| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: files indexation process failedWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.03.2012, 00:04
| #1 |
 |  files indexation process failed Hallo, ich habe mir einenn Virus eingefangen. Es blinkten eine Menge von Meldungen auf die besagten: Hard drive clusters are partly damaged Windows - Delayed Write Failed Critical Error Außerdem ist mein kompletter Desktop leer und das Startmenü ist nicht mehr zu sehen. Habe das Problem gegoogelt und auf der Seite mcafee.com. folgende Anweisungen befolgt: 1) Habe Rootkit TDSSKiller laufen lassen. 2)Habe Malwarebytes laufen lassen, danach waren die Fehlermeldungen weg, der Desktop ist immer noch schwarz, das Startmenü ist nicht wieder da. 3) Habe mit der Systemwiederherstellung einen Herstellungspunkt vom 18.02.2012 gewählt. Es ist noch keine Besserung eingetreten. logfile tdsskiller 21.03.2012 00.23 Code:
ATTFilter 00:22:20.0309 1712 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
00:22:20.0449 1712 ============================================================
00:22:20.0449 1712 Current date / time: 2012/03/21 00:22:20.0449
00:22:20.0449 1712 SystemInfo:
00:22:20.0449 1712
00:22:20.0449 1712 OS Version: 6.0.6002 ServicePack: 2.0
00:22:20.0449 1712 Product type: Workstation
00:22:20.0449 1712 ComputerName: YVONNE-PC
00:22:20.0451 1712 UserName: Yvonne
00:22:20.0451 1712 Windows directory: C:\Windows
00:22:20.0451 1712 System windows directory: C:\Windows
00:22:20.0451 1712 Processor architecture: Intel x86
00:22:20.0451 1712 Number of processors: 2
00:22:20.0451 1712 Page size: 0x1000
00:22:20.0451 1712 Boot type: Normal boot
00:22:20.0451 1712 ============================================================
00:22:21.0764 1712 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:22:21.0768 1712 \Device\Harddisk0\DR0:
00:22:21.0769 1712 MBR used
00:22:21.0769 1712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x12D50800
00:22:21.0769 1712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1303F000, BlocksNum 0x123EF800
00:22:21.0887 1712 Initialize success
00:22:21.0887 1712 ============================================================
00:22:33.0130 4268 ============================================================
00:22:33.0130 4268 Scan started
00:22:33.0131 4268 Mode: Manual;
00:22:33.0131 4268 ============================================================
00:22:34.0353 4268 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:22:34.0362 4268 ACPI - ok
00:22:34.0437 4268 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:22:34.0450 4268 adp94xx - ok
00:22:34.0580 4268 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:22:34.0586 4268 adpahci - ok
00:22:34.0630 4268 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:22:34.0633 4268 adpu160m - ok
00:22:34.0760 4268 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:22:34.0763 4268 adpu320 - ok
00:22:34.0843 4268 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:22:34.0853 4268 AFD - ok
00:22:34.0960 4268 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:22:34.0962 4268 agp440 - ok
00:22:34.0995 4268 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:22:34.0997 4268 aic78xx - ok
00:22:35.0098 4268 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:22:35.0099 4268 aliide - ok
00:22:35.0134 4268 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:22:35.0136 4268 amdagp - ok
00:22:35.0162 4268 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:22:35.0163 4268 amdide - ok
00:22:35.0302 4268 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:22:35.0303 4268 AmdK7 - ok
00:22:35.0340 4268 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:22:35.0341 4268 AmdK8 - ok
00:22:35.0444 4268 ApfiltrService (45f47f79ad3f587a334345fd2969354b) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:22:35.0453 4268 ApfiltrService - ok
00:22:35.0517 4268 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:22:35.0521 4268 arc - ok
00:22:35.0609 4268 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:22:35.0610 4268 arcsas - ok
00:22:35.0674 4268 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:22:35.0675 4268 AsyncMac - ok
00:22:35.0777 4268 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:22:35.0779 4268 atapi - ok
00:22:35.0952 4268 atikmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
00:22:36.0070 4268 atikmdag - ok
00:22:36.0186 4268 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
00:22:36.0189 4268 AtiPcie - ok
00:22:36.0245 4268 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
00:22:36.0248 4268 avgntflt - ok
00:22:36.0457 4268 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
00:22:36.0461 4268 avipbb - ok
00:22:36.0550 4268 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
00:22:36.0553 4268 avkmgr - ok
00:22:36.0599 4268 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:22:36.0602 4268 Beep - ok
00:22:36.0721 4268 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:22:36.0723 4268 blbdrive - ok
00:22:36.0833 4268 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:22:36.0837 4268 bowser - ok
00:22:36.0938 4268 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:22:36.0940 4268 BrFiltLo - ok
00:22:37.0045 4268 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:22:37.0048 4268 BrFiltUp - ok
00:22:37.0143 4268 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:22:37.0144 4268 Brserid - ok
00:22:37.0220 4268 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:22:37.0222 4268 BrSerWdm - ok
00:22:37.0291 4268 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:22:37.0293 4268 BrUsbMdm - ok
00:22:37.0577 4268 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:22:37.0580 4268 BrUsbSer - ok
00:22:37.0675 4268 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:22:37.0677 4268 BTHMODEM - ok
00:22:37.0762 4268 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:22:37.0767 4268 cdfs - ok
00:22:37.0861 4268 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:22:37.0864 4268 cdrom - ok
00:22:37.0924 4268 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:22:37.0928 4268 circlass - ok
00:22:38.0058 4268 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:22:38.0066 4268 CLFS - ok
00:22:38.0150 4268 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:22:38.0153 4268 CmBatt - ok
00:22:38.0309 4268 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:22:38.0310 4268 cmdide - ok
00:22:38.0379 4268 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
00:22:38.0390 4268 CnxtHdAudService - ok
00:22:38.0466 4268 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:22:38.0469 4268 Compbatt - ok
00:22:38.0537 4268 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:22:38.0540 4268 crcdisk - ok
00:22:38.0579 4268 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:22:38.0581 4268 Crusoe - ok
00:22:38.0722 4268 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:22:38.0726 4268 DfsC - ok
00:22:38.0782 4268 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:22:38.0784 4268 disk - ok
00:22:38.0968 4268 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:22:38.0969 4268 drmkaud - ok
00:22:39.0126 4268 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:22:39.0146 4268 DXGKrnl - ok
00:22:39.0274 4268 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:22:39.0279 4268 E1G60 - ok
00:22:39.0370 4268 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:22:39.0379 4268 Ecache - ok
00:22:39.0548 4268 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:22:39.0555 4268 elxstor - ok
00:22:39.0689 4268 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:22:39.0694 4268 ErrDev - ok
00:22:39.0823 4268 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:22:39.0881 4268 exfat - ok
00:22:40.0010 4268 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:22:40.0047 4268 fastfat - ok
00:22:40.0253 4268 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:22:40.0254 4268 fdc - ok
00:22:40.0346 4268 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:22:40.0350 4268 FileInfo - ok
00:22:40.0411 4268 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:22:40.0413 4268 Filetrace - ok
00:22:40.0498 4268 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:22:40.0500 4268 flpydisk - ok
00:22:40.0585 4268 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:22:40.0596 4268 FltMgr - ok
00:22:40.0701 4268 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:22:40.0705 4268 Fs_Rec - ok
00:22:40.0759 4268 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:22:40.0763 4268 gagp30kx - ok
00:22:40.0812 4268 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:22:40.0817 4268 GEARAspiWDM - ok
00:22:40.0913 4268 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
00:22:40.0927 4268 HdAudAddService - ok
00:22:41.0005 4268 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:22:41.0021 4268 HDAudBus - ok
00:22:41.0087 4268 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:22:41.0088 4268 HidBth - ok
00:22:41.0225 4268 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:22:41.0226 4268 HidIr - ok
00:22:41.0308 4268 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:22:41.0310 4268 HidUsb - ok
00:22:41.0402 4268 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:22:41.0404 4268 HpCISSs - ok
00:22:41.0473 4268 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:22:41.0503 4268 HSF_DPV - ok
00:22:41.0605 4268 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:22:41.0611 4268 HSXHWAZL - ok
00:22:41.0664 4268 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:22:41.0676 4268 HTTP - ok
00:22:41.0794 4268 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:22:41.0796 4268 i2omp - ok
00:22:41.0841 4268 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:22:41.0845 4268 i8042prt - ok
00:22:41.0892 4268 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:22:41.0901 4268 iaStorV - ok
00:22:42.0133 4268 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:22:42.0135 4268 iirsp - ok
00:22:42.0257 4268 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:22:42.0258 4268 intelide - ok
00:22:42.0320 4268 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:22:42.0321 4268 intelppm - ok
00:22:42.0442 4268 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:22:42.0444 4268 IpFilterDriver - ok
00:22:42.0468 4268 IpInIp - ok
00:22:42.0513 4268 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:22:42.0514 4268 IPMIDRV - ok
00:22:42.0818 4268 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:22:42.0821 4268 IPNAT - ok
00:22:42.0919 4268 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:22:42.0921 4268 IRENUM - ok
00:22:42.0986 4268 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:22:42.0988 4268 isapnp - ok
00:22:43.0058 4268 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:22:43.0067 4268 iScsiPrt - ok
00:22:43.0198 4268 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:22:43.0200 4268 iteatapi - ok
00:22:43.0252 4268 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:22:43.0255 4268 iteraid - ok
00:22:43.0384 4268 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:22:43.0390 4268 kbdclass - ok
00:22:43.0442 4268 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
00:22:43.0444 4268 kbdhid - ok
00:22:43.0555 4268 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
00:22:43.0567 4268 KSecDD - ok
00:22:43.0628 4268 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:22:43.0631 4268 lltdio - ok
00:22:43.0770 4268 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:22:43.0772 4268 LSI_FC - ok
00:22:43.0800 4268 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:22:43.0802 4268 LSI_SAS - ok
00:22:43.0945 4268 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:22:43.0946 4268 LSI_SCSI - ok
00:22:44.0005 4268 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:22:44.0010 4268 luafv - ok
00:22:44.0198 4268 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:22:44.0202 4268 mdmxsdk - ok
00:22:44.0241 4268 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:22:44.0243 4268 megasas - ok
00:22:44.0347 4268 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:22:44.0354 4268 MegaSR - ok
00:22:44.0474 4268 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
00:22:44.0482 4268 mfeavfk - ok
00:22:44.0524 4268 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
00:22:44.0526 4268 mfebopk - ok
00:22:44.0646 4268 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
00:22:44.0658 4268 mfehidk - ok
00:22:44.0737 4268 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
00:22:44.0741 4268 mferkdk - ok
00:22:44.0844 4268 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
00:22:44.0847 4268 mfesmfk - ok
00:22:44.0913 4268 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:22:44.0916 4268 Modem - ok
00:22:45.0150 4268 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:22:45.0158 4268 monitor - ok
00:22:45.0268 4268 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:22:45.0272 4268 mouclass - ok
00:22:45.0329 4268 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:22:45.0332 4268 mouhid - ok
00:22:45.0414 4268 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:22:45.0417 4268 MountMgr - ok
00:22:45.0456 4268 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys
00:22:45.0460 4268 MPFP - ok
00:22:45.0668 4268 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:22:45.0671 4268 mpio - ok
00:22:45.0766 4268 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:22:45.0773 4268 mpsdrv - ok
00:22:45.0840 4268 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:22:45.0843 4268 Mraid35x - ok
00:22:45.0964 4268 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:22:45.0973 4268 MRxDAV - ok
00:22:46.0054 4268 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:22:46.0058 4268 mrxsmb - ok
00:22:46.0200 4268 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:22:46.0208 4268 mrxsmb10 - ok
00:22:46.0346 4268 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:22:46.0351 4268 mrxsmb20 - ok
00:22:46.0408 4268 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
00:22:46.0409 4268 msahci - ok
00:22:46.0532 4268 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:22:46.0537 4268 msdsm - ok
00:22:46.0597 4268 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:22:46.0601 4268 Msfs - ok
00:22:46.0696 4268 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:22:46.0700 4268 msisadrv - ok
00:22:46.0782 4268 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:22:46.0784 4268 MSKSSRV - ok
00:22:46.0876 4268 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:22:46.0877 4268 MSPCLOCK - ok
00:22:46.0914 4268 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:22:46.0915 4268 MSPQM - ok
00:22:46.0969 4268 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:22:46.0974 4268 MsRPC - ok
00:22:47.0101 4268 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:22:47.0103 4268 mssmbios - ok
00:22:47.0177 4268 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:22:47.0179 4268 MSTEE - ok
00:22:47.0304 4268 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:22:47.0308 4268 Mup - ok
00:22:47.0396 4268 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:22:47.0401 4268 NativeWifiP - ok
00:22:47.0523 4268 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:22:47.0537 4268 NDIS - ok
00:22:47.0619 4268 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:22:47.0621 4268 NdisTapi - ok
00:22:47.0658 4268 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:22:47.0661 4268 Ndisuio - ok
00:22:47.0758 4268 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:22:47.0858 4268 NdisWan - ok
00:22:48.0137 4268 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:22:48.0141 4268 NDProxy - ok
