| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GMX Account verschickt SpammailsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.05.2012, 11:26
| #1 |
 |  GMX Account verschickt Spammails Hallo! Hab mich ein bisschen jetzt im Forum umgesehen und hoffe, dass ihr mir helfen könnt. Heute um 7 Uhr früh verschickte mein GMX account Spammails an meine Kontakte; hab jetzt mal einen Scan mit Malwarebytes gemacht, das ist der report Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.01.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Teresa :: TERESA-PC [Administrator] 01.05.2012 11:16:40 mbam-log-2012-05-01 (11-16-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215119 Laufzeit: 42 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Teresa\Downloads\SoftonicDownloader_fuer_idump(1).exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Teresa\Downloads\SoftonicDownloader_fuer_idump.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) wie muss ich jetzt weitervorgehen? Danke für jegliche Hilfe schon im Vorhinein!! achja, passwort bei meinem account hab ich schon geändert, und das war mein erster scan mit malewarebytes achja, passwort hab ich bei meinem account schon geändert und das ist mein erster scan mit malwarebytes! Bin mir sicher, dass die Mails von meinem Account verschickt wurden, da ich die zwei gesendeten Mails in meinem gelöscht Ordner gefunden habe, draufgekommen bin ich mir nur über eine failer demon meldung |
|
01.05.2012, 16:54
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GMX Account verschickt Spammails Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
01.05.2012, 22:27
| #3 |
| | GMX Account verschickt SpammailsCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e1f1a963f9ae60428ef8482faac54f5a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-01 09:20:24
# local_time=2012-05-01 11:20:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 105713 110791341 21641 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 12208 173423905 0 0
# compatibility_mode=8192 67108863 100 0 306 306 0 0
# scanned=209632
# found=2
# cleaned=0
# scan_time=16047
C:\Users\Teresa\AppData\Local\Temp\jar_cache63826.tmp multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Teresa\Downloads\installer-8773-32-mp3DirectCut-Deutsch.exe a variant of Win32/Downloader.Ircfast application (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.01.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Teresa :: TERESA-PC [Administrator] 01.05.2012 11:16:40 mbam-log-2012-05-01 (11-16-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215119 Laufzeit: 42 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Teresa\Downloads\SoftonicDownloader_fuer_idump(1).exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Teresa\Downloads\SoftonicDownloader_fuer_idump.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.01.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Teresa :: TERESA-PC [Administrator] 01.05.2012 14:44:36 mbam-log-2012-05-01 (14-44-36).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 413680 Laufzeit: 3 Stunde(n), 54 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
02.05.2012, 13:46
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX Account verschickt SpammailsZitat:
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.05.2012, 17:07
| #5 |
| | GMX Account verschickt Spammails zu 1) es läuft eigentlich alles ganz normal zu 2) nein, es fehlt nichts, und es finden sich auch keine leeren Ordner; nix da was nicht hingehört LG |
|
02.05.2012, 18:49
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX Account verschickt Spammails Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> GMX Account verschickt Spammails |
|
03.05.2012, 09:04
| #7 |
| | GMX Account verschickt Spammails OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.05.2012 09:17:06 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Teresa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,81% Memory free 4,22 Gb Paging File | 3,22 Gb Available in Paging File | 76,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,74 Gb Total Space | 12,63 Gb Free Space | 9,04% Space Free | Partition Type: NTFS Computer Name: TERESA-PC | User Name: Teresa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.03 09:13:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Teresa\Desktop\OTL.exe PRC - [2011.11.03 11:20:06 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe PRC - [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.08.01 05:32:10 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.06.28 21:33:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.28 23:29:52 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.20 10:50:48 | 002,848,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe PRC - [2010.11.03 19:56:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.03.05 17:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008.01.25 15:26:00 | 000,253,976 | ---- | M] (Telekom Austria TA AG) -- C:\Program Files\aon\OnlineFestplatte\OnlineFestplatte.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.06.15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe PRC - [2007.02.13 16:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe PRC - [2007.02.13 16:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.02.09 11:54:42 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.01.22 21:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe PRC - [2007.01.12 07:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe PRC - [2007.01.12 07:52:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe PRC - [2007.01.12 07:52:23 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe PRC - [2006.11.28 20:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2006.11.28 20:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2006.11.28 20:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2005.06.23 21:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ========== Modules (No Company Name) ========== MOD - [2012.04.12 00:26:57 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aceee343625b7f4576e6d48fb91977e3\PresentationFramework.ni.dll MOD - [2012.04.12 00:26:10 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5eb81f84116fecd08f3acf0603204457\PresentationCore.ni.dll MOD - [2012.04.12 00:26:00 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33d45f88d59de3b84f2ed79095e29f41\System.Windows.Forms.ni.dll MOD - [2012.04.12 00:25:37 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8729094857a3f3185deec237ef30b087\WindowsBase.ni.dll MOD - [2012.04.12 00:25:32 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5654b44c3d45f7863f6d3d218a87967a\System.Drawing.ni.dll