99-A2D40E84CC6F}" = CCC Help Turkish "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B57BC333-F983-C25E-4C04-834548DF8607}" = Catalyst Control Center Localization Italian "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{BECF6C08-ED85-7F05-E2CD-43A18DA0B3D7}" = CCC Help Spanish "{BEEA5BCB-CCA1-6FBA-764C-625239FE0F50}" = CCC Help Polish "{C09C13C7-B636-01CC-D5A1-A7411F858891}" = Catalyst Control Center Localization Czech "{C19BD21C-AF1A-CBC1-3B73-938B37F6B0E6}" = CCC Help Chinese Traditional "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{C9EF2D75-ECB0-602D-6700-977702AD7CCF}" = Catalyst Control Center Graphics Full Existing "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools "{CC8128C5-EC9A-0167-65F5-305E78F1A535}" = CCC Help Russian "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0FF1E97-85BA-C735-1D4C-636293B0E9F0}" = CCC Help Greek "{D405A9E1-5D02-46FB-A2B3-796F1F218B32}" = HP ProtectTools Security Manager "{D4C5185C-A8DF-8466-FE8A-1692E08ECBF7}" = Skins "{D7FD9036-5EE1-A970-B981-BF46AF433380}" = Catalyst Control Center Localization German "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10 "{EF3C3C9A-C96B-051E-99D1-72D7CE823DA8}" = ccc-core-static "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F46CBAC2-20F4-98DA-D890-81F4DE2BF3BA}" = Catalyst Control Center Localization Finnish "{F545FAC8-4D05-229A-E1A3-3DF671518DC3}" = CCC Help English "{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{FECEF9D2-9D3D-449B-9EA4-CFA775C99461}" = AuthenTec Fingerprint System "{FF165D48-1562-B757-E006-69197226E903}" = CCC Help Japanese "{FFCA8569-F139-54BF-A9EF-092A3DFDFB4B}" = Catalyst Control Center Localization Dutch "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Agere Systems Soft Modem" = Agere Systems HDA Modem "ANNO1602" = Anno 1602 "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "AOL Toolbar" = AOL Toolbar 5.0 "bob internet" = bob internet "Der VerkehrsGigant-Gold Edition" = Der VerkehrsGigant-Gold Edition "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON-Drucker-Software "Google Chrome" = Google Chrome "Hospital" = Theme Hospital "HP QuickLook 2_is1" = HP QuickLook 2 "ICQToolbar" = ICQ Toolbar "Invekos-GIS" = Invekos-GIS "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mplayer.com" = Mplayer.com "Soulseek" = SoulSeek Client 156c "SynTPDeinstKey" = Synaptics Pointing Device Driver "UltraStar" = UltraStar 0.6.1 "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.01 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "sc09-ORF_MAIN" = ORF-Ski Challenge 2009 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.11.2011 10:02:02 | Computer Name = Sabine-Notebook | Source = LoadPerf | ID = 3012 Description = Error - 12.11.2011 10:02:02 | Computer Name = Sabine-Notebook | Source = LoadPerf | ID = 3011 Description = Error - 12.11.2011 10:03:18 | Computer Name = Sabine-Notebook | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc, Ausnahmecode 0xc0000374, Fehleroffset 0x000b0dbc, Prozess-ID 0xff0, Anwendungsstartzeit 01cca1438e4e5b57. Error - 12.11.2011 10:16:57 | Computer Name = Sabine-Notebook | Source = LoadPerf | ID = 3012 Description = Error - 12.11.2011 10:16:57 | Computer Name = Sabine-Notebook | Source = LoadPerf | ID = 3012 Description = Error - 12.11.2011 10:16:57 | Computer Name = Sabine-Notebook | Source = LoadPerf | ID = 3011 Description = Error - 12.11.2011 10:28:48 | Computer Name = Sabine-Notebook | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.31.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1440 Anfangszeit: 01cca14745f9da76 Zeitpunkt der Beendigung: 15 Error - 12.11.2011 10:29:36 | Computer Name = Sabine-Notebook | Source = LoadPerf | ID = 3012 Description = Error - 12.11.2011 10:29:36 | Computer Name = Sabine-Notebook | Source = LoadPerf | ID = 3012 Description = Error - 12.11.2011 10:29:36 | Computer Name = Sabine-Notebook | Source = LoadPerf | ID = 3011 Description = [ Credential Manager Events ] Error - 18.05.2011 15:09:08 | Computer Name = Sabine-Notebook | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Sabine@Sabine-Notebook Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 18.05.2011 15:09:48 | Computer Name = Sabine-Notebook | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Sabine@Sabine-Notebook Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 25.08.2011 14:41:39 | Computer Name = Sabine-Notebook | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. Benutzer: Sabine@Sabine-Notebook Client-GUID: {F01A31F7-51E5-4754-A9E9-47628503D6E2} Fehler: 0xC5161001 Client-Host: localhost Client-Adresse: 127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP Error - 21.09.2011 13:37:39 | Computer Name = Sabine-Notebook | Source = AuthWiz | ID = 100796070 Description = The submitted user identity was rejected. Benutzer: Sabine@SABINE-NOTEBOOK Fehler: (0xC516043A) Das System konnte den angeforderten Vorgang nicht ausführen. Der Hauptschlüsselsatz des Authentifizierungsservers ist nicht ordnungsgemäß konfiguriert. Bitte wenden Sie sich an Ihren Systemadministrator. [ System Events ] Error - 12.11.2011 10:03:32 | Computer Name = Sabine-Notebook | Source = DCOM | ID = 10016 Description = Error - 12.11.2011 10:09:15 | Computer Name = Sabine-Notebook | Source = HTTP | ID = 15016 Description = Error - 12.11.2011 10:11:26 | Computer Name = Sabine-Notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 12.11.2011 10:12:04 | Computer Name = Sabine-Notebook | Source = DCOM | ID = 10016 Description = Error - 12.11.2011 10:13:33 | Computer Name = Sabine-Notebook | Source = DCOM | ID = 10016 Description = Error - 12.11.2011 10:16:28 | Computer Name = Sabine-Notebook | Source = DCOM | ID = 10016 Description = Error - 12.11.2011 10:21:55 | Computer Name = Sabine-Notebook | Source = HTTP | ID = 15016 Description = Error - 12.11.2011 10:24:39 | Computer Name = Sabine-Notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 12.11.2011 10:24:56 | Computer Name = Sabine-Notebook | Source = DCOM | ID = 10016 Description = Error - 12.11.2011 10:26:22 | Computer Name = Sabine-Notebook | Source = DCOM | ID = 10016 Description = < End of report > |