00:22:48.0221 4268 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:22:48.0224 4268 NetBIOS - ok
00:22:48.0330 4268 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:22:48.0340 4268 netbt - ok
00:22:48.0494 4268 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:22:48.0497 4268 nfrd960 - ok
00:22:48.0570 4268 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:22:48.0573 4268 Npfs - ok
00:22:48.0669 4268 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:22:48.0673 4268 nsiproxy - ok
00:22:48.0782 4268 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:22:48.0816 4268 Ntfs - ok
00:22:48.0990 4268 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:22:48.0992 4268 ntrigdigi - ok
00:22:49.0178 4268 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:22:49.0182 4268 Null - ok
00:22:49.0385 4268 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:22:49.0387 4268 nvraid - ok
00:22:49.0488 4268 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:22:49.0492 4268 nvstor - ok
00:22:49.0559 4268 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:22:49.0571 4268 nv_agp - ok
00:22:49.0594 4268 NwlnkFlt - ok
00:22:49.0626 4268 NwlnkFwd - ok
00:22:49.0706 4268 O2MDRDR (78575368974962042472f18b24d3cf28) C:\Windows\system32\DRIVERS\o2media.sys
00:22:49.0709 4268 O2MDRDR - ok
00:22:49.0936 4268 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:22:49.0940 4268 ohci1394 - ok
00:22:50.0092 4268 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:22:50.0095 4268 Parport - ok
00:22:50.0179 4268 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:22:50.0184 4268 partmgr - ok
00:22:50.0299 4268 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:22:50.0301 4268 Parvdm - ok
00:22:50.0386 4268 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:22:50.0393 4268 pci - ok
00:22:50.0483 4268 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:22:50.0487 4268 pciide - ok
00:22:50.0542 4268 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:22:50.0547 4268 pcmcia - ok
00:22:50.0669 4268 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
00:22:50.0672 4268 PCTBD - ok
00:22:50.0937 4268 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
00:22:50.0952 4268 PCTCore - ok
00:22:51.0021 4268 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
00:22:51.0036 4268 pctDS - ok
00:22:51.0184 4268 pctEFA (653d8079cc000ec454789740a07b84a8) C:\Windows\system32\drivers\pctEFA.sys
00:22:51.0211 4268 pctEFA - ok
00:22:51.0344 4268 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\Windows\system32\Drivers\PCTSD.sys
00:22:51.0360 4268 PCTSD - ok
00:22:51.0635 4268 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:22:51.0664 4268 PEAUTH - ok
00:22:51.0895 4268 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:22:51.0898 4268 PptpMiniport - ok
00:22:51.0925 4268 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
00:22:51.0927 4268 Processor - ok
00:22:51.0992 4268 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:22:51.0995 4268 PSched - ok
00:22:52.0085 4268 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
00:22:52.0088 4268 PxHelp20 - ok
00:22:52.0131 4268 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
00:22:52.0134 4268 QIOMem - ok
00:22:52.0268 4268 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:22:52.0286 4268 ql2300 - ok
00:22:52.0392 4268 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:22:52.0395 4268 ql40xx - ok
00:22:52.0436 4268 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:22:52.0438 4268 QWAVEdrv - ok
00:22:52.0554 4268 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:22:52.0557 4268 RasAcd - ok
00:22:52.0610 4268 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:22:52.0615 4268 Rasl2tp - ok
00:22:52.0688 4268 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:22:52.0691 4268 RasPppoe - ok
00:22:52.0834 4268 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:22:52.0836 4268 RasSstp - ok
00:22:52.0895 4268 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:22:52.0902 4268 rdbss - ok
00:22:52.0994 4268 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:22:52.0996 4268 RDPCDD - ok
00:22:53.0041 4268 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:22:53.0044 4268 rdpdr - ok
00:22:53.0329 4268 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:22:53.0332 4268 RDPENCDD - ok
00:22:53.0472 4268 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
00:22:53.0516 4268 RDPWD - ok
00:22:53.0799 4268 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:22:53.0802 4268 rspndr - ok
00:22:53.0983 4268 RTL8187B (5139a6c37c2d854e7b0ee6fa1f93ccda) C:\Windows\system32\DRIVERS\RTL8187B.sys
00:22:53.0993 4268 RTL8187B - ok
00:22:54.0091 4268 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
00:22:54.0095 4268 RtlProt - ok
00:22:54.0157 4268 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:22:54.0159 4268 sbp2port - ok
00:22:54.0272 4268 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
00:22:54.0277 4268 sdbus - ok
00:22:54.0372 4268 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:22:54.0376 4268 secdrv - ok
00:22:54.0481 4268 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
00:22:54.0484 4268 seehcri - ok
00:22:54.0589 4268 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:22:54.0591 4268 Serenum - ok
00:22:54.0687 4268 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:22:54.0690 4268 Serial - ok
00:22:54.0776 4268 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:22:54.0778 4268 sermouse - ok
00:22:54.0928 4268 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:22:54.0929 4268 sffdisk - ok
00:22:55.0169 4268 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:22:55.0171 4268 sffp_mmc - ok
00:22:55.0345 4268 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:22:55.0349 4268 sffp_sd - ok
00:22:55.0442 4268 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:22:55.0446 4268 sfloppy - ok
00:22:55.0573 4268 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:22:55.0578 4268 sisagp - ok
00:22:55.0658 4268 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:22:55.0660 4268 SiSRaid2 - ok
00:22:55.0708 4268 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:22:55.0711 4268 SiSRaid4 - ok
00:22:55.0862 4268 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:22:55.0919 4268 Smb - ok
00:22:56.0155 4268 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:22:56.0158 4268 spldr - ok
00:22:56.0402 4268 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
00:22:56.0403 4268 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
00:22:56.0418 4268 sptd ( LockedFile.Multi.Generic ) - warning
00:22:56.0418 4268 sptd - detected LockedFile.Multi.Generic (1)
00:22:56.0670 4268 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:22:56.0685 4268 srv - ok
00:22:56.0870 4268 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:22:56.0882 4268 srv2 - ok
00:22:57.0089 4268 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:22:57.0097 4268 srvnet - ok
00:22:57.0221 4268 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:22:57.0228 4268 ssmdrv - ok
00:22:57.0297 4268 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:22:57.0305 4268 swenum - ok
00:22:57.0441 4268 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:22:57.0442 4268 Symc8xx - ok
00:22:57.0470 4268 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:22:57.0471 4268 Sym_hi - ok
00:22:57.0500 4268 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:22:57.0502 4268 Sym_u3 - ok
00:22:57.0756 4268 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
00:22:57.0780 4268 Tcpip - ok
00:22:57.0949 4268 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
00:22:57.0964 4268 Tcpip6 - ok
00:22:58.0106 4268 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:22:58.0110 4268 tcpipreg - ok
00:22:58.0174 4268 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
00:22:58.0178 4268 tdcmdpst - ok
00:22:58.0303 4268 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:22:58.0305 4268 TDPIPE - ok
00:22:58.0558 4268 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:22:58.0563 4268 TDTCP - ok
00:22:58.0694 4268 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:22:58.0702 4268 tdx - ok
00:22:58.0765 4268 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:22:58.0772 4268 TermDD - ok
00:22:58.0946 4268 Tosrfcom - ok
00:22:59.0006 4268 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
00:22:59.0012 4268 tosrfec - ok
00:22:59.0069 4268 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
00:22:59.0086 4268 tos_sps32 - ok
00:22:59.0231 4268 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:22:59.0234 4268 tssecsrv - ok
00:22:59.0276 4268 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:22:59.0282 4268 tunmp - ok
00:22:59.0354 4268 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:22:59.0358 4268 tunnel - ok
00:22:59.0478 4268 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
00:22:59.0482 4268 TVALZ - ok
00:22:59.0540 4268 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:22:59.0543 4268 uagp35 - ok
00:22:59.0705 4268 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:22:59.0710 4268 udfs - ok
00:22:59.0844 4268 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:22:59.0845 4268 uliagpkx - ok
00:22:59.0897 4268 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:22:59.0902 4268 uliahci - ok
00:23:00.0004 4268 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:23:00.0006 4268 UlSata - ok
00:23:00.0057 4268 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:23:00.0059 4268 ulsata2 - ok
00:23:00.0102 4268 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:23:00.0106 4268 umbus - ok
00:23:00.0239 4268 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:23:00.0244 4268 usbccgp - ok
00:23:00.0289 4268 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:23:00.0294 4268 usbcir - ok
00:23:00.0354 4268 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:23:00.0359 4268 usbehci - ok
00:23:00.0449 4268 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:23:00.0456 4268 usbhub - ok
00:23:00.0499 4268 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
00:23:00.0503 4268 usbohci - ok
00:23:00.0606 4268 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
00:23:00.0607 4268 usbprint - ok
00:23:00.0691 4268 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:23:00.0693 4268 USBSTOR - ok
00:23:00.0969 4268 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:23:00.0973 4268 usbuhci - ok
00:23:01.0125 4268 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
00:23:01.0132 4268 usbvideo - ok
00:23:01.0238 4268 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
00:23:01.0243 4268 UVCFTR - ok
00:23:01.0371 4268 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:23:01.0377 4268 vga - ok
00:23:01.0439 4268 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:23:01.0444 4268 VgaSave - ok
00:23:01.0494 4268 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:23:01.0496 4268 viaagp - ok
00:23:01.0572 4268 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:23:01.0576 4268 ViaC7 - ok
00:23:01.0661 4268 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:23:01.0662 4268 viaide - ok
00:23:01.0699 4268 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:23:01.0700 4268 volmgr - ok
00:23:01.0843 4268 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:23:01.0846 4268 volmgrx - ok
00:23:01.0941 4268 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:23:01.0949 4268 volsnap - ok
00:23:02.0026 4268 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:23:02.0028 4268 vsmraid - ok
00:23:02.0119 4268 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:23:02.0121 4268 WacomPen - ok
00:23:02.0155 4268 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:23:02.0159 4268 Wanarp - ok
00:23:02.0167 4268 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:23:02.0169 4268 Wanarpv6 - ok
00:23:02.0265 4268 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:23:02.0266 4268 Wd - ok
00:23:02.0337 4268 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:23:02.0353 4268 Wdf01000 - ok
00:23:02.0483 4268 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:23:02.0505 4268 winachsf - ok
00:23:02.0670 4268 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:23:02.0674 4268 WmiAcpi - ok
00:23:02.0881 4268 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:23:02.0883 4268 WpdUsb - ok
00:23:03.0004 4268 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:23:03.0006 4268 ws2ifsl - ok
00:23:03.0059 4268 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:23:03.0062 4268 WUDFRd - ok
00:23:03.0103 4268 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
00:23:03.0107 4268 XAudio - ok
00:23:03.0262 4268 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
00:23:03.0274 4268 yukonwlh - ok
00:23:03.0314 4268 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:23:03.0482 4268 \Device\Harddisk0\DR0 - ok
00:23:03.0525 4268 Boot (0x1200) (96e7f834872d2e0e3ae57f0f7bff19b5) \Device\Harddisk0\DR0\Partition0
00:23:03.0740 4268 \Device\Harddisk0\DR0\Partition0 - ok
00:23:03.0770 4268 Boot (0x1200) (f594c1360451c2337f5b316771e93898) \Device\Harddisk0\DR0\Partition1
00:23:03.0774 4268 \Device\Harddisk0\DR0\Partition1 - ok
00:23:03.0775 4268 ============================================================
00:23:03.0776 4268 Scan finished
00:23:03.0776 4268 ============================================================
00:23:03.0826 5608 Detected object count: 1
00:23:03.0826 5608 Actual detected object count: 1
00:23:20.0185 5608 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
00:23:20.0345 5608 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
00:23:20.0399 5608 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
00:23:20.0426 5608 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot
00:23:20.0457 5608 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
00:23:20.0457 5608 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
00:23:24.0866 4500 Deinitialize success
Code:
ATTFilter 2012/03/21 18:13:05 +0100 YVONNE-PC Yvonne MESSAGE Starting protection
2012/03/21 18:13:09 +0100 YVONNE-PC Yvonne MESSAGE Protection started successfully
2012/03/21 18:13:12 +0100 YVONNE-PC Yvonne MESSAGE Starting IP protection
2012/03/21 18:13:17 +0100 YVONNE-PC Yvonne MESSAGE IP Protection started successfully
2012/03/21 18:21:19 +0100 YVONNE-PC Yvonne MESSAGE Executing scheduled update: Daily
2012/03/21 18:21:21 +0100 YVONNE-PC Yvonne MESSAGE Database already up-to-date
2012/03/21 19:18:28 +0100 YVONNE-PC Yvonne DETECTION C:\ProgramData\8HaWtjvalLWn8y.exe Trojan.FakeAlert QUARANTINE
2012/03/21 19:18:28 +0100 YVONNE-PC Yvonne ERROR Quarantine failed: DeleteFile failed with error code 5
2012/03/21 19:18:33 +0100 YVONNE-PC Yvonne DETECTION C:\ProgramData\8HaWtjvalLWn8y.exe Trojan.FakeAlert DENY
2012/03/21 22:01:53 +0100 YVONNE-PC Yvonne MESSAGE Starting protection
2012/03/21 22:02:08 +0100 YVONNE-PC Yvonne MESSAGE Protection started successfully
2012/03/21 22:02:11 +0100 YVONNE-PC Yvonne MESSAGE Starting IP protection
2012/03/21 22:02:18 +0100 YVONNE-PC Yvonne MESSAGE IP Protection started successfully
2012/03/21 23:15:49 +0100 YVONNE-PC Yvonne MESSAGE Starting protection
2012/03/21 23:15:56 +0100 YVONNE-PC Yvonne MESSAGE Protection started successfully
2012/03/21 23:15:59 +0100 YVONNE-PC Yvonne MESSAGE Starting IP protection
2012/03/21 23:16:05 +0100 YVONNE-PC Yvonne MESSAGE IP Protection started successfully
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:39 on 22/03/2012 (Yvonne)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
.DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Yvonne at 7:50:23 on 2012-03-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3293.1847 [GMT 1:00]
.