MOD - [2012.03.05 00:07:37 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll MOD - [2012.03.03 12:14:06 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll MOD - [2012.03.03 12:13:40 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll MOD - [2012.03.01 17:49:14 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll MOD - [2012.03.01 17:48:59 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll MOD - [2012.03.01 17:48:49 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll MOD - [2012.03.01 17:48:32 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll MOD - [2012.03.01 17:48:10 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll MOD - [2011.08.16 12:49:01 | 000,115,137 | ---- | M] () -- C:\Users\Teresa\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll MOD - [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.03.05 17:32:36 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.03.05 17:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2007.06.26 09:55:00 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012.04.14 16:09:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.06.28 21:33:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 23:29:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.02.13 16:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.01.24 16:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007.01.24 16:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007.01.16 14:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.01.16 14:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) SRV - [2007.01.16 14:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.10 11:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2007.01.08 17:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) SRV - [2007.01.08 17:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2007.01.08 17:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.11.28 20:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2006.11.28 20:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2006.11.28 20:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011.07.20 09:45:52 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.07.20 09:45:52 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.07.20 09:45:52 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV - [2011.07.20 09:45:52 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.07.20 09:45:52 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2011.06.28 21:33:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 21:33:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.18 07:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.02.08 05:53:57 | 000,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.02.06 07:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2007.01.24 12:28:35 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.01.12 07:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.01.10 13:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.10.18 12:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\..\SearchScopes,DefaultScope = {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} IE - HKLM\..\SearchScopes\{47A69BFA-63EF-41C2-B09F-7F84F19B5FDF}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/vbc IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\SearchScopes,DefaultScope = {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\SearchScopes\{47A69BFA-63EF-41C2-B09F-7F84F19B5FDF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.17.3: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=5.2.5.48: C:\Program Files\Musicnotes\npsibelius.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 19:18:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.03 11:59:33 | 000,000,000 | ---D | M] [2008.09.17 20:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Teresa\AppData\Roaming\mozilla\Extensions [2012.05.03 09:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions [2010.05.14 20:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.03.29 12:56:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.04.16 17:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Teresa\AppData\Roaming\mozilla\Sunbird\Profiles\s9ruia50.default\extensions [2008.11.14 11:52:36 | 000,000,509 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\exalead.xml [2012.04.29 19:58:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-1.xml [2009.03.21 10:34:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-10.xml [2009.03.30 14:49:04 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-11.xml [2009.05.05 00:26:43 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-12.xml [2009.06.15 14:01:51 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-13.xml [2009.07.29 10:10:06 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-14.xml [2009.07.29 21:22:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-15.xml [2009.10.08 17:42:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-16.xml [2009.10.28 14:38:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-17.xml [2009.12.17 14:04:03 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-18.xml [2010.01.07 14:58:13 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-19.xml [2008.04.02 17:44:08 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-2.xml [2010.02.18 18:52:01 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-20.xml [2010.03.21 13:48:51 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-21.xml [2010.03.24 18:07:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-22.xml [2010.04.09 09:11:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-23.xml [2010.06.23 23:10:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-24.xml [2010.06.27 20:16:49 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-25.xml [2010.08.19 16:45:26 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-26.xml [2010.09.08 22:11:02 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-27.xml [2010.09.17 15:18:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-28.xml [2010.10.25 17:00:19 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-29.xml [2008.04.19 18:32:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-3.xml [2010.10.28 13:12:48 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-30.xml [2010.12.10 15:20:30 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-31.xml [2011.03.02 11:40:10 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-32.xml [2011.03.06 02:36:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-33.xml [2011.03.24 01:15:38 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-34.xml [2011.04.30 15:33:36 