|
12.11.2011, 17:09
| #2 |
| /// Malware-holic   | Google Links funktionieren nicht mehr hiho
__________________achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\Sabine\qiload1B.dll (Microsoft Corporation)
:Files
C:\Users\Sabine\qiload1B.dll
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
12.11.2011, 19:08
| #3 |
| | Google Links funktionieren nicht mehr All processes killed
__________________========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemonTool deleted successfully. C:\Users\Sabine\qiload1B.dll moved successfully. ========== FILES ========== File\Folder C:\Users\Sabine\qiload1B.dll not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Sabine ->Flash cache emptied: 456 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Sabine ->Temp folder emptied: 1083532 bytes ->Temporary Internet Files folder emptied: 353908720 bytes ->Java cache emptied: 45230653 bytes ->Google Chrome cache emptied: 6184450 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 424097819 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 976 bytes Total Files Cleaned = 792,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 11122011_184854 Files\Folders moved on Reboot... Registry entries deleted on Reboot... lg, Sabine |
|
12.11.2011, 19:12
| #4 |
| /// Malware-holic | Google Links funktionieren nicht mehr weiter mit der anleitung bitte, der upload im upload channel fehlt noch :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.11.2011, 19:30
| #5 |
| /// Malware-holic | Google Links funktionieren nicht mehr danke. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.11.2011, 18:37
| #6 |
| | Google Links funktionieren nicht mehr hallo! habe jetzt 2x versucht combofix auszführen, aber der pc ist mir jedes mal mittendrin abgestürzt. was kann ich jetzt tun? lg, sabine |
|
14.11.2011, 19:01
| #7 |
| /// Malware-holic | Google Links funktionieren nicht mehr wie siehts im abgesicherten modus aus? bei pc start mit f8 zu erreichen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.11.2011, 20:12
| #8 |
| | Google Links funktionieren nicht mehr im abgesicht modus hats geklappt... Combofix Logfile: Code:
ATTFilter ComboFix 11-11-14.02 - Sabine 14.11.2011 19:40:47.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.43.1031.18.1788.1328 [GMT 1:00]
ausgeführt von:: c:\users\Sabine\Desktop\cofi.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanrdiskrm82.dll
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-14 bis 2011-11-14 ))))))))))))))))))))))))))))))
.
.
2011-11-14 18:48 . 2011-11-14 18:52 -------- d-----w- c:\users\Sabine\AppData\Local\temp
2011-11-12 17:27 . 2011-11-12 18:09 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 18:50 . 2011-11-14 18:50 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D0AEC12-56E1-4DE3-84DB-8200EA0ECB72}\offreg.dll
2011-10-07 03:48 . 2011-11-12 17:21 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D0AEC12-56E1-4DE3-84DB-8200EA0ECB72}\mpengine.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"msnmsgr"="c:\progra~1\MSNMES~1\msnmsgr.exe" [2007-01-19 5674352]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-30 203928]
"NvCplDaemonTool"="c:\users\Sabine\qiload1B.dll" [2011-04-12 1273856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-02 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-04-21 1090840]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-14 10244096]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-01 136600]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-24 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-30 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 fjrtt;fjrtt;c:\windows\System32\drivers\mctbt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-11-29 181760]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 136176]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-02-22 9216]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-02 722416]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2008-03-21 39712]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-15 1176824]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-02 18944]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-30 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-14 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-05-15 475520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 19:50]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 19:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=83&bd=all&pf=cmnb
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-AT\local\search.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Hospital - c:\windows\unin0407.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(772)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
- - - - - - - > 'Explorer.exe'(3944)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\System32\lpksetup.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-14 20:00:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-11-14 19:00
.
Vor Suchlauf: Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
Nach Suchlauf: 20 Verzeichnis(se), 74.325.053.440 Bytes frei
.