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.de/
uDefault_Page_URL = hxxp://www.google.de
mDefault_Page_URL = hxxp://www.google.de
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "c:\users\yvonne\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\users\yvonne\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ICQ] "c:\program files\icq7.5\ICQ.exe" silent loginmode=4
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\yvonne\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\yvonne\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\yvonne\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\yvonne\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\yvonne\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{06C5BC81-E8B8-4B0A-82B9-A0ABC0B6C63B} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\yvonne\appdata\roaming\mozilla\firefox\profiles\7jrxiww7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.71\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\users\yvonne\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\yvonne\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\yvonne\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\yvonne\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-20 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-20 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-3-20 909728]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-15 36000]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-3 214664]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-20 185560]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2008-9-7 25896]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-11-15 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-11-15 110032]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-11-15 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-12 74640]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-3-20 550864]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-21 652360]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-3 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-6-3 144704]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-21 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-6-3 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-6-3 35272]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-3-20 56840]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\drivers\rtl8187B.sys [2008-9-7 292864]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-2 27632]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-10-26 124368]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2008-6-3 1527900]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-3 30192]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-3 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-3 40552]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-21 402336]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-21 1117624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-6-3 606736]
.
=============== Created Last 30 ================
.
2012-03-21 17:12:02 -------- d-----w- c:\users\yvonne\appdata\roaming\Malwarebytes
2012-03-21 17:11:50 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 17:11:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 17:11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-20 23:23:19 -------- d--h--w- C:\TDSSKiller_Quarantine
2012-03-20 22:42:12 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-20 22:42:10 767952 ----a-w- c:\windows\BDTSupport.dll0309.old
2012-03-20 22:42:10 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-20 22:42:06 149456 ----a-w- c:\windows\SGDetectionTool.dll0309.old
2012-03-20 22:42:06 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-20 22:42:05 2250704 ----a-w- c:\windows\PCTBDCore.dll0309.old
2012-03-20 22:42:05 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-03-20 22:42:04 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-03-20 22:39:19 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-20 22:39:19 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-20 22:38:56 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-20 22:38:25 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-20 22:37:27 -------- d-----w- c:\program files\PC Tools
2012-03-20 22:34:18 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-20 22:34:17 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-20 22:34:02 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-20 22:34:01 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-20 22:33:54 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-20 22:33:51 -------- d-----w- c:\program files\common files\PC Tools
2012-03-20 22:32:31 -------- d--h--w- c:\programdata\PC Tools
2012-03-20 22:32:23 -------- d--h--w- c:\users\yvonne\appdata\roaming\TestApp
2012-03-18 03:39:19 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 03:39:19 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-14 10:43:05 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 10:43:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 10:43:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 10:43:03 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 10:43:03 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 10:43:03 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 10:42:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-14 10:42:26 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 10:42:25 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-08 16:04:40 -------- d--h--w- c:\users\yvonne\appdata\local\AskToolbar
.
==================== Find3M ====================
.
2012-03-14 13:04:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 7:51:44,73 ===============
Geändert von Yvonette (22.03.2012 um 00:18 Uhr) |
|
24.03.2012, 19:18
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | files indexation process failedZitat:
 Warum liest du nicht mal VORHER was du hier machen sollst?  Nein, stattdessen kann man dann ja lieber schon einen Tag später in den Erinnerungsstrang spamen 
__________________ |
|
24.03.2012, 20:03
| #3 |
| | files indexation process failed Hallo,
__________________Tdss killer habe ich ausgeführt, BEVOR ich hier überhaupt etwas gemacht hatte. Auf die glorreiche Idee kam ich nicht selbst, sondern auf Anraten eines Informatikstudenten. Wenn der keine Ahnung hatte, sorry! Und zu Malwarebytes, ich dachte, das sei alles, was ich posten müsse. Nochmals sorry für meine grenzenlose Unwissen- und Unfähigkeit! Desweiteren habe ich den Thread am 21.03.2012 nachts geschrieben und gepostet wurde er hier zu Beginn des 22.03. Heute haben wir den 24. Entschuldige, dass ich die Stunden nicht noch abgewartet habe, damit es drei volle Tage sind, bevor ich mich wieder melde. Ich habe mich wirklich bemüht alles richtig zu machen und ich habe mich, meiner Meinung nach, nicht im Ton vergriffen. Ich verstehe allerdings den Tonfall der Antwort nicht. Ich habe aber hier eigentlich nicht gepostet, um mir nen Anschiss abzuholen, sondern schon ein wenig aus Verzweiflung. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.21.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-PC [Administrator] Schutz: Aktiviert 21.03.2012 18:13:31 mbam-log-2012-03-21 (18-13-31).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 390030 Laufzeit: 3 Stunde(n), 42 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 2 C:\ProgramData\OylAIdmdwXgF.exe (Trojan.FakeAlert) -> 5380 -> Löschen bei Neustart. C:\ProgramData\8HaWtjvalLWn8y.exe (Trojan.FakeAlert) -> 3224 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|OylAIdmdwXgF.exe (Trojan.FakeAlert) -> Daten: C:\ProgramData\OylAIdmdwXgF.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\OylAIdmdwXgF.exe (Trojan.FakeAlert) -> Löschen bei Neustart. C:\ProgramData\8HaWtjvalLWn8y.exe (Trojan.FakeAlert) -> Löschen bei Neustart. C:\Users\Yvonne\AppData\Local\Temp\X4xMdhx2y7hM2Q.exe.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
24.03.2012, 20:07
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | files indexation process failedZitat:
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.03.2012, 21:03
| #5 |
| | files indexation process failed Ich habe noch nie vorher mit Malwarebytes gescannt, das ist das einzige Log. Es gibt auch noch zwei Avira Logs, die ich vergessen habe. Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 21. März 2012 00:26
Es wird nach 3580853 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : YVONNE-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 21:26:40
AVSCAN.DLL : 12.1.0.18 65744 Bytes 15.02.2012 21:26:40
LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 21:26:41
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 21:26:41
AVREG.DLL : 12.1.0.29 228048 Bytes 15.02.2012 21:26:41
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 16:21:14
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 20:42:03
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 20:42:03
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 20:42:03
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 20:42:03
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 20:42:03
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 20:42:03
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 20:42:03
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 20:42:03
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 20:42:03
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 20:42:04
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 01:46:39
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 01:46:40
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 05:29:52
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 05:35:13
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 21:26:42
VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 21:26:38
VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 17:58:05
VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 18:00:55
VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 17:58:11
VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 18:05:10
VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 19:52:34
VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 19:55:06
VBASE025.VDF : 7.11.25.30 245248 Bytes 12.03.2012 19:53:08
VBASE026.VDF : 7.11.25.121 252416 Bytes 15.03.2012 19:53:32
VBASE027.VDF : 7.11.25.177 202752 Bytes 20.03.2012 19:52:47
VBASE028.VDF : 7.11.25.178 2048 Bytes 20.03.2012 19:52:47
VBASE029.VDF : 7.11.25.179 2048 Bytes 20.03.2012 19:52:47
VBASE030.VDF : 7.11.25.180 2048 Bytes 20.03.2012 19:52:47
VBASE031.VDF : 7.11.25.188 35840 Bytes 20.03.2012 19:52:47
Engineversion : 8.2.10.24
AEVDF.DLL : 8.1.2.2 106868 Bytes 15.11.2011 22:23:03
AESCRIPT.DLL : 8.1.4.10 455035 Bytes 15.03.2012 19:54:43
AESCN.DLL : 8.1.8.2 131444 Bytes 01.02.2012 20:42:10
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 19:53:12
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.2.16.5 803190 Bytes 08.03.2012 19:56:02
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 13:20:30
AEHEUR.DLL : 8.1.4.7 4501878 Bytes 16.03.2012 20:03:03
AEHELP.DLL : 8.1.19.0 254327 Bytes 19.01.2012 19:41:24
AEGEN.DLL : 8.1.5.23 409973 Bytes 08.03.2012 19:55:18
AEEXP.DLL : 8.1.0.25 74101 Bytes 15.03.2012 19:54:44
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 19:53:38
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 13:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 13:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 13:59:38
AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 21:26:39
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 13:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 13:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 13:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 13:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 14:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 14:00:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Mittwoch, 21. März 2012 00:26
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'AVWEBGRD.EXE' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'ULCDRSvr.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosIPCSrv.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtSrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosCoSrv.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'TNaviSrv.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TemproSvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'pctsSvc.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'pctsAuxs.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'o2flash.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'MskSrver.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'MPFSrv.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcshield.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcproxy.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'BDTUpdateService.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'LogonUI.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1264' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Vista>
Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 22. März 2012 20:16
Es wird nach 3580853 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : YVONNE-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 21:26:40
AVSCAN.DLL : 12.1.0.18 65744 Bytes 15.02.2012 21:26:40
LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 21:26:41
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 21:26:41
AVREG.DLL : 12.1.0.29 228048 Bytes 15.02.2012 21:26:41
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 16:21:14
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 20:42:03
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 20:42:03
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 20:42:03
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 20:42:03
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 20:42:03
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 20:42:03
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 20:42:03
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 20:42:03
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 20:42:03
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 20:42:04
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 01:46:39
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 01:46:40
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 05:29:52
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 05:35:13
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 21:26:42
VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 21:26:38
VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 17:58:05
VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 18:00:55
VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 17:58:11
VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 18:05:10
VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 19:52:34
VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 19:55:06
VBASE025.VDF : 7.11.25.30 245248 Bytes 12.03.2012 19:53:08
VBASE026.VDF : 7.11.25.121 252416 Bytes 15.03.2012 19:53:32
VBASE027.VDF : 7.11.25.177 202752 Bytes 20.03.2012 19:52:47
VBASE028.VDF : 7.11.25.178 2048 Bytes 20.03.2012 19:52:47
VBASE029.VDF : 7.11.25.179 2048 Bytes 20.03.2012 19:52:47
VBASE030.VDF : 7.11.25.180 2048 Bytes 20.03.2012 19:52:47
VBASE031.VDF : 7.11.25.188 35840 Bytes 20.03.2012 19:52:47
Engineversion : 8.2.10.24
AEVDF.DLL : 8.1.2.2 106868 Bytes 15.11.2011 22:23:03
AESCRIPT.DLL : 8.1.4.10 455035 Bytes 15.03.2012 19:54:43
AESCN.DLL : 8.1.8.2 131444 Bytes 01.02.2012 20:42:10
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 19:53:12
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.2.16.5 803190 Bytes 08.03.2012 19:56:02
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 13:20:30
AEHEUR.DLL : 8.1.4.7 4501878 Bytes 16.03.2012 20:03:03
AEHELP.DLL : 8.1.19.0 254327 Bytes 19.01.2012 19:41:24
AEGEN.DLL : 8.1.5.23 409973 Bytes 08.03.2012 19:55:18
AEEXP.DLL : 8.1.0.25 74101 Bytes 15.03.2012 19:54:44
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 19:53:38
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 13:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 13:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 13:59:38
AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 21:26:39
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 13:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 13:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 13:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 13:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 14:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 14:00:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 22. März 2012 20:16
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'wlcomm.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'HCMSoundChanger.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcnasvc.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '158' Modul(e) wurden durchsucht
Durchsuche Prozess 'TOSCDSPD.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'TemproTray.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'HDMICtrlMan.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'TCrdMain.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPwrMain.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'ItSecMng.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '168' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcagent.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcmscsvc.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmartFaceVWatchSrv.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'ULCDRSvr.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosIPCSrv.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtSrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosCoSrv.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'TODDSrv.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'TNaviSrv.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'o2flash.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'MskSrver.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'MPFSrv.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcshield.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcproxy.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'BDTUpdateService.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1263' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Vista>
C:\Users\Yvonne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3b6fa193-4414b673
[0] Archivtyp: ZIP
--> v1.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.AG
Beginne mit der Suche in 'E:\' <Data>
Beginne mit der Desinfektion:
C:\Users\Yvonne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3b6fa193-4414b673
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.AG
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a9a3817.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 22. März 2012 22:30
Benötigte Zeit: 2:12:50 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
33695 Verzeichnisse wurden überprüft
611290 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
611289 Dateien ohne Befall
2870 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 20. März 2012 21:42
Es wird nach 3580853 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : YVONNE-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 21:26:40
AVSCAN.DLL : 12.1.0.18 65744 Bytes 15.02.2012 21:26:40
LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 21:26:41
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 21:26:41
AVREG.DLL : 12.1.0.29 228048 Bytes 15.02.2012 21:26:41
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 16:21:14
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 20:42:03
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 20:42:03
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 20:42:03
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 20:42:03
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 20:42:03
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 20:42:03
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 20:42:03
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 20:42:03
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 20:42:03
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 20:42:04
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 01:46:39
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 01:46:40
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 05:29:52
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 05:35:13
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 21:26:42
VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 21:26:38
VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 17:58:05
VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 18:00:55
VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 17:58:11
VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 18:05:10
VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 19:52:34
VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 19:55:06
VBASE025.VDF : 7.11.25.30 245248 Bytes 12.03.2012 19:53:08
VBASE026.VDF : 7.11.25.121 252416 Bytes 15.03.2012 19:53:32
VBASE027.VDF : 7.11.25.177 202752 Bytes 20.03.2012 19:52:47
VBASE028.VDF : 7.11.25.178 2048 Bytes 20.03.2012 19:52:47
VBASE029.VDF : 7.11.25.179 2048 Bytes 20.03.2012 19:52:47
VBASE030.VDF : 7.11.25.180 2048 Bytes 20.03.2012 19:52:47
VBASE031.VDF : 7.11.25.188 35840 Bytes 20.03.2012 19:52:47
Engineversion : 8.2.10.24
AEVDF.DLL : 8.1.2.2 106868 Bytes 15.11.2011 22:23:03
AESCRIPT.DLL : 8.1.4.10 455035 Bytes 15.03.2012 19:54:43
AESCN.DLL : 8.1.8.2 131444 Bytes 01.02.2012 20:42:10
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 19:53:12
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.2.16.5 803190 Bytes 08.03.2012 19:56:02
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 13:20:30
AEHEUR.DLL : 8.1.4.7 4501878 Bytes 16.03.2012 20:03:03
AEHELP.DLL : 8.1.19.0 254327 Bytes 19.01.2012 19:41:24
AEGEN.DLL : 8.1.5.23 409973 Bytes 08.03.2012 19:55:18
AEEXP.DLL : 8.1.0.25 74101 Bytes 15.03.2012 19:54:44
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 19:53:38
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 13:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 13:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 13:59:38
AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 21:26:39
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 13:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 13:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 13:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 13:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 14:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 14:00:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f68c534\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Dienstag, 20. März 2012 21:42
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OylAIdmdwXgF.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'googletalkplugin.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wlcomm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcupdui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcsvrcnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TOSCDSPD.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HCMSoundChanger.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TemproTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CEC_MAIN.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HDMICtrlMan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TCrdMain.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPwrMain.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'traybar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PicasaMediaDetector.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ItSecMng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcagent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcnasvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcmscsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmartFaceVWatchSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ULCDRSvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosIPCSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosBtSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosCoSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TODDSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TNaviSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'o2flash.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MskSrver.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MPFSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcshield.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcproxy.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Yvonne\AppData\Local\Temp\MlhOf51513sDBL.exe'
C:\Users\Yvonne\AppData\Local\Temp\MlhOf51513sDBL.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4abb4199.qua' verschoben!
Ende des Suchlaufs: Dienstag, 20. März 2012 21:42
Benötigte Zeit: 00:16 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
832 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
831 Dateien ohne Befall
1 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Geändert von cosinus (25.03.2012 um 14:28 Uhr) Grund: CODE-Tag korrigiert |
|
25.03.2012, 14:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | files indexation process failed Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ --> files indexation process failed |
|
25.03.2012, 21:28
| #7 |
| | files indexation process failedCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d8fbe485b0268c4a9fce83339fd5f23d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 04:58:26
# local_time=2012-03-25 06:58:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 11291690 11291690 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777214 0 35 277 85048851 0 0
# compatibility_mode=5892 16776573 100 95 77582153 170215631 0 0
# compatibility_mode=8192 67108863 100 0 526 526 0 0
# scanned=215004
# found=0
# cleaned=0
# scan_time=11803
Catalyst Control Centre: Host application funktioniert nicht mehr Startmenü und Desktopicons sind immer noch verschwunden. |
|
26.03.2012, 14:17
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | files indexation process failedZitat:
CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2012, 19:06
| #9 |
| | files indexation process failed OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.03.2012 19:26:23 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Yvonne\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,22 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 68,64% Memory free 6,64 Gb Paging File | 5,48 Gb Available in Paging File | 82,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 150,66 Gb Total Space | 40,32 Gb Free Space | 26,76% Space Free | Partition Type: NTFS Drive E: | 145,97 Gb Total Space | 129,45 Gb Free Space | 88,69% Space Free | Partition Type: NTFS Computer Name: YVONNE-PC | User Name: Yvonne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.26 19:21:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Yvonne\Desktop\OTL.exe PRC - [2012.02.17 16:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.11 16:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 15:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 15:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.10.11 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 15:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.04.24 18:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe PRC - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2008.04.11 00:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008.04.02 14:07:56 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe PRC - [2008.04.02 14:07:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe PRC - [2008.03.19 13:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\FlashCards\TCrdMain.exe PRC - [2008.01.29 16:00:40 | 000,430,080 | ---- | M] () -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TPwrMain.exe PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2007.09.28 16:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe PRC - [2006.09.08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint2K\hidfind.exe PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.04.07 21:59:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.06 10:14:54 | 005,121,912 | ---- | M] () -- C:\Programme\Toshiba\FlashCards\BlackPng.dll MOD - [2008.01.29 16:00:40 | 000,430,080 | ---- | M] () -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe MOD - [2007.12.25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\Toshiba\PCDiag\NotifyPCD.dll MOD - [2007.12.14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.12.01 17:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\Toshiba\TBS\NotifyTBS.dll MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ========== Win32 Services (SafeList) ========== SRV - [2012.02.24 11:36:06 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2012.02.24 10:16:12 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2012.02.17 16:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.11 15:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 15:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2011.10.11 15:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.10.26 15:00:16 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2008.04.24 18:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv) SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.04.11 11:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008.04.11 00:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.02.24 11:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD) DRV - [2012.02.15 23:26:41 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.12.01 17:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pctEFA.sys -- (pctEFA) DRV - [2011.12.01 17:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS) DRV - [2011.11.14 16:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore) DRV - [2011.10.11 16:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.28 14:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.02 12:55:29 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2008.04.15 10:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008.04.10 21:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2008.04.08 02:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.03.18 18:02:18 | 000,292,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B) DRV - [2008.03.04 10:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007.12.17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007.11.27 10:39:40 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007.10.17 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.04.23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt) DRV - [2007.04.09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem) DRV - [2006.10.30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKLM\..\SearchScopes,DefaultScope = {2A91D3A6-DA47-435A-B777-5794E82F2670} IE - HKLM\..\SearchScopes\{2A91D3A6-DA47-435A-B777-5794E82F2670}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\SearchScopes,DefaultScope = {2A91D3A6-DA47-435A-B777-5794E82F2670} IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\SearchScopes\{2A91D3A6-DA47-435A-B777-5794E82F2670}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=oRyCKo4UUkkae1NrZlBJZNjuxDM?q={searchTerms} IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Yvonne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Yvonne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Yvonne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yvonne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yvonne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012.03.21 07:28:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 05:39:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.15 11:09:50 | 000,000,000 | ---D | M] [2008.09.07 10:36:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Yvonne\AppData\Roaming\mozilla\Extensions [2012.03.08 23:56:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions [2012.03.22 00:10:36 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.28 17:58:36 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48) [2012.03.22 00:10:37 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.23 07:24:33 | 000,000,950 | ---- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-1.xml [2011.03.04 15:13:50 | 000,000,950 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-2.xml [2011.03.24 07:37:36 | 000,000,950 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-3.xml [2011.04.30 10:32:14 | 000,000,950 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-4.xml [2011.04.30 10:41:17 | 000,000,950 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-5.xml [2011.06.24 08:29:37 | 000,000,950 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-6.xml [2011.02.26 12:08:36 | 000,001,056 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin.xml [2012.03.21 23:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.23 12:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2011.12.23 12:11:32 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de () (No name found) -- C:\USERS\YVONNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JRXIWW7.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.03.18 05:39:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.06.30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2011.12.17 03:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.17 03:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.17 03:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.17 03:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.17 03:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.17 03:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yvonne\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Yvonne\AppData\Local\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Yvonne\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Yvonne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Yvonne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.71\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Yvonne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe File not found O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Programme\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000..\Run: [Facebook Update] C:\Users\Yvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe () O4 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06C5BC81-E8B8-4B0A-82B9-A0ABC0B6C63B}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{05e3de3f-7ce1-11dd-a095-001e688f6d99}\Shell - "" = AutoRun O33 - MountPoints2\{05e3de3f-7ce1-11dd-a095-001e688f6d99}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{80644c0a-149f-11df-89d0-0021634ddc58}\Shell\AutoRun\command - "" = D:\HPSecure\Windows\HPSecure30.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: 14665439.sys - Driver SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 14665439.sys - Driver SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - File not found SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.26 19:21:23 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Yvonne\Desktop\OTL.exe [2012.03.25 15:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.25 15:31:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Yvonne\Desktop\esetsmartinstaller_enu.exe [2012.03.22 08:41:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Yvonne\Desktop\dds.com [2012.03.21 19:12:02 | 000,000,000 | ---D | C] -- C:\Users\Yvonne\AppData\Roaming\Malwarebytes [2012.03.21 19:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.21 19:11:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.21 19:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.21 07:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2012.03.21 01:23:19 | 000,000,000 | -H-D | C] -- C:\TDSSKiller_Quarantine [2012.03.21 00:42:12 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys [2012.03.21 00:42:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0309.old [2012.03.21 00:42:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2012.03.21 00:42:05 | 002,250,704 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0309.old [2012.03.21 00:42:05 | 002,250,704 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2012.03.21 00:42:04 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2012.03.21 00:39:19 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2012.03.21 00:39:19 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2012.03.21 00:38:56 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys [2012.03.21 00:38:25 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2012.03.21 00:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools [2012.03.21 00:34:18 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2012.03.21 00:34:17 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2012.03.21 00:34:02 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2012.03.21 00:34:01 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2012.03.21 00:33:54 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2012.03.21 00:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012.03.21 00:32:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\TEMP [2012.03.21 00:32:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools [2012.03.21 00:32:23 | 000,000,000 | -H-D | C] -- C:\Users\Yvonne\AppData\Roaming\TestApp [2012.03.20 22:44:48 | 000,000,000 | -H-D | C] -- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012.03.08 18:04:40 | 000,000,000 | -H-D | C] -- C:\Users\Yvonne\AppData\Local\AskToolbar [2012.03.01 07:56:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.26 19:22:23 | 000,007,052 | ---- | M] () -- C:\Users\Yvonne\AppData\Local\d3d9caps.dat [2012.03.26 19:21:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Yvonne\Desktop\OTL.exe [2012.03.26 19:20:00 | 000,001,124 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2426209709-3695512336-22860695-1000UA.job [2012.03.26 19:02:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.26 18:43:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.26 18:16:48 | 000,001,142 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2426209709-3695512336-22860695-1000UA.job [2012.03.26 13:24:54 | 000,001,120 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2426209709-3695512336-22860695-1000Core.job [2012.03.26 13:17:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.26 13:17:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.26 07:02:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.26 06:20:00 | 000,001,072 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2426209709-3695512336-22860695-1000Core.job [2012.03.26 05:59:21 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.26 05:59:21 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.26 