- - End Of File - - 6E23461774C8D71525095057B4F78573
lg, Sabie |
|
14.11.2011, 20:18
| #9 |
| /// Malware-holic | Google Links funktionieren nicht mehr öffne mal bitte den arbeitsplatz c: rechtsklick qoobox, mit winrar zip oder nem anderen pack programm ein archiv erstellen und nach anleitung im upload channel hochladen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.11.2011, 20:34
| #10 |
| | Google Links funktionieren nicht mehr funktioniert leider nicht.. bekomm die fehlermeldung "kann den inhalt von c:\qoobox\BackEnv\* nicht lesen" |
|
14.11.2011, 20:43
| #11 |
| /// Malware-holic | Google Links funktionieren nicht mehr nicht so schlimm, auf ok bzw schließen klicken und archiv sollte trotzdem erstellt werden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.11.2011, 20:58
| #12 |
| | Google Links funktionieren nicht mehr hoffe, das passt jetzt so... |
|
14.11.2011, 21:11
| #13 |
| /// Malware-holic | Google Links funktionieren nicht mehr hatt geklappt, man dankt http://www.trojaner-board.de/82358-t...entfernen.html bitte mal ausführen, nichts löschen (skip) log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.11.2011, 16:52
| #14 |
| | Google Links funktionieren nicht mehr 16:49:15.0093 2176 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15 16:49:16.0466 2176 ============================================================ 16:49:16.0466 2176 Current date / time: 2011/11/15 16:49:16.0466 16:49:16.0466 2176 SystemInfo: 16:49:16.0466 2176 16:49:16.0466 2176 OS Version: 6.0.6001 ServicePack: 1.0 16:49:16.0466 2176 Product type: Workstation 16:49:16.0466 2176 ComputerName: SABINE-NOTEBOOK 16:49:16.0466 2176 UserName: Sabine 16:49:16.0466 2176 Windows directory: C:\windows 16:49:16.0466 2176 System windows directory: C:\windows 16:49:16.0466 2176 Processor architecture: Intel x86 16:49:16.0466 2176 Number of processors: 2 16:49:16.0481 2176 Page size: 0x1000 16:49:16.0481 2176 Boot type: Normal boot 16:49:16.0481 2176 ============================================================ 16:49:18.0774 2176 Initialize success 16:49:22.0347 3748 ============================================================ 16:49:22.0347 3748 Scan started 16:49:22.0347 3748 Mode: Manual; 16:49:22.0347 3748 ============================================================ 16:49:25.0030 3748 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\windows\system32\DRIVERS\Accelerometer.sys 16:49:25.0046 3748 Accelerometer - ok 16:49:25.0155 3748 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\windows\system32\drivers\acpi.sys 16:49:25.0155 3748 ACPI - ok 16:49:25.0389 3748 ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys 16:49:25.0404 3748 ADIHdAudAddService - ok 16:49:25.0529 3748 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys 16:49:25.0529 3748 adp94xx - ok 16:49:25.0716 3748 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys 16:49:25.0716 3748 adpahci - ok 16:49:25.0748 3748 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys 16:49:25.0763 3748 adpu160m - ok 16:49:25.0794 3748 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys 16:49:25.0794 3748 adpu320 - ok 16:49:25.0982 3748 AFD (48eb99503533c27ac6135648e5474457) C:\windows\system32\drivers\afd.sys 16:49:25.0982 3748 AFD - ok 16:49:26.0169 3748 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\windows\system32\DRIVERS\AGRSM.sys 16:49:26.0184 3748 AgereSoftModem - ok 16:49:26.0606 3748 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys 16:49:26.0606 3748 agp440 - ok 16:49:27.0027 3748 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys 16:49:27.0042 3748 aic78xx - ok 16:49:27.0183 3748 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys 16:49:27.0183 3748 aliide - ok 16:49:27.0276 3748 amdagp (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys 16:49:27.0292 3748 amdagp - ok 16:49:27.0386 3748 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys 16:49:27.0386 3748 amdide - ok 16:49:27.0479 3748 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys 16:49:27.0479 3748 AmdK7 - ok 16:49:27.0526 3748 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys 16:49:27.0526 3748 AmdK8 - ok 16:49:27.0698 3748 arc (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys 16:49:27.0698 3748 arc - ok 16:49:27.0838 3748 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys 16:49:27.0838 3748 arcsas - ok 16:49:28.0041 3748 AsyncMac (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys 16:49:28.0041 3748 AsyncMac - ok 16:49:28.0134 3748 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\windows\system32\drivers\atapi.sys 16:49:28.0134 3748 atapi - ok 16:49:28.0415 3748 atikmdag (5e4232783f05ebae72d22a91907a76f4) C:\windows\system32\DRIVERS\atikmdag.sys 16:49:28.0462 3748 atikmdag - ok 16:49:28.0524 3748 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\windows\system32\DRIVERS\AtiPcie.sys 16:49:28.0524 3748 AtiPcie - ok 16:49:28.0634 3748 ATSwpWDF (a9f9d1d24441889beb1aa2b917457e23) C:\windows\system32\Drivers\ATSwpWDF.sys 16:49:28.0634 3748 ATSwpWDF - ok 16:49:28.0727 3748 avgio (87828ecd657f81503465ac705e845076) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys 16:49:28.0727 3748 avgio - ok 16:49:28.0774 3748 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 16:49:28.0774 3748 avgntflt - ok 16:49:28.0977 3748 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\windows\system32\DRIVERS\avipbb.sys 16:49:28.0977 3748 avipbb - ok 16:49:29.0086 3748 b57nd60x (db76881f34e600fbb29bc3d7c854d056) C:\windows\system32\DRIVERS\b57nd60x.sys 16:49:29.0102 3748 b57nd60x - ok 16:49:29.0351 3748 BCM43XX (3f5e7621cdf6867d3d8417d13a098277) C:\windows\system32\DRIVERS\bcmwl6.sys 16:49:29.0382 3748 BCM43XX - ok 16:49:29.0523 3748 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys 16:49:29.0523 3748 Beep - ok 16:49:29.0632 3748 blbdrive (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys 16:49:29.0632 3748 blbdrive - ok 16:49:29.0710 3748 bowser (8153396d5551276227fa146900f734e6) C:\windows\system32\DRIVERS\bowser.sys 16:49:29.0710 3748 bowser - ok 16:49:30.0209 3748 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys 16:49:30.0209 3748 BrFiltLo - ok 16:49:30.0287 3748 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys 16:49:30.0287 3748 BrFiltUp - ok 16:49:30.0396 3748 Brserid (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys 16:49:30.0396 3748 Brserid - ok 16:49:30.0630 3748 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys 16:49:30.0630 3748 BrSerWdm - ok 16:49:30.0911 3748 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys 16:49:30.0927 3748 BrUsbMdm - ok 16:49:31.0005 3748 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys 16:49:31.0005 3748 BrUsbSer - ok 16:49:31.0270 3748 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\windows\system32\DRIVERS\BthEnum.sys 16:49:31.0270 3748 BthEnum - ok 16:49:31.0410 3748 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\windows\system32\DRIVERS\bthmodem.sys 16:49:31.0410 3748 BTHMODEM - ok 16:49:31.0457 3748 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\windows\system32\DRIVERS\bthpan.sys 16:49:31.0473 3748 BthPan - ok 16:49:31.0613 3748 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\windows\system32\Drivers\BTHport.sys 16:49:31.0613 3748 BTHPORT - ok 16:49:31.0644 3748 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\windows\system32\Drivers\BTHUSB.sys 16:49:31.0644 3748 BTHUSB - ok 16:49:31.0738 3748 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\windows\system32\drivers\btwaudio.sys 16:49:31.0738 3748 btwaudio - ok 16:49:31.0894 3748 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\windows\system32\drivers\btwavdt.sys 16:49:31.0894 3748 btwavdt - ok 16:49:32.0019 3748 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\windows\system32\DRIVERS\btwrchid.sys 16:49:32.0019 3748 btwrchid - ok 16:49:32.0362 3748 catchme - ok 16:49:32.0502 3748 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys 16:49:32.0502 3748 cdfs - ok 16:49:32.0612 3748 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\windows\system32\DRIVERS\cdrom.sys 16:49:32.0612 3748 cdrom - ok 16:49:32.0705 3748 circlass (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys 16:49:32.0705 3748 circlass - ok 16:49:32.0783 3748 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\windows\system32\CLFS.sys 16:49:32.0783 3748 CLFS - ok 16:49:32.0939 3748 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys 16:49:32.0939 3748 CmBatt - ok 16:49:33.0002 3748 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys 16:49:33.0002 3748 cmdide - ok 16:49:33.0111 3748 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys 16:49:33.0111 3748 Compbatt - ok 16:49:33.0158 3748 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys 16:49:33.0158 3748 crcdisk - ok 16:49:33.0236 3748 Crusoe (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys 16:49:33.0236 3748 Crusoe - ok 16:49:33.0360 3748 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\windows\system32\drivers\csc.sys 16:49:33.0376 3748 CSC - ok 16:49:33.0563 3748 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\windows\system32\Drivers\dfsc.sys 16:49:33.0579 3748 DfsC - ok 16:49:33.0735 3748 disk (64109e623abd6955c8fb110b592e68b7) C:\windows\system32\drivers\disk.sys 16:49:33.0735 3748 disk - ok 16:49:33.0860 3748 drmkaud (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys 16:49:33.0860 3748 drmkaud - ok 16:49:33.0984 3748 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\windows\System32\drivers\dxgkrnl.sys 16:49:34.0000 3748 DXGKrnl - ok 16:49:34.0109 3748 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys 16:49:34.0109 3748 E1G60 - ok 16:49:34.0187 3748 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\windows\system32\drivers\ecache.sys 16:49:34.0187 3748 Ecache - ok 16:49:34.0296 3748 elxstor (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys 16:49:34.0296 3748 elxstor - ok 16:49:34.0421 3748 ErrDev (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys 16:49:34.0421 3748 ErrDev - ok 16:49:34.0499 3748 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\windows\system32\drivers\exfat.sys 16:49:34.0515 3748 exfat - ok 16:49:34.0546 3748 fastfat (3c489390c2e2064563727752af8eab9e) C:\windows\system32\drivers\fastfat.sys 16:49:34.0546 3748 fastfat - ok 16:49:34.0593 3748 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys 16:49:34.0593 3748 fdc - ok 16:49:34.0702 3748 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys 16:49:34.0702 3748 FileInfo - ok 16:49:34.0780 3748 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys 16:49:34.0780 3748 Filetrace - ok 16:49:34.0858 3748 fjrtt - ok 16:49:34.0905 3748 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys 16:49:34.0905 3748 flpydisk - ok 16:49:35.0014 3748 FltMgr (05ea53afe985443011e36dab07343b46) C:\windows\system32\drivers\fltmgr.sys 16:49:35.0014 3748 FltMgr - ok 16:49:35.0139 3748 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys 16:49:35.0154 3748 Fs_Rec - ok 16:49:35.0232 3748 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys 16:49:35.0232 3748 gagp30kx - ok 16:49:35.0591 3748 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\windows\system32\DRIVERS\cpqbttn.sys 16:49:35.0591 3748 HBtnKey - ok 16:49:35.0732 3748 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys 16:49:35.0732 3748 HdAudAddService - ok 16:49:35.0778 3748 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\windows\system32\DRIVERS\HDAudBus.sys 16:49:35.0778 3748 HDAudBus - ok 16:49:35.0825 3748 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys 16:49:35.0825 3748 HidBth - ok 16:49:35.0903 3748 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys 16:49:35.0903 3748 HidIr - ok 16:49:36.0012 3748 HidUsb (854ca287ab7faf949617a788306d967e) C:\windows\system32\DRIVERS\hidusb.sys 16:49:36.0012 3748 HidUsb - ok 16:49:36.0122 3748 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys 16:49:36.0122 3748 HpCISSs - ok 16:49:36.0293 3748 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\windows\system32\DRIVERS\hpdskflt.sys 16:49:36.0293 3748 hpdskflt - ok 16:49:36.0402 3748 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys 16:49:36.0402 3748 HpqKbFiltr - ok 16:49:36.0543 3748 HTTP (96e241624c71211a79c84f50a8e71cab) C:\windows\system32\drivers\HTTP.sys 16:49:36.0543 3748 HTTP - ok 16:49:36.0636 3748 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\windows\system32\DRIVERS\ewusbmdm.sys 16:49:36.0636 3748 hwdatacard - ok 16:49:36.0699 3748 i2omp (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys 16:49:36.0714 3748 i2omp - ok 16:49:36.0824 3748 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys 16:49:36.0839 3748 i8042prt - ok 16:49:36.0933 3748 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys 16:49:36.0933 3748 iaStorV - ok 16:49:37.0026 3748 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys 16:49:37.0026 3748 iirsp - ok 16:49:37.0151 3748 intelide (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys 16:49:37.0151 3748 intelide - ok 16:49:37.0245 3748 intelppm (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys 16:49:37.0245 3748 intelppm - ok 16:49:37.0323 3748 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys 16:49:37.0338 3748 IpFilterDriver - ok 16:49:37.0526 3748 IpInIp - ok 16:49:37.0604 3748 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys 16:49:37.0604 3748 IPMIDRV - ok 16:49:37.0666 3748 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys 16:49:37.0666 3748 IPNAT - ok 16:49:37.0744 3748 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys 16:49:37.0760 3748 IRENUM - ok 16:49:37.0791 3748 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys 16:49:37.0806 3748 isapnp - ok 16:49:37.0838 3748 iScsiPrt (f247eec28317f6c739c16de420097301) C:\windows\system32\DRIVERS\msiscsi.sys 16:49:37.0853 3748 iScsiPrt - ok 16:49:37.0884 3748 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys 16:49:37.0900 3748 iteatapi - ok 16:49:38.0009 3748 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys 16:49:38.0009 3748 iteraid - ok 16:49:38.0118 3748 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys 16:49:38.0134 3748 kbdclass - ok 16:49:38.0196 3748 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\windows\system32\DRIVERS\kbdhid.sys 16:49:38.0196 3748 kbdhid - ok 16:49:38.0290 3748 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\windows\system32\Drivers\ksecdd.sys 16:49:38.0290 3748 KSecDD - ok 16:49:38.0384 3748 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys 16:49:38.0384 3748 lltdio - ok 16:49:38.0524 3748 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys 16:49:38.0524 3748 LSI_FC - ok 16:49:38.0602 3748 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys 16:49:38.0602 3748 LSI_SAS - ok 16:49:38.0664 3748 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys 16:49:38.0664 3748 LSI_SCSI - ok 16:49:38.0789 3748 luafv (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys 16:49:38.0789 3748 luafv - ok 16:49:38.0914 3748 massfilter (0b058116d3d4ecca7ded38f16e0581b2) C:\windows\system32\drivers\massfilter.sys 16:49:38.0914 3748 massfilter - ok 16:49:39.0242 3748 megasas (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys 16:49:39.0242 3748 megasas - ok 16:49:39.0507 3748 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys 16:49:39.0507 3748 MegaSR - ok 16:49:39.0667 3748 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys 16:49:39.0698 3748 Modem - ok 16:49:39.0820 3748 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys 16:49:39.0835 3748 monitor - ok 16:49:39.0882 3748 mouclass (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys 16:49:39.0884 3748 mouclass - ok 16:49:40.0014 3748 mouhid (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys 16:49:40.0017 3748 mouhid - ok 16:49:40.0085 3748 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys 16:49:40.0085 3748 MountMgr - ok 16:49:40.0131 3748 mpio (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys 16:49:40.0131 3748 mpio - ok 16:49:40.0194 3748 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys 16:49:40.0194 3748 mpsdrv - ok 16:49:40.0287 3748 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys 16:49:40.0287 3748 Mraid35x - ok 16:49:40.0771 3748 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\windows\system32\drivers\mrxdav.sys 16:49:40.0771 3748 MRxDAV - ok 16:49:40.0958 3748 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\windows\system32\DRIVERS\mrxsmb.sys 16:49:40.0974 3748 mrxsmb - ok 16:49:41.0099 3748 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\windows\system32\DRIVERS\mrxsmb10.sys 16:49:41.0099 3748 mrxsmb10 - ok 16:49:41.0192 3748 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\windows\system32\DRIVERS\mrxsmb20.sys 16:49:41.0208 3748 mrxsmb20 - ok 16:49:41.0333 3748 msahci (f70590424eefbf5c27a40c67afdb8383) C:\windows\system32\DRIVERS\msahci.sys 16:49:41.0333 3748 msahci - ok 16:49:41.0379 3748 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys 16:49:41.0379 3748 msdsm - ok 16:49:41.0520 3748 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys 16:49:41.0520 3748 Msfs - ok 16:49:41.0598 3748 msisadrv (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys 16:49:41.0598 3748 msisadrv - ok 16:49:41.0723 3748 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys 16:49:41.0723 3748 MSKSSRV - ok 16:49:41.0801 3748 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys 16:49:41.0801 3748 MSPCLOCK - ok 16:49:41.0941 3748 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys 16:49:41.0957 3748 MSPQM - ok 16:49:42.0035 3748 