05:59:21 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.26 05:59:21 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.26 05:52:03 | 3452,325,888 | -HS- | M] () -- C:\hiberfil.sys [2012.03.25 15:31:19 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Yvonne\Desktop\esetsmartinstaller_enu.exe [2012.03.23 07:23:31 | 000,002,052 | -H-- | M] () -- C:\Users\Yvonne\Desktop\Google Chrome.lnk [2012.03.22 12:53:21 | 000,302,592 | ---- | M] () -- C:\Users\Yvonne\Desktop\y4ytqqln.exe [2012.03.22 08:41:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Yvonne\Desktop\dds.com [2012.03.22 08:39:28 | 000,000,156 | ---- | M] () -- C:\Users\Yvonne\defogger_reenable [2012.03.22 08:34:22 | 000,050,477 | ---- | M] () -- C:\Users\Yvonne\Desktop\Defogger.exe [2012.03.21 19:11:52 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.21 07:39:16 | 000,001,360 | -H-- | M] () -- C:\Users\Yvonne\Desktop\sd9setup.exe.lnk [2012.03.21 07:25:19 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk [2012.03.21 00:39:33 | 002,314,099 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2012.03.20 23:34:55 | 117,509,550 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.03.20 22:58:24 | 000,000,456 | -H-- | M] () -- C:\ProgramData\8HaWtjvalLWn8y [2012.03.20 22:55:21 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~8HaWtjvalLWn8y [2012.03.20 22:55:21 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~8HaWtjvalLWn8yr [2012.03.20 22:44:49 | 000,000,610 | -H-- | M] () -- C:\Users\Yvonne\Desktop\System Check.lnk [2012.03.20 20:03:25 | 000,001,833 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2012.03.16 07:55:54 | 000,000,957 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.16 07:55:30 | 000,000,927 | -H-- | M] () -- C:\Users\Yvonne\Desktop\Dropbox.lnk [2012.03.15 07:57:32 | 000,419,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.22 12:53:21 | 000,302,592 | ---- | C] () -- C:\Users\Yvonne\Desktop\y4ytqqln.exe [2012.03.22 08:39:27 | 000,000,156 | ---- | C] () -- C:\Users\Yvonne\defogger_reenable [2012.03.22 08:34:21 | 000,050,477 | ---- | C] () -- C:\Users\Yvonne\Desktop\Defogger.exe [2012.03.21 19:11:52 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.21 07:25:19 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk [2012.03.21 00:42:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0309.old [2012.03.21 00:42:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2012.03.21 00:42:07 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2012.03.21 00:42:07 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2012.03.21 00:42:06 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip [2012.03.21 00:42:06 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2012.03.21 00:34:22 | 002,314,099 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2012.03.21 00:32:35 | 000,001,360 | -H-- | C] () -- C:\Users\Yvonne\Desktop\sd9setup.exe.lnk [2012.03.20 23:29:16 | 3452,325,888 | -HS- | C] () -- C:\hiberfil.sys [2012.03.20 22:44:49 | 000,000,610 | -H-- | C] () -- C:\Users\Yvonne\Desktop\System Check.lnk [2012.03.20 22:44:49 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~8HaWtjvalLWn8y [2012.03.20 22:44:49 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~8HaWtjvalLWn8yr [2012.03.20 22:44:45 | 000,000,456 | -H-- | C] () -- C:\ProgramData\8HaWtjvalLWn8y [2010.11.22 14:19:34 | 000,000,000 | -H-- | C] () -- C:\Users\Yvonne\AppData\Roaming\wklnhst.dat [2010.06.27 10:15:42 | 001,228,800 | ---- | C] () -- C:\Windows\System32\MGIIpl2M5.dll [2010.06.27 10:15:42 | 001,105,920 | ---- | C] () -- C:\Windows\System32\MGIIpl2P6.dll [2010.06.27 10:15:41 | 001,294,336 | ---- | C] () -- C:\Windows\System32\MGIIpl2A6.dll [2010.06.27 10:15:41 | 001,261,568 | ---- | C] () -- C:\Windows\System32\MGIIpl2M6.dll [2010.06.27 10:15:41 | 001,052,672 | ---- | C] () -- C:\Windows\System32\MGIIpl2P5.dll [2010.06.27 10:15:06 | 000,000,002 | ---- | C] () -- C:\Windows\PhotoSuite.ini [2010.06.27 10:14:59 | 001,093,632 | ---- | C] () -- C:\Windows\System32\MGIIpl2PX.dll [2010.06.27 10:14:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\MGIIpl2.dll [2010.06.27 10:14:59 | 000,019,968 | ---- | C] () -- C:\Windows\System32\CPUINF32.DLL [2010.06.27 10:14:58 | 000,122,880 | ---- | C] () -- C:\Windows\System32\JPEGLIB.DLL [2010.06.27 10:14:58 | 000,122,880 | ---- | C] () -- C:\Windows\System32\EnrouteStitch.dll [2010.06.27 10:14:54 | 000,332,800 | ---- | C] () -- C:\Windows\System32\FPXLIB.DLL [2010.06.20 18:03:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2012.03.22 00:10:33 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\DAEMON Tools [2012.03.20 20:04:12 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Dropbox [2011.08.01 12:41:04 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\DVDVideoSoft [2011.08.01 12:40:53 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.26 19:23:27 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\ICQ [2010.09.20 22:14:28 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\MAGIX [2012.03.21 00:32:23 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\TestApp [2008.09.07 09:18:27 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Toshiba [2012.03.26 13:24:54 | 000,001,120 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426209709-3695512336-22860695-1000Core.job [2012.03.26 18:16:48 | 000,001,142 | -H-- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426209709-3695512336-22860695-1000UA.job [2012.03.25 23:17:46 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.04.25 00:04:07 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Adobe [2011.03.07 16:42:36 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Apple Computer [2008.09.07 08:53:52 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\ATI [2011.11.16 00:15:46 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Avira [2012.03.22 00:10:33 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\DAEMON Tools [2010.04.17 20:54:59 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\DivX [2012.03.20 20:04:12 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Dropbox [2011.08.01 12:41:04 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\DVDVideoSoft [2011.08.01 12:40:53 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers [2008.09.07 10:34:31 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Google [2012.03.26 19:23:27 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\ICQ [2008.09.07 08:52:58 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Identities [2008.09.07 08:38:07 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\InstallShield [2008.09.07 11:13:43 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Macromedia [2010.09.20 22:14:28 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\MAGIX [2012.03.21 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Yvonne\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Media Center Programs [2012.02.08 17:17:56 | 000,000,000 | --SD | M] -- C:\Users\Yvonne\AppData\Roaming\Microsoft [2012.03.22 13:16:45 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Mozilla [2010.03.16 14:16:44 | 000,000,000 | RH-D | M] -- C:\Users\Yvonne\AppData\Roaming\SecuROM [2012.03.22 00:10:37 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Skype [2012.02.27 20:27:44 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\skypePM [2012.03.21 00:32:23 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\TestApp [2008.09.07 09:18:27 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\Toshiba [2012.03.22 00:10:37 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\vlc [2008.11.23 14:04:58 | 000,000,000 | -H-D | M] -- C:\Users\Yvonne\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.03.16 03:15:44 | 026,565,208 | -H-- | M] (Dropbox, Inc.) -- C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.02.17 02:23:04 | 000,871,664 | -H-- | M] (Dropbox, Inc.) -- C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxPhotoUpdate.exe [2012.03.15 00:02:14 | 000,871,544 | -H-- | M] (Dropbox, Inc.) -- C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.03.16 03:16:16 | 000,176,032 | -H-- | M] (Dropbox, Inc.) -- C:\Users\Yvonne\AppData\Roaming\Dropbox\bin\Uninstall.exe [2009.06.03 18:55:01 | 000,010,134 | RH-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys [2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys [2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys [2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > |
|
26.03.2012, 20:45
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | files indexation process failed Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\SearchScopes,DefaultScope = {2A91D3A6-DA47-435A-B777-5794E82F2670}
IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\SearchScopes\{2A91D3A6-DA47-435A-B777-5794E82F2670}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA
IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=oRyCKo4UUkkae1NrZlBJZNjuxDM?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
[2012.03.22 00:10:36 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.28 17:58:36 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)
[2012.03.22 00:10:37 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.23 07:24:33 | 000,000,950 | ---- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-1.xml
[2011.03.04 15:13:50 | 000,000,950 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-2.xml
[2011.03.24 07:37:36 | 000,000,950 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-3.xml
[2011.04.30 10:32:14 | 000,000,950 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-4.xml
[2011.04.30 10:41:17 | 000,000,950 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-5.xml
[2011.06.24 08:29:37 | 000,000,950 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-6.xml
[2011.02.26 12:08:36 | 000,001,056 | -H-- | M] () -- C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin.xml
[2011.12.23 12:11:32 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2426209709-3695512336-22860695-1000..\Run: [Facebook Update] C:\Users\Yvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05e3de3f-7ce1-11dd-a095-001e688f6d99}\Shell - "" = AutoRun
O33 - MountPoints2\{05e3de3f-7ce1-11dd-a095-001e688f6d99}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{80644c0a-149f-11df-89d0-0021634ddc58}\Shell\AutoRun\command - "" = D:\HPSecure\Windows\HPSecure30.exe
[2012.03.20 22:58:24 | 000,000,456 | -H-- | M] () -- C:\ProgramData\8HaWtjvalLWn8y
[2012.03.20 22:55:21 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~8HaWtjvalLWn8y
[2012.03.20 22:55:21 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~8HaWtjvalLWn8yr
[2012.03.20 22:44:49 | 000,000,610 | -H-- | M] () -- C:\Users\Yvonne\Desktop\System Check.lnk
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2012, 21:28
| #11 |
| | files indexation process failedCode:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-2426209709-3695512336-22860695-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ deleted successfully.
C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll moved successfully.
HKEY_USERS\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2A91D3A6-DA47-435A-B777-5794E82F2670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A91D3A6-DA47-435A-B777-5794E82F2670}\ not found.
Registry key HKEY_USERS\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from keyword.URL
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\search_engine folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\META-INF folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\skin folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\tr folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\sk folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\ru folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\it folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\he folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\fr folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\es folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\en-US folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\de folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\cs folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale\bg folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\locale folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\content\img folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome\content folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48)\chrome folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(48) folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\7jrxiww7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search\engine folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\homebutton folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\brand folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\util folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\tracking folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search\mcollect folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\hotnews folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\components folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2426209709-3695512336-22860695-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Yvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05e3de3f-7ce1-11dd-a095-001e688f6d99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05e3de3f-7ce1-11dd-a095-001e688f6d99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05e3de3f-7ce1-11dd-a095-001e688f6d99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05e3de3f-7ce1-11dd-a095-001e688f6d99}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80644c0a-149f-11df-89d0-0021634ddc58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80644c0a-149f-11df-89d0-0021634ddc58}\ not found.
File D:\HPSecure\Windows\HPSecure30.exe not found.
C:\ProgramData\8HaWtjvalLWn8y moved successfully.
C:\ProgramData\~8HaWtjvalLWn8y moved successfully.
C:\ProgramData\~8HaWtjvalLWn8yr moved successfully.