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\windows\system32\drivers\MsRPC.sys 16:49:42.0035 3748 MsRPC - ok 16:49:42.0081 3748 mssmbios (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys 16:49:42.0081 3748 mssmbios - ok 16:49:42.0206 3748 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys 16:49:42.0206 3748 MSTEE - ok 16:49:42.0378 3748 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\windows\system32\Drivers\mup.sys 16:49:42.0378 3748 Mup - ok 16:49:42.0503 3748 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\windows\system32\DRIVERS\nwifi.sys 16:49:42.0518 3748 NativeWifiP - ok 16:49:42.0659 3748 NDIS (c8560010a542b5dca94c62468dc20784) C:\windows\system32\drivers\ndis.sys 16:49:42.0674 3748 NDIS - ok 16:49:42.0752 3748 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys 16:49:42.0752 3748 NdisTapi - ok 16:49:42.0783 3748 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys 16:49:42.0783 3748 Ndisuio - ok 16:49:42.0846 3748 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\windows\system32\DRIVERS\ndiswan.sys 16:49:42.0846 3748 NdisWan - ok 16:49:42.0893 3748 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys 16:49:42.0893 3748 NDProxy - ok 16:49:42.0971 3748 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys 16:49:42.0971 3748 NetBIOS - ok 16:49:43.0033 3748 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\windows\system32\DRIVERS\netbt.sys 16:49:43.0033 3748 netbt - ok 16:49:43.0111 3748 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys 16:49:43.0111 3748 nfrd960 - ok 16:49:43.0158 3748 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\windows\system32\drivers\Npfs.sys 16:49:43.0158 3748 Npfs - ok 16:49:43.0251 3748 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys 16:49:43.0251 3748 nsiproxy - ok 16:49:43.0376 3748 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\windows\system32\drivers\Ntfs.sys 16:49:43.0392 3748 Ntfs - ok 16:49:43.0485 3748 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys 16:49:43.0501 3748 ntrigdigi - ok 16:49:43.0563 3748 Null (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys 16:49:43.0563 3748 Null - ok 16:49:43.0657 3748 nvraid (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys 16:49:43.0657 3748 nvraid - ok 16:49:43.0719 3748 nvstor (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys 16:49:43.0719 3748 nvstor - ok 16:49:43.0829 3748 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys 16:49:43.0844 3748 nv_agp - ok 16:49:43.0891 3748 NwlnkFlt - ok 16:49:43.0938 3748 NwlnkFwd - ok 16:49:44.0063 3748 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\windows\system32\DRIVERS\ohci1394.sys 16:49:44.0063 3748 ohci1394 - ok 16:49:44.0527 3748 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\windows\system32\DRIVERS\parport.sys 16:49:44.0527 3748 Parport - ok 16:49:44.0808 3748 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\windows\system32\drivers\partmgr.sys 16:49:44.0808 3748 partmgr - ok 16:49:45.0120 3748 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\windows\system32\DRIVERS\parvdm.sys 16:49:45.0135 3748 Parvdm - ok 16:49:45.0291 3748 pci (01b94418deb235dff777cc80076354b4) C:\windows\system32\drivers\pci.sys 16:49:45.0291 3748 pci - ok 16:49:45.0478 3748 pciide (fc175f5ddab666d7f4d17449a547626f) C:\windows\system32\drivers\pciide.sys 16:49:45.0478 3748 pciide - ok 16:49:45.0556 3748 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\windows\system32\DRIVERS\pcmcia.sys 16:49:45.0572 3748 pcmcia - ok 16:49:46.0009 3748 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys 16:49:46.0009 3748 PEAUTH - ok 16:49:46.0305 3748 PersonalSecureDrive (91f90ac06d40a9bada14047c02e6c592) C:\windows\System32\drivers\psd.sys 16:49:46.0305 3748 PersonalSecureDrive - ok 16:49:46.0570 3748 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys 16:49:46.0570 3748 PptpMiniport - ok 16:49:46.0617 3748 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\DRIVERS\processr.sys 16:49:46.0633 3748 Processor - ok 16:49:46.0680 3748 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\windows\system32\DRIVERS\pacer.sys 16:49:46.0680 3748 PSched - ok 16:49:46.0773 3748 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\windows\system32\Drivers\PxHelp20.sys 16:49:46.0773 3748 PxHelp20 - ok 16:49:46.0898 3748 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys 16:49:46.0914 3748 ql2300 - ok 16:49:46.0992 3748 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys 16:49:46.0992 3748 ql40xx - ok 16:49:47.0054 3748 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys 16:49:47.0054 3748 QWAVEdrv - ok 16:49:47.0085 3748 RasAcd (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys 16:49:47.0085 3748 RasAcd - ok 16:49:47.0163 3748 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys 16:49:47.0179 3748 Rasl2tp - ok 16:49:47.0272 3748 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\windows\system32\DRIVERS\raspppoe.sys 16:49:47.0272 3748 RasPppoe - ok 16:49:47.0382 3748 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\windows\system32\DRIVERS\rassstp.sys 16:49:47.0382 3748 RasSstp - ok 16:49:47.0694 3748 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\windows\system32\DRIVERS\rdbss.sys 16:49:47.0694 3748 rdbss - ok 16:49:47.0756 3748 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys 16:49:47.0756 3748 RDPCDD - ok 16:49:47.0896 3748 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\windows\system32\DRIVERS\rdpdr.sys 16:49:47.0912 3748 rdpdr - ok 16:49:48.0068 3748 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys 16:49:48.0068 3748 RDPENCDD - ok 16:49:48.0130 3748 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\windows\system32\drivers\RDPWD.sys 16:49:48.0130 3748 RDPWD - ok 16:49:48.0240 3748 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\windows\system32\DRIVERS\rfcomm.sys 16:49:48.0240 3748 