C:\Users\Yvonne\Desktop\System Check.lnk moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400868 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Yvonne
->Temp folder emptied: 6422945588 bytes
->Temporary Internet Files folder emptied: 70438806 bytes
->Java cache emptied: 18562420 bytes
->FireFox cache emptied: 49278117 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 1051 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3383213002 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 9.486,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03262012_215852
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
27.03.2012, 10:23
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | files indexation process failed Mach bitte ein neues Log mit dem TDSS-Killer => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 13:50
| #13 |
| | files indexation process failedCode:
ATTFilter 14:44:56.0176 4448 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:44:56.0430 4448 ============================================================
14:44:56.0430 4448 Current date / time: 2012/03/27 14:44:56.0430
14:44:56.0430 4448 SystemInfo:
14:44:56.0430 4448
14:44:56.0431 4448 OS Version: 6.0.6002 ServicePack: 2.0
14:44:56.0431 4448 Product type: Workstation
14:44:56.0431 4448 ComputerName: YVONNE-PC
14:44:56.0431 4448 UserName: Yvonne
14:44:56.0432 4448 Windows directory: C:\Windows
14:44:56.0432 4448 System windows directory: C:\Windows
14:44:56.0432 4448 Processor architecture: Intel x86
14:44:56.0432 4448 Number of processors: 2
14:44:56.0432 4448 Page size: 0x1000
14:44:56.0432 4448 Boot type: Normal boot
14:44:56.0432 4448 ============================================================
14:44:57.0649 4448 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:44:57.0652 4448 \Device\Harddisk0\DR0:
14:44:57.0652 4448 MBR used
14:44:57.0652 4448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x12D50800
14:44:57.0653 4448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1303F000, BlocksNum 0x123EF800
14:44:57.0860 4448 Initialize success
14:44:57.0860 4448 ============================================================
14:45:48.0824 5616 ============================================================
14:45:48.0824 5616 Scan started
14:45:48.0824 5616 Mode: Manual; SigCheck; TDLFS;
14:45:48.0824 5616 ============================================================
14:45:49.0553 5616 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:45:49.0975 5616 ACPI - ok
14:45:50.0083 5616 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:45:50.0098 5616 AdobeARMservice - ok
14:45:50.0411 5616 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:45:50.0461 5616 adp94xx - ok
14:45:50.0582 5616 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:45:50.0619 5616 adpahci - ok
14:45:50.0654 5616 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:45:50.0683 5616 adpu160m - ok
14:45:50.0795 5616 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:45:50.0825 5616 adpu320 - ok
14:45:50.0879 5616 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:45:51.0070 5616 AeLookupSvc - ok
14:45:51.0188 5616 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:45:51.0274 5616 AFD - ok
14:45:51.0380 5616 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:45:51.0422 5616 agp440 - ok
14:45:51.0452 5616 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:45:51.0504 5616 aic78xx - ok
14:45:51.0616 5616 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:45:51.0844 5616 ALG - ok
14:45:52.0000 5616 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:45:52.0045 5616 aliide - ok
14:45:52.0081 5616 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:45:52.0133 5616 amdagp - ok
14:45:52.0242 5616 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:45:52.0278 5616 amdide - ok
14:45:52.0304 5616 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:45:52.0397 5616 AmdK7 - ok
14:45:52.0509 5616 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:45:52.0608 5616 AmdK8 - ok
14:45:52.0731 5616 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:45:52.0750 5616 AntiVirSchedulerService - ok
14:45:52.0807 5616 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:45:52.0828 5616 AntiVirService - ok
14:45:52.0863 5616 AntiVirWebService (cc62fdc25725267a702f48c90c5cdf31) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:45:52.0945 5616 AntiVirWebService - ok
14:45:53.0058 5616 ApfiltrService (45f47f79ad3f587a334345fd2969354b) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:45:53.0496 5616 ApfiltrService - ok
14:45:53.0610 5616 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:45:53.0657 5616 Appinfo - ok
14:45:53.0757 5616 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:45:53.0776 5616 Apple Mobile Device - ok
14:45:53.0873 5616 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:45:53.0900 5616 arc - ok
14:45:53.0944 5616 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:45:53.0971 5616 arcsas - ok
14:45:54.0076 5616 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:45:54.0175 5616 AsyncMac - ok
14:45:54.0234 5616 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:45:54.0264 5616 atapi - ok
14:45:54.0368 5616 Ati External Event Utility (54d715af597c06e87418c50f481bdd2c) C:\Windows\system32\Ati2evxx.exe
14:45:54.0455 5616 Ati External Event Utility - ok
14:45:54.0727 5616 atikmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
14:45:55.0077 5616 atikmdag - ok
14:45:55.0188 5616 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:45:55.0273 5616 AtiPcie - ok
14:45:55.0432 5616 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:45:55.0546 5616 AudioEndpointBuilder - ok
14:45:55.0571 5616 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:45:55.0648 5616 Audiosrv - ok
14:45:55.0749 5616 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
14:45:55.0789 5616 avgntflt - ok
14:45:55.0860 5616 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
14:45:55.0901 5616 avipbb - ok
14:45:56.0008 5616 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
14:45:56.0040 5616 avkmgr - ok
14:45:56.0090 5616 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:45:56.0226 5616 Beep - ok
14:45:56.0351 5616 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:45:56.0471 5616 BFE - ok
14:45:56.0611 5616 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:45:56.0706 5616 BITS - ok
14:45:56.0834 5616 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:45:56.0868 5616 blbdrive - ok
14:45:56.0953 5616 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:45:56.0976 5616 Bonjour Service - ok
14:45:57.0101 5616 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:45:57.0177 5616 bowser - ok
14:45:57.0307 5616 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:45:57.0383 5616 BrFiltLo - ok
14:45:57.0514 5616 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:45:57.0609 5616 BrFiltUp - ok
14:45:57.0710 5616 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:45:57.0770 5616 Browser - ok
14:45:58.0032 5616 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
14:45:58.0076 5616 Browser Defender Update Service - ok
14:45:58.0189 5616 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:45:58.0468 5616 Brserid - ok
14:45:58.0578 5616 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:45:58.0759 5616 BrSerWdm - ok
14:45:58.0860 5616 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:45:58.0968 5616 BrUsbMdm - ok
14:45:59.0157 5616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:45:59.0290 5616 BrUsbSer - ok
14:45:59.0410 5616 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:45:59.0528 5616 BTHMODEM - ok
14:45:59.0564 5616 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:45:59.0641 5616 cdfs - ok
14:45:59.0752 5616 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:45:59.0850 5616 cdrom - ok
14:46:00.0014 5616 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:46:00.0107 5616 CertPropSvc - ok
14:46:00.0159 5616 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:46:00.0271 5616 circlass - ok
14:46:00.0413 5616 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:46:00.0621 5616 CLFS - ok
14:46:00.0737 5616 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:46:00.0784 5616 clr_optimization_v2.0.50727_32 - ok
14:46:00.0880 5616 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:46:00.0930 5616 clr_optimization_v4.0.30319_32 - ok
14:46:01.0041 5616 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:46:01.0136 5616 CmBatt - ok
14:46:01.0222 5616 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:46:01.0248 5616 cmdide - ok
14:46:01.0301 5616 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
14:46:01.0387 5616 CnxtHdAudService - ok
14:46:01.0502 5616 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:46:01.0546 5616 Compbatt - ok
14:46:01.0574 5616 COMSysApp - ok
14:46:01.0666 5616 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:46:01.0686 5616 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
14:46:01.0686 5616 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
14:46:01.0796 5616 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:46:01.0822 5616 crcdisk - ok
14:46:01.0859 5616 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:46:01.0962 5616 Crusoe - ok
14:46:02.0101 5616 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:46:02.0191 5616 CryptSvc - ok
14:46:02.0281 5616 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:46:02.0400 5616 DcomLaunch - ok
14:46:02.0514 5616 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:46:02.0599 5616 DfsC - ok
14:46:02.0797 5616 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:46:03.0027 5616 DFSR - ok
14:46:03.0145 5616 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:46:03.0223 5616 Dhcp - ok
14:46:03.0284 5616 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:46:03.0319 5616 disk - ok
14:46:03.0411 5616 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:46:03.0494 5616 Dnscache - ok
14:46:03.0606 5616 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:46:03.0715 5616 dot3svc - ok
14:46:03.0784 5616 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:46:03.0871 5616 DPS - ok
14:46:03.0959 5616 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:46:04.0002 5616 drmkaud - ok
14:46:04.0102 5616 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:46:04.0140 5616 DXGKrnl - ok
14:46:04.0208 5616 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:46:04.0279 5616 E1G60 - ok
14:46:04.0344 5616 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:46:04.0403 5616 EapHost - ok
14:46:04.0505 5616 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:46:04.0536 5616 Ecache - ok
14:46:04.0618 5616 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:46:04.0692 5616 ehRecvr - ok
14:46:04.0735 5616 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:46:04.0799 5616 ehSched - ok
14:46:04.0845 5616 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:46:04.0918 5616 ehstart - ok
14:46:05.0031 5616 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:46:05.0106 5616 elxstor - ok
14:46:05.0249 5616 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:46:05.0352 5616 EMDMgmt - ok
14:46:05.0459 5616 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:46:05.0525 5616 ErrDev - ok
14:46:05.0713 5616 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:46:05.0832 5616 EventSystem - ok
14:46:05.0948 5616 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:46:06.0032 5616 exfat - ok
14:46:06.0114 5616 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:46:06.0217 5616 fastfat - ok
14:46:06.0311 5616 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:46:06.0390 5616 fdc - ok
14:46:06.0449 5616 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:46:06.0548 5616 fdPHost - ok
14:46:06.0604 5616 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:46:06.0726 5616 FDResPub - ok
14:46:06.0782 5616 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:46:06.0815 5616 FileInfo - ok
14:46:06.0858 5616 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:46:06.0941 5616 Filetrace - ok
14:46:07.0121 5616 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
14:46:07.0283 5616 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:46:07.0283 5616 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:46:07.0413 5616 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:46:07.0527 5616 flpydisk - ok
14:46:07.0655 5616 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:46:07.0705 5616 FltMgr - ok
14:46:07.0782 5616 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:46:07.0923 5616 FontCache - ok
14:46:08.0031 5616 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:46:08.0076 5616 FontCache3.0.0.0 - ok
14:46:08.0148 5616 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:46:08.0245 5616 Fs_Rec - ok
14:46:08.0295 5616 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:46:08.0342 5616 gagp30kx - ok
14:46:08.0441 5616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:46:08.0480 5616 GEARAspiWDM - ok
14:46:08.0577 5616 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
14:46:08.0617 5616 GoogleDesktopManager-051210-111108 - ok
14:46:08.0728 5616 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:46:08.0868 5616 gpsvc - ok
14:46:08.0981 5616 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:46:09.0024 5616 gupdate - ok
14:46:09.0041 5616 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:46:09.0073 5616 gupdatem - ok
14:46:09.0122 5616 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:46:09.0153 5616 gusvc - ok
14:46:09.0269 5616 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:46:09.0339 5616 HdAudAddService - ok
14:46:09.0470 5616 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:46:09.0559 5616 HDAudBus - ok
14:46:09.0668 5616 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:46:09.0871 5616 HidBth - ok
14:46:10.0118 5616 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:46:10.0333 5616 HidIr - ok
14:46:10.0525 5616 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:46:10.0585 5616 hidserv - ok
14:46:10.0630 5616 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:46:10.0735 5616 HidUsb - ok
14:46:10.0889 5616 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:46:10.0965 5616 hkmsvc - ok
14:46:11.0049 5616 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:46:11.0093 5616 HpCISSs - ok
14:46:11.0195 5616 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:46:11.0314 5616 HSF_DPV - ok
14:46:11.0420 5616 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:46:11.0486 5616 HSXHWAZL - ok
14:46:11.0545 5616 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:46:11.0635 5616 HTTP - ok
14:46:11.0764 5616 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:46:11.0811 5616 i2omp - ok
14:46:11.0845 5616 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:46:11.0951 5616 i8042prt - ok
14:46:12.0070 5616 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:46:12.0117 5616 iaStorV - ok
14:46:12.0206 5616 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:46:12.0236 5616 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:46:12.0236 5616 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:46:12.0373 5616 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:46:12.0478 5616 idsvc - ok
14:46:12.0570 5616 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:46:12.0608 5616 iirsp - ok
14:46:12.0726 5616 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:46:12.0824 5616 IKEEXT - ok
14:46:12.0905 5616 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:46:12.0941 5616 intelide - ok
14:46:13.0012 5616 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:46:13.0089 5616 intelppm - ok
14:46:13.0163 5616 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:46:13.0263 5616 IPBusEnum - ok
14:46:13.0368 5616 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:46:13.0475 5616 IpFilterDriver - ok
14:46:13.0555 5616 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:46:13.0638 5616 iphlpsvc - ok
14:46:13.0748 5616 IpInIp - ok
14:46:13.0817 5616 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:46:13.0948 5616 IPMIDRV - ok
14:46:14.0067 5616 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:46:14.0196 5616 IPNAT - ok
14:46:14.0292 5616 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
14:46:14.0352 5616 iPod Service - ok
14:46:14.0468 5616 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:46:14.0527 5616 IRENUM - ok
14:46:14.0612 5616 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:46:14.0626 5616 isapnp - ok
14:46:14.0670 5616 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:46:14.0686 5616 iScsiPrt - ok
14:46:14.0723 5616 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:46:14.0737 5616 iteatapi - ok
14:46:14.0832 5616 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:46:14.0847 5616 iteraid - ok
14:46:14.0894 5616 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:46:14.0914 5616 kbdclass - ok
14:46:15.0012 5616 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:46:15.0081 5616 kbdhid - ok
14:46:15.0120 5616 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:46:15.0190 5616 KeyIso - ok
14:46:15.0320 5616 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:46:15.0407 5616 KSecDD - ok
14:46:15.0525 5616 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:46:15.0639 5616 KtmRm - ok