RFCOMM - ok 16:49:48.0396 3748 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys 16:49:48.0396 3748 rspndr - ok 16:49:48.0474 3748 RsvLock (07b7213ba5d87f19bc9f1dd3dd2619f2) C:\windows\system32\drivers\RsvLock.sys 16:49:48.0474 3748 RsvLock - ok 16:49:48.0505 3748 SafeBoot (fbd8bfd3faf7691f1f1053270af176d6) C:\windows\system32\drivers\SafeBoot.sys 16:49:48.0505 3748 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: fbd8bfd3faf7691f1f1053270af176d6 16:49:48.0505 3748 SafeBoot ( LockedFile.Multi.Generic ) - warning 16:49:48.0505 3748 SafeBoot - detected LockedFile.Multi.Generic (1) 16:49:48.0598 3748 SbAlg (7852168088eb0022a37d0217788ab639) C:\windows\system32\drivers\SbAlg.sys 16:49:48.0598 3748 SbAlg - ok 16:49:48.0661 3748 SbFsLock (f80c0ce3d911b35d6ffe0bd8af608ce6) C:\windows\system32\drivers\SbFsLock.sys 16:49:48.0661 3748 SbFsLock - ok 16:49:48.0739 3748 sbp2port (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys 16:49:48.0739 3748 sbp2port - ok 16:49:48.0801 3748 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 16:49:48.0801 3748 secdrv - ok 16:49:48.0895 3748 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\windows\system32\DRIVERS\serenum.sys 16:49:48.0895 3748 Serenum - ok 16:49:49.0051 3748 Serial (6d663022db3e7058907784ae14b69898) C:\windows\system32\DRIVERS\serial.sys 16:49:49.0051 3748 Serial - ok 16:49:49.0191 3748 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys 16:49:49.0191 3748 sermouse - ok 16:49:49.0378 3748 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys 16:49:49.0394 3748 sffdisk - ok 16:49:49.0566 3748 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys 16:49:49.0566 3748 sffp_mmc - ok 16:49:49.0675 3748 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys 16:49:49.0675 3748 sffp_sd - ok 16:49:49.0753 3748 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\windows\system32\drivers\sfloppy.sys 16:49:49.0753 3748 sfloppy - ok 16:49:49.0878 3748 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys 16:49:49.0878 3748 sisagp - ok 16:49:49.0956 3748 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys 16:49:49.0956 3748 SiSRaid2 - ok 16:49:49.0987 3748 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys 16:49:49.0987 3748 SiSRaid4 - ok 16:49:50.0096 3748 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\windows\system32\DRIVERS\smb.sys 16:49:50.0096 3748 Smb - ok 16:49:50.0361 3748 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\windows\system32\DRIVERS\snp2uvc.sys 16:49:50.0376 3748 SNP2UVC - ok 16:49:50.0497 3748 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys 16:49:50.0499 3748 spldr - ok 16:49:50.0738 3748 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\windows\system32\Drivers\sptd.sys 16:49:50.0738 3748 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e 16:49:50.0738 3748 sptd ( LockedFile.Multi.Generic ) - warning 16:49:50.0738 3748 sptd - detected LockedFile.Multi.Generic (1) 16:49:50.0894 3748 srv (2252aef839b1093d16761189f45af885) C:\windows\system32\DRIVERS\srv.sys 16:49:50.0894 3748 srv - ok 16:49:51.0004 3748 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\windows\system32\DRIVERS\srv2.sys 16:49:51.0004 3748 srv2 - ok 16:49:51.0534 3748 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\windows\system32\DRIVERS\srvnet.sys 16:49:51.0534 3748 srvnet - ok 16:49:51.0659 3748 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\windows\system32\DRIVERS\ssmdrv.sys 16:49:51.0659 3748 ssmdrv - ok 16:49:51.0830 3748 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys 16:49:51.0830 3748 swenum - ok 16:49:51.0971 3748 Symc8xx (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys 16:49:51.0971 3748 Symc8xx - ok 16:49:52.0033 3748 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys 16:49:52.0033 3748 Sym_hi - ok 16:49:52.0080 3748 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys 16:49:52.0080 3748 Sym_u3 - ok 16:49:52.0298 3748 SynTP (f5d926807bd9bc0af68f9376144de425) C:\windows\system32\DRIVERS\SynTP.sys 16:49:52.0314 3748 SynTP - ok 16:49:52.0532 3748 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\windows\system32\drivers\tcpip.sys 16:49:52.0532 3748 Tcpip - ok 16:49:52.0657 3748 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\windows\system32\DRIVERS\tcpip.sys 16:49:52.0657 3748 Tcpip6 - ok 16:49:52.0766 3748 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\windows\system32\drivers\tcpipreg.sys 16:49:52.0766 3748 tcpipreg - ok 16:49:52.0860 3748 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys 16:49:52.0876 3748 TDPIPE - ok 16:49:52.0954 3748 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys 16:49:52.0954 3748 TDTCP - ok 16:49:53.0094 3748 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\windows\system32\DRIVERS\tdx.sys 16:49:53.0094 3748 tdx - ok 16:49:53.0219 3748 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\windows\system32\DRIVERS\termdd.sys 16:49:53.0219 3748 TermDD - ok 16:49:53.0344 3748 TPM (cb258c2f726f1be73c507022be33ebb3) C:\windows\system32\drivers\tpm.sys 16:49:53.0344 3748 TPM - ok 16:49:53.0484 3748 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys 16:49:53.0484 3748 tssecsrv - ok 16:49:53.0609 3748 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys 16:49:53.0609 3748 tunmp - ok 16:49:53.0749 3748 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\windows\system32\DRIVERS\tunnel.sys 16:49:53.0749 3748 tunnel - ok 16:49:53.0843 3748 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys 16:49:53.0843 3748 uagp35 - ok 16:49:54.0014 3748 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\windows\system32\DRIVERS\udfs.sys 16:49:54.0014 3748 udfs - ok 16:49:54.0108 3748 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys 16:49:54.0108 3748 uliagpkx - ok 16:49:54.0233 3748 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys 16:49:54.0233 3748 uliahci - ok 16:49:54.0326 3748 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys 16:49:54.0326 3748 UlSata - ok 16:49:54.0436 3748 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys 16:49:54.0451 3748 ulsata2 - ok 16:49:54.0514 3748 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys 16:49:54.0514 3748 umbus - ok 16:49:54.0950 3748 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys 16:49:54.0950 3748 usbccgp - ok 16:49:55.0044 3748 usbcir (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys 16:49:55.0044 3748 usbcir - ok 16:49:55.0153 3748 usbehci (cebe90821810e76320155beba722fcf9) C:\windows\system32\DRIVERS\usbehci.sys 16:49:55.0153 3748 usbehci - ok 16:49:55.0200 3748 usbhub (cc6b28e4ce39951357963119ce47b143) C:\windows\system32\DRIVERS\usbhub.sys 16:49:55.0200 3748 usbhub - ok 16:49:55.0278 3748 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\windows\system32\DRIVERS\usbohci.sys 16:49:55.0278 3748 usbohci - ok 16:49:55.0496 3748 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\windows\system32\DRIVERS\usbprint.sys 16:49:55.0496 3748 usbprint - ok 16:49:55.0590 3748 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\windows\system32\DRIVERS\USBSTOR.SYS 16:49:55.0590 3748 USBSTOR - ok 16:49:55.0684 3748 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys 16:49:55.0684 3748 usbuhci - ok 16:49:55.0793 3748 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\windows\system32\Drivers\usbvideo.sys 16:49:55.0808 3748 usbvideo - ok 16:49:55.0902 3748 vga (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys 16:49:55.0902 3748 vga - ok 16:49:55.0980 3748 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys 16:49:55.0980 3748 VgaSave - ok 16:49:56.0042 3748 viaagp (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys 16:49:56.0042 3748 viaagp - ok 16:49:56.0495 3748 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys 16:49:56.0510 3748 ViaC7 - ok 16:49:56.0822 3748 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys 16:49:56.0822 3748 viaide - ok 16:49:56.0994 3748 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys 16:49:56.0994 3748 volmgr - ok 16:49:57.0072 3748 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\windows\system32\drivers\volmgrx.sys 16:49:57.0072 3748 volmgrx - ok 16:49:57.0306 3748 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\windows\system32\drivers\volsnap.sys 16:49:57.0306 3748 volsnap - ok 16:49:57.0446 3748 vsmraid (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys 16:49:57.0446 3748 vsmraid - ok 16:49:57.0524 3748 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys 16:49:57.0540 3748 WacomPen - ok 16:49:57.0618 3748 Wanarp (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys 16:49:57.0618 3748 Wanarp - ok 16:49:57.0634 3748 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys 16:49:57.0634 3748 Wanarpv6 - ok 16:49:57.0774 3748 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys 16:49:57.0774 3748 Wd - ok 16:49:57.0852 3748 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\windows\system32\drivers\Wdf01000.sys 16:49:57.0852 3748 Wdf01000 - ok 16:49:57.0977 3748 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys 16:49:57.0977 3748 WmiAcpi - ok 16:49:58.0102 3748 WpdUsb (0cec23084b51b8288099eb710224e955) C:\windows\system32\DRIVERS\wpdusb.sys 16:49:58.0102 3748 WpdUsb - ok 16:49:58.0242 3748 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys 16:49:58.0242 3748 ws2ifsl - ok 16:49:58.0398 3748 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\windows\system32\DRIVERS\WUDFRd.sys 16:49:58.0414 3748 WUDFRd - ok 16:49:58.0554 3748 ZTEusbmdm6k (d1d32a7fb32603f922f233f86a019c9f) C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys 16:49:58.0554 3748 ZTEusbmdm6k - ok 16:49:58.0601 3748 ZTEusbnmea (d1d32a7fb32603f922f233f86a019c9f) C:\windows\system32\DRIVERS\ZTEusbnmea.sys 16:49:58.0616 3748 ZTEusbnmea - ok 16:49:58.0726 3748 ZTEusbser6k (d1d32a7fb32603f922f233f86a019c9f) C:\windows\system32\DRIVERS\ZTEusbser6k.sys 16:49:58.0726 3748 ZTEusbser6k - ok 16:49:58.0819 3748 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 16:49:58.0835 3748 \Device\Harddisk0\DR0 - ok 16:49:58.0835 3748 Boot (0x1200) (e06ce281df9368d01d079c4532520910) \Device\Harddisk0\DR0\Partition0 16:49:58.0835 3748 \Device\Harddisk0\DR0\Partition0 - ok 16:49:58.0882 3748 Boot (0x1200) (1c972325936f2e5c1e07616c49066a87) \Device\Harddisk0\DR0\Partition1 16:49:58.0882 3748 \Device\Harddisk0\DR0\Partition1 - ok 16:49:58.0897 3748 Boot (0x1200) (4aa5e94b01fe139b0228a83af7bf7431) \Device\Harddisk0\DR0\Partition2 16:49:58.0897 3748 \Device\Harddisk0\DR0\Partition2 - ok 16:49:58.0897 3748 ============================================================ 16:49:58.0897 3748 Scan finished 16:49:58.0897 3748 ============================================================ 16:49:58.0928 2812 Detected object count: 2 16:49:58.0928 2812 Actual detected object count: 2 16:51:25.0707 2812 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user 16:51:25.0707 2812 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip 16:51:25.0722 2812 sptd ( LockedFile.Multi.Generic ) - skipped by user 16:51:25.0722 2812 sptd ( LockedFile.Multi.Generic ) - User select action: Skip |
|
15.11.2011, 17:03
| #15 |
| /// Malware-holic | Google Links funktionieren nicht mehr wie siehts mit google aus?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Google Links funktionieren nicht mehr |
| 32 bit, 32-bit, adobe, alternate, antivir, autorun, avira, bho, browser, c:\windows\system32\rundll32.exe, converter, defender, error, excel, excel.exe, explorer, failed, format, google, google earth, helper, install.exe, launch, logfile, microsoft office word, ntdll.dll, office 2007, otl-datei, plug-in, problem, rundll, scan, security, security update, software, svchost.exe, temp, udp, version=1.0, vista |
Linear-Darstellung