14:46:15.0747 5616 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:46:15.0826 5616 LanmanServer - ok
14:46:15.0930 5616 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:46:16.0014 5616 LanmanWorkstation - ok
14:46:16.0088 5616 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:46:16.0171 5616 lltdio - ok
14:46:16.0281 5616 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:46:16.0351 5616 lltdsvc - ok
14:46:16.0379 5616 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:46:16.0486 5616 lmhosts - ok
14:46:16.0597 5616 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:46:16.0647 5616 LSI_FC - ok
14:46:16.0681 5616 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:46:16.0698 5616 LSI_SAS - ok
14:46:16.0801 5616 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:46:16.0817 5616 LSI_SCSI - ok
14:46:16.0853 5616 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:46:16.0887 5616 luafv - ok
14:46:17.0008 5616 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
14:46:17.0019 5616 MBAMProtector - ok
14:46:17.0131 5616 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:46:17.0179 5616 MBAMService - ok
14:46:17.0287 5616 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:46:17.0307 5616 Mcx2Svc - ok
14:46:17.0369 5616 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:46:17.0401 5616 mdmxsdk - ok
14:46:17.0478 5616 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:46:17.0493 5616 megasas - ok
14:46:17.0560 5616 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:46:17.0589 5616 MegaSR - ok
14:46:17.0708 5616 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:46:17.0797 5616 MMCSS - ok
14:46:17.0893 5616 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:46:17.0967 5616 Modem - ok
14:46:18.0032 5616 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:46:18.0099 5616 monitor - ok
14:46:18.0127 5616 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:46:18.0161 5616 mouclass - ok
14:46:18.0232 5616 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:46:18.0306 5616 mouhid - ok
14:46:18.0374 5616 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:46:18.0399 5616 MountMgr - ok
14:46:18.0471 5616 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:46:18.0486 5616 mpio - ok
14:46:18.0560 5616 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:46:18.0589 5616 mpsdrv - ok
14:46:18.0665 5616 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:46:18.0721 5616 MpsSvc - ok
14:46:18.0810 5616 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:46:18.0839 5616 Mraid35x - ok
14:46:18.0911 5616 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:46:18.0978 5616 MRxDAV - ok
14:46:19.0103 5616 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:46:19.0179 5616 mrxsmb - ok
14:46:19.0274 5616 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:46:19.0355 5616 mrxsmb10 - ok
14:46:19.0462 5616 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:46:19.0533 5616 mrxsmb20 - ok
14:46:19.0645 5616 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
14:46:19.0694 5616 msahci - ok
14:46:19.0825 5616 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:46:19.0852 5616 msdsm - ok
14:46:19.0895 5616 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:46:19.0968 5616 MSDTC - ok
14:46:20.0090 5616 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:46:20.0160 5616 Msfs - ok
14:46:20.0191 5616 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:46:20.0229 5616 msisadrv - ok
14:46:20.0335 5616 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:46:20.0475 5616 MSiSCSI - ok
14:46:20.0500 5616 msiserver - ok
14:46:20.0575 5616 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:46:20.0657 5616 MSKSSRV - ok
14:46:20.0735 5616 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:46:20.0807 5616 MSPCLOCK - ok
14:46:20.0984 5616 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:46:21.0047 5616 MSPQM - ok
14:46:21.0197 5616 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:46:21.0224 5616 MsRPC - ok
14:46:21.0294 5616 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:46:21.0320 5616 mssmbios - ok
14:46:21.0391 5616 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:46:21.0441 5616 MSTEE - ok
14:46:21.0496 5616 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:46:21.0514 5616 Mup - ok
14:46:21.0575 5616 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:46:21.0637 5616 napagent - ok
14:46:21.0720 5616 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:46:21.0790 5616 NativeWifiP - ok
14:46:21.0871 5616 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:46:21.0926 5616 NDIS - ok
14:46:22.0026 5616 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:46:22.0090 5616 NdisTapi - ok
14:46:22.0128 5616 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:46:22.0169 5616 Ndisuio - ok
14:46:22.0284 5616 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:46:22.0341 5616 NdisWan - ok
14:46:22.0396 5616 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:46:22.0437 5616 NDProxy - ok
14:46:22.0502 5616 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:46:22.0559 5616 NetBIOS - ok
14:46:22.0632 5616 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:46:22.0679 5616 netbt - ok
14:46:22.0743 5616 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:46:22.0760 5616 Netlogon - ok
14:46:22.0806 5616 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:46:22.0860 5616 Netman - ok
14:46:22.0899 5616 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:46:22.0947 5616 netprofm - ok
14:46:23.0029 5616 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:46:23.0046 5616 NetTcpPortSharing - ok
14:46:23.0098 5616 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:46:23.0113 5616 nfrd960 - ok
14:46:23.0210 5616 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:46:23.0253 5616 NlaSvc - ok
14:46:23.0329 5616 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:46:23.0367 5616 Npfs - ok
14:46:23.0443 5616 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:46:23.0476 5616 nsi - ok
14:46:23.0540 5616 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:46:23.0584 5616 nsiproxy - ok
14:46:23.0698 5616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:46:23.0755 5616 Ntfs - ok
14:46:23.0816 5616 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:46:23.0892 5616 ntrigdigi - ok
14:46:23.0960 5616 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:46:24.0006 5616 Null - ok
14:46:24.0077 5616 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:46:24.0092 5616 nvraid - ok
14:46:24.0156 5616 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:46:24.0169 5616 nvstor - ok
14:46:24.0228 5616 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:46:24.0244 5616 nv_agp - ok
14:46:24.0294 5616 NwlnkFlt - ok
14:46:24.0325 5616 NwlnkFwd - ok
14:46:24.0408 5616 o2flash (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
14:46:24.0423 5616 o2flash ( UnsignedFile.Multi.Generic ) - warning
14:46:24.0424 5616 o2flash - detected UnsignedFile.Multi.Generic (1)
14:46:24.0521 5616 O2MDRDR (78575368974962042472f18b24d3cf28) C:\Windows\system32\DRIVERS\o2media.sys
14:46:24.0533 5616 O2MDRDR - ok
14:46:24.0634 5616 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:46:24.0662 5616 odserv - ok
14:46:24.0784 5616 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:46:24.0830 5616 ohci1394 - ok
14:46:24.0949 5616 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:46:24.0964 5616 ose - ok
14:46:25.0151 5616 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:46:25.0230 5616 p2pimsvc - ok
14:46:25.0251 5616 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:46:25.0485 5616 p2psvc - ok
14:46:25.0640 5616 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:46:25.0704 5616 Parport - ok
14:46:25.0772 5616 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:46:25.0791 5616 partmgr - ok
14:46:25.0925 5616 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:46:25.0998 5616 Parvdm - ok
14:46:26.0029 5616 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:46:26.0066 5616 PcaSvc - ok
14:46:26.0500 5616 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:46:26.0517 5616 pci - ok
14:46:26.0554 5616 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:46:26.0570 5616 pciide - ok
14:46:26.0667 5616 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:46:26.0684 5616 pcmcia - ok
14:46:26.0722 5616 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
14:46:26.0735 5616 PCTBD - ok
14:46:26.0904 5616 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
14:46:26.0929 5616 PCTCore - ok
14:46:27.0029 5616 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
14:46:27.0054 5616 pctDS - ok
14:46:27.0206 5616 pctEFA (653d8079cc000ec454789740a07b84a8) C:\Windows\system32\drivers\pctEFA.sys
14:46:27.0327 5616 pctEFA - ok
14:46:27.0456 5616 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\Windows\system32\Drivers\PCTSD.sys
14:46:27.0473 5616 PCTSD - ok
14:46:27.0536 5616 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:46:27.0767 5616 PEAUTH - ok
14:46:28.0519 5616 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:46:28.0678 5616 pla - ok
14:46:28.0870 5616 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:46:28.0953 5616 PlugPlay - ok
14:46:29.0193 5616 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:46:29.0297 5616 PNRPAutoReg - ok
14:46:29.0392 5616 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:46:29.0455 5616 PNRPsvc - ok
14:46:29.0614 5616 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:46:29.0685 5616 PolicyAgent - ok
14:46:29.0799 5616 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:46:29.0858 5616 PptpMiniport - ok
14:46:29.0896 5616 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
14:46:29.0937 5616 Processor - ok
14:46:29.0986 5616 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:46:30.0029 5616 ProfSvc - ok
14:46:30.0121 5616 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:46:30.0153 5616 ProtectedStorage - ok
14:46:30.0220 5616 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:46:30.0317 5616 PSched - ok
14:46:30.0411 5616 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
14:46:30.0439 5616 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:46:30.0439 5616 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:46:30.0502 5616 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
14:46:30.0546 5616 QIOMem - ok
14:46:30.0684 5616 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:46:30.0817 5616 ql2300 - ok
14:46:30.0918 5616 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:46:30.0965 5616 ql40xx - ok
14:46:31.0023 5616 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:46:31.0094 5616 QWAVE - ok
14:46:31.0196 5616 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:46:31.0243 5616 QWAVEdrv - ok
14:46:31.0336 5616 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:46:31.0464 5616 RasAcd - ok
14:46:31.0619 5616 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:46:31.0672 5616 RasAuto - ok
14:46:31.0737 5616 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:46:31.0785 5616 Rasl2tp - ok
14:46:31.0893 5616 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:46:31.0953 5616 RasMan - ok
14:46:32.0048 5616 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:46:32.0102 5616 RasPppoe - ok
14:46:32.0195 5616 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:46:32.0226 5616 RasSstp - ok
14:46:32.0325 5616 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:46:32.0391 5616 rdbss - ok
14:46:32.0454 5616 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:46:32.0511 5616 RDPCDD - ok
14:46:32.0592 5616 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:46:32.0664 5616 rdpdr - ok
14:46:32.0700 5616 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:46:32.0762 5616 RDPENCDD - ok
14:46:32.0873 5616 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:46:32.0956 5616 RDPWD - ok
14:46:33.0021 5616 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:46:33.0125 5616 RemoteAccess - ok
14:46:33.0243 5616 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:46:33.0329 5616 RemoteRegistry - ok
14:46:33.0383 5616 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:46:33.0481 5616 RpcLocator - ok
14:46:33.0601 5616 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:46:33.0664 5616 RpcSs - ok
14:46:33.0726 5616 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:46:33.0785 5616 rspndr - ok
14:46:33.0898 5616 RTL8187B (5139a6c37c2d854e7b0ee6fa1f93ccda) C:\Windows\system32\DRIVERS\RTL8187B.sys
14:46:33.0965 5616 RTL8187B - ok
14:46:34.0029 5616 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
14:46:34.0052 5616 RtlProt - ok
14:46:34.0133 5616 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:46:34.0170 5616 SamSs - ok
14:46:34.0217 5616 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:46:34.0246 5616 sbp2port - ok
14:46:34.0309 5616 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:46:34.0362 5616 SCardSvr - ok
14:46:34.0479 5616 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:46:34.0584 5616 Schedule - ok
14:46:34.0686 5616 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:46:34.0774 5616 SCPolicySvc - ok
14:46:34.0974 5616 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
14:46:35.0017 5616 sdAuxService - ok
14:46:35.0155 5616 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
14:46:35.0246 5616 sdbus - ok
14:46:35.0471 5616 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
14:46:35.0596 5616 sdCoreService - ok
14:46:35.0691 5616 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:46:35.0775 5616 SDRSVC - ok
14:46:35.0877 5616 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:46:36.0000 5616 secdrv - ok
14:46:36.0047 5616 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:46:36.0106 5616 seclogon - ok
14:46:36.0208 5616 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
14:46:36.0260 5616 seehcri - ok
14:46:36.0358 5616 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:46:36.0439 5616 SENS - ok
14:46:36.0494 5616 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:46:36.0602 5616 Serenum - ok
14:46:36.0711 5616 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:46:36.0811 5616 Serial - ok
14:46:36.0847 5616 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:46:36.0891 5616 sermouse - ok
14:46:36.0947 5616 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:46:36.0999 5616 SessionEnv - ok
14:46:37.0099 5616 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:46:37.0174 5616 sffdisk - ok
14:46:37.0207 5616 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:46:37.0284 5616 sffp_mmc - ok
14:46:37.0383 5616 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:46:37.0451 5616 sffp_sd - ok
14:46:37.0491 5616 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:46:37.0591 5616 sfloppy - ok
14:46:37.0716 5616 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:46:37.0782 5616 SharedAccess - ok
14:46:37.0888 5616 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:46:37.0958 5616 ShellHWDetection - ok
14:46:38.0078 5616 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:46:38.0125 5616 sisagp - ok
14:46:38.0163 5616 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:46:38.0200 5616 SiSRaid2 - ok
14:46:38.0235 5616 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:46:38.0270 5616 SiSRaid4 - ok
14:46:38.0523 5616 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:46:39.0212 5616 slsvc - ok
14:46:39.0337 5616 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:46:39.0433 5616 SLUINotify - ok
14:46:39.0533 5616 SmartFaceVWatchSrv (3566310df25ea5c3b2e9f50f5b50eac1) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
14:46:39.0554 5616 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
14:46:39.0555 5616 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
14:46:39.0679 5616 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:46:39.0768 5616 Smb - ok
14:46:39.0846 5616 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:46:39.0886 5616 SNMPTRAP - ok
14:46:39.0982 5616 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:46:40.0010 5616 spldr - ok
14:46:40.0071 5616 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:46:40.0154 5616 Spooler - ok
14:46:40.0282 5616 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:46:40.0376 5616 srv - ok
14:46:40.0508 5616 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:46:40.0568 5616 srv2 - ok
14:46:40.0638 5616 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:46:40.0699 5616 srvnet - ok
14:46:40.0766 5616 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:46:40.0839 5616 SSDPSRV - ok
14:46:40.0910 5616 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:46:40.0926 5616 ssmdrv - ok
14:46:41.0001 5616 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:46:41.0038 5616 SstpSvc - ok
14:46:41.0127 5616 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:46:41.0177 5616 stisvc - ok
14:46:41.0258 5616 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:46:41.0274 5616 swenum - ok
14:46:41.0375 5616 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:46:41.0443 5616 swprv - ok
14:46:41.0523 5616 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:46:41.0559 5616 Symc8xx - ok
14:46:41.0868 5616 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:46:41.0912 5616 Sym_hi - ok
14:46:42.0005 5616 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:46:42.0038 5616 Sym_u3 - ok
14:46:42.0118 5616 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:46:42.0203 5616 SysMain - ok
14:46:42.0298 5616 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:46:42.0335 5616 TabletInputService - ok
14:46:42.0411 5616 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:46:42.0502 5616 TapiSrv - ok
14:46:42.0604 5616 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:46:42.0650 5616 TBS - ok
14:46:42.0727 5616 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:46:42.0804 5616 Tcpip - ok
14:46:43.0005 5616 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:46:43.0131 5616 Tcpip6 - ok
14:46:43.0267 5616 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:46:43.0355 5616 tcpipreg - ok
14:46:43.0468 5616 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:46:43.0550 5616 tdcmdpst - ok
14:46:43.0662 5616 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:46:43.0796 5616 TDPIPE - ok
14:46:43.0919 5616 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:46:44.0045 5616 TDTCP - ok
14:46:44.0110 5616 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:46:44.0200 5616 tdx - ok
14:46:44.0275 5616 TemproMonitoringService (24ea631fec13e87afe07a2b28732ef38) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
14:46:44.0304 5616 TemproMonitoringService - ok
14:46:44.0414 5616 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:46:44.0442 5616 TermDD - ok
14:46:44.0513 5616 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:46:44.0579 5616 TermService - ok
14:46:44.0675 5616 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:46:44.0713 5616 Themes - ok
14:46:44.0756 5616 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:46:44.0832 5616 THREADORDER - ok
14:46:44.0917 5616 TNaviSrv (b146492a882a25a2df1db4668fced6c8) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
14:46:44.0940 5616 TNaviSrv - ok
14:46:45.0043 5616 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
14:46:45.0072 5616 TODDSrv - ok
14:46:45.0155 5616 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
14:46:45.0212 5616 TosCoSrv - ok
14:46:45.0270 5616 TOSHIBA Bluetooth Service (8e10e654e354cf330ed75882769a0107) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
14:46:45.0294 5616 TOSHIBA Bluetooth Service - ok
14:46:45.0323 5616 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
14:46:45.0345 5616 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
14:46:45.0345 5616 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
14:46:45.0429 5616 Tosrfcom - ok
14:46:45.0489 5616 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
14:46:45.0548 5616 tosrfec - ok
14:46:45.0598 5616 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
14:46:45.0655 5616 tos_sps32 - ok
14:46:45.0773 5616 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:46:45.0917 5616 TrkWks - ok
14:46:46.0022 5616 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:46:46.0123 5616 TrustedInstaller - ok
14:46:46.0225 5616 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:46:46.0286 5616 tssecsrv - ok
14:46:46.0348 5616 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:46:46.0388 5616 tunmp - ok
14:46:46.0459 5616 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:46:46.0503 5616 tunnel - ok
14:46:46.0583 5616 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:46:46.0604 5616 TVALZ - ok
14:46:46.0668 5616 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:46:46.0693 5616 uagp35 - ok
14:46:46.0823 5616 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:46:46.0928 5616 udfs - ok
14:46:47.0057 5616 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:46:47.0155 5616 UI0Detect - ok
14:46:47.0243 5616 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
14:46:47.0275 5616 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
14:46:47.0275 5616 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
14:46:47.0384 5616 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:46:47.0414 5616 uliagpkx - ok
14:46:47.0459 5616 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:46:47.0500 5616 uliahci - ok
14:46:47.0543 5616 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:46:47.0576 5616 UlSata - ok
14:46:47.0686 5616 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:46:47.0728 5616 ulsata2 - ok
14:46:47.0763 5616 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:46:47.0868 5616 umbus - ok
14:46:47.0991 5616 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:46:48.0087 5616 upnphost - ok
14:46:48.0156 5616 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:46:48.0252 5616 usbccgp - ok
14:46:48.0338 5616 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:46:48.0485 5616 usbcir - ok
14:46:48.0558 5616 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:46:48.0605 5616 usbehci - ok
14:46:48.0699 5616 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:46:48.0777 5616 usbhub - ok
14:46:48.0815 5616 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:46:48.0867 5616 usbohci - ok
14:46:48.0967 5616 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:46:49.0076 5616 usbprint - ok
14:46:49.0130 5616 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:46:49.0187 5616 USBSTOR - ok
14:46:49.0296 5616 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:46:49.0387 5616 usbuhci - ok
14:46:49.0430 5616 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:46:49.0508 5616 usbvideo - ok
14:46:49.0608 5616 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
14:46:49.0635 5616 UVCFTR - ok
14:46:49.0701 5616 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:46:49.0750 5616 UxSms - ok
14:46:49.0878 5616 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:46:49.0987 5616 vds - ok
14:46:50.0043 5616 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:46:50.0155 5616 vga - ok
14:46:50.0244 5616 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:46:50.0345 5616 VgaSave - ok
14:46:50.0389 5616 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:46:50.0419 5616 viaagp - ok
14:46:50.0509 5616 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:46:50.0575 5616 ViaC7 - ok
14:46:50.0633 5616 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:46:50.0660 5616 viaide - ok
14:46:50.0708 5616 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:46:50.0728 5616 volmgr - ok
14:46:50.0853 5616 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:46:50.0885 5616 volmgrx - ok
14:46:50.0969 5616 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:46:51.0001 5616 volsnap - ok
14:46:51.0121 5616 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:46:51.0172 5616 vsmraid - ok
14:46:51.0260 5616 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:46:51.0372 5616 VSS - ok
14:46:51.0508 5616 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:46:51.0563 5616 W32Time - ok
14:46:51.0624 5616 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:46:51.0747 5616 WacomPen - ok
14:46:52.0139 5616 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:46:52.0231 5616 Wanarp - ok
14:46:52.0243 5616 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:46:52.0296 5616 Wanarpv6 - ok
14:46:52.0415 5616 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:46:52.0500 5616 wcncsvc - ok
14:46:52.0595 5616 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:46:52.0645 5616 WcsPlugInService - ok
14:46:52.0693 5616 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:46:52.0715 5616 Wd - ok
14:46:52.0857 5616 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:46:52.0899 5616 Wdf01000 - ok
14:46:52.0942 5616 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:46:53.0021 5616 WdiServiceHost - ok
14:46:53.0032 5616 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:46:53.0071 5616 WdiSystemHost - ok
14:46:53.0200 5616 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:46:53.0261 5616 WebClient - ok
14:46:53.0323 5616 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:46:53.0441 5616 Wecsvc - ok
14:46:53.0533 5616 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:46:53.0599 5616 wercplsupport - ok
14:46:53.0663 5616 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:46:53.0724 5616 WerSvc - ok
14:46:53.0867 5616 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:46:53.0966 5616 winachsf - ok
14:46:54.0057 5616 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:46:54.0096 5616 WinDefend - ok
14:46:54.0112 5616 WinHttpAutoProxySvc - ok
14:46:54.0259 5616 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:46:54.0335 5616 Winmgmt - ok
14:46:54.0441 5616 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:46:54.0623 5616 WinRM - ok
14:46:54.0762 5616 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:46:54.0833 5616 Wlansvc - ok
14:46:54.0954 5616 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:46:55.0035 5616 WmiAcpi - ok
14:46:55.0193 5616 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:46:55.0276 5616 wmiApSrv - ok
14:46:55.0402 5616 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:46:55.0543 5616 WMPNetworkSvc - ok
14:46:55.0658 5616 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:46:55.0767 5616 WPCSvc - ok
14:46:55.0887 5616 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:46:55.0981 5616 WPDBusEnum - ok
14:46:56.0099 5616 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:46:56.0168 5616 WpdUsb - ok
14:46:56.0353 5616 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:46:56.0443 5616 WPFFontCache_v0400 - ok
14:46:56.0555 5616 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:46:56.0618 5616 ws2ifsl - ok
14:46:56.0689 5616 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:46:56.0744 5616 wscsvc - ok
14:46:56.0819 5616 WSearch - ok
14:46:56.0954 5616 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:46:57.0149 5616 wuauserv - ok
14:46:57.0254 5616 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:46:57.0355 5616 WUDFRd - ok
14:46:57.0401 5616 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:46:57.0508 5616 wudfsvc - ok
14:46:57.0609 5616 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
14:46:57.0655 5616 XAudio - ok
14:46:57.0702 5616 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
14:46:57.0766 5616 XAudioService - ok
14:46:57.0895 5616 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
14:46:57.0985 5616 yukonwlh - ok
14:46:58.0043 5616 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:46:59.0022 5616 \Device\Harddisk0\DR0 - ok
14:46:59.0065 5616 Boot (0x1200) (96e7f834872d2e0e3ae57f0f7bff19b5) \Device\Harddisk0\DR0\Partition0
14:46:59.0069 5616 \Device\Harddisk0\DR0\Partition0 - ok
14:46:59.0098 5616 Boot (0x1200) (f594c1360451c2337f5b316771e93898) \Device\Harddisk0\DR0\Partition1
14:46:59.0103 5616 \Device\Harddisk0\DR0\Partition1 - ok
14:46:59.0108 5616 ============================================================
14:46:59.0108 5616 Scan finished
14:46:59.0108 5616 ============================================================
14:46:59.0159 4920 Detected object count: 8
14:46:59.0159 4920 Actual detected object count: 8
14:47:31.0295 4920 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:31.0296 4920 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:31.0298 4920 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:31.0298 4920 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:31.0301 4920 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:31.0301 4920 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:31.0305 4920 o2flash ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:31.0305 4920 o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:31.0306 4920 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:31.0306 4920 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:31.0309 4920 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:31.0309 4920 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:31.0312 4920 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:31.0312 4920 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:31.0315 4920 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:31.0315 4920 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.03.2012, 14:05
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | files indexation process failed Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 16:07
| #15 |
| | files indexation process failed [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-03-27.02 - Yvonne 27.03.2012 15:16:48.1.2 - x86
ausgeführt von:: c:\users\Yvonne\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Yvonne\4.0
c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Yvonne\Favorites\mxfilerelatedcache.mxc2
c:\windows\IsUn0407.exe
c:\windows\system32\DC120fc7_32.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-27 bis 2012-03-27 ))))))))))))))))))))))))))))))
.
.
2012-03-27 13:56 . 2012-03-27 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 11:47 . 2012-03-20 01:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E51DEF16-524A-4F67-8EF5-D0A3A85FA60A}\mpengine.dll
2012-03-26 19:58 . 2012-03-26 19:58 -------- d-----w- C:\_OTL
2012-03-25 20:37 . 2012-02-23 07:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-25 13:32 . 2012-03-25 13:32 -------- d-----w- c:\program files\ESET
2012-03-21 17:12 . 2012-03-21 17:12 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Malwarebytes
2012-03-21 17:11 . 2012-03-21 17:11 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 17:11 . 2012-03-21 17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-21 17:11 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 23:23 . 2012-03-20 23:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-20 22:42 . 2011-09-28 12:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-20 22:42 . 2012-02-17 14:08 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-20 22:42 . 2012-02-17 14:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-20 22:32 . 2012-03-20 22:38 -------- d--h--w- c:\programdata\PC Tools
2012-03-20 22:32 . 2012-03-20 22:32 -------- d--h--w- c:\users\Yvonne\AppData\Roaming\TestApp
2012-03-18 03:39 . 2012-03-18 03:39 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 03:39 . 2012-03-18 03:39 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 10:43 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 10:43 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 10:43 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 10:43 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 10:43 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 10:43 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 10:42 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 10:42 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 10:42 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-08 16:04 . 2012-03-08 16:04 -------- d--h--w- c:\users\Yvonne\AppData\Local\AskToolbar
2012-03-01 05:56 . 2012-03-01 05:56 -------- d--h--w- c:\programdata\WindowsSearch
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 13:04 . 2011-05-27 07:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 21:26 . 2011-11-15 22:07 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-18 03:39 . 2011-04-30 08:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-24 21:04 . 2009-12-09 19:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ---ha-w- c:\users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ---ha-w- c:\users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ---ha-w- c:\users\Yvonne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-29 430080]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-06 366400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-24 30192]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-03-25 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-02 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\14665439.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 07192722
*Deregistered* - 07192722
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 08:24]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 08:24]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426209709-3695512336-22860695-1000Core.job
- c:\users\Yvonne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-26 17:45]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426209709-3695512336-22860695-1000UA.job
- c:\users\Yvonne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-26 17:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\7jrxiww7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-Toshiba TEMPO - c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-27 15:56
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????????X???X?[???[???[???[?
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-03-27 16:05:00
ComboFix-quarantined-files.txt 2012-03-27 14:04
.
Vor Suchlauf: 6 Verzeichnis(se), 53.365.579.776 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 52.951.425.024 Bytes frei
.
- - End Of File - - 114EB16D529C0AE23D66021BAFC97C4F
|
|
| Themen zu files indexation process failed |
| acrobat update, avira searchfree toolbar, befolgt, besserung, bli, blink, desktop, desktop leer, device driver, drive, failed, fehlermeldungen, files, folge, folgende, google earth, laufen, leer, lockedfile.multi.generic, malwarebytes, meldungen, menge, nicht mehr, picasa, plug-in, problem, process, rootkit, schwarz, security scan, seite, startmenü, systemwiederherstellung, usb 2.0, virus |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