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-35.xml [2011.04.30 15:37:58 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-36.xml [2011.06.22 20:38:18 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-37.xml [2008.06.19 09:18:52 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-4.xml [2008.09.12 20:42:44 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-5.xml [2008.10.03 10:28:27 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-6.xml [2008.11.15 15:43:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-7.xml [2008.12.19 00:03:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-8.xml [2009.02.06 12:48:44 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-9.xml [2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin.xml [2012.03.22 19:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.03.22 19:18:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.01 17:39:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.16 13:42:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 13:42:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:42:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:42:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:42:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:42:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003..\Run: [OnlineFestplatte] C:\Program Files\aon\Onlinefestplatte\OnlineFestplatte.exe (Telekom Austria TA AG) O7 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - hxxp://-Web.Washer-/ie_add File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75150A78-C350-47D0-A029-3EEC5D8DD586}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vsmon - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.03 09:13:16 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Teresa\Desktop\OTL.exe [2012.05.01 18:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.01 11:10:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Malwarebytes [2012.05.01 11:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.01 11:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.01 11:09:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.01 11:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.03 09:13:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Teresa\Desktop\OTL.exe [2012.05.03 09:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.03 09:02:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.03 09:01:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.03 08:59:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.03 08:59:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.03 08:58:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.03 08:58:32 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys [2012.05.01 11:09:29 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.19 11:57:51 | 000,002,623 | ---- | M] () -- C:\Users\Teresa\Desktop\Microsoft Word.lnk [2012.04.12 00:23:28 | 000,698,920 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.12 00:23:28 | 000,654,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.12 00:23:28 | 000,156,436 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.12 00:23:28 | 000,127,372 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.01 11:09:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.10 21:52:54 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.01.13 00:45:05 | 000,036,468 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.05.26 15:09:06 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat ========== LOP Check ========== [2010.11.30 19:13:39 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\CheckPoint [2009.12.18 15:59:05 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\flightgear.org [2011.05.31 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\gtk-2.0 [2009.10.18 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\HappyFoto [2008.06.16 13:56:09 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\ICQ [2007.10.15 10:40:31 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\ICQ Toolbar [2011.08.29 00:46:47 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Image Zone Express [2009.03.29 17:08:34 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\InterVideo [2010.01.21 20:43:44 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2008.03.28 00:10:18 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\mquadr.at [2008.09.09 22:04:29 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Printer Info Cache [2011.05.16 21:14:44 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Samsung [2009.11.14 19:24:07 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\SharePod [2009.04.26 12:44:56 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\SignaturUmgebung [2012.03.06 19:35:24 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Spotify [2008.04.16 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Template [2012.05.02 18:20:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.11.12 11:24:42 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Adobe [2010.06.22 17:03:59 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Apple Computer [2010.04.16 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Avira [2010.11.30 19:13:39 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\CheckPoint [2010.03.20 18:27:10 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\DivX [2009.12.18 15:59:05 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\flightgear.org [2007.10.14 15:44:25 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Google [2011.05.31 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\gtk-2.0 [2009.10.18 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\HappyFoto [2008.11.06 18:48:39 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\HP [2012.03.01 22:27:19 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\HpUpdate [2008.06.16 13:56:09 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\ICQ [2007.10.15 10:40:31 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\ICQ Toolbar [2007.02.26 12:15:52 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Identities [2011.08.29 00:46:47 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Image Zone Express [2007.10.12 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\InstallShield [2009.03.29 17:08:34 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\InterVideo [2007.02.26 18:07:38 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Macromedia [2012.05.01 11:10:06 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Media Center Programs [2010.01.21 20:43:44 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2011.05.16 21:57:04 | 000,000,000 | --SD | M] -- C:\Users\Teresa\AppData\Roaming\Microsoft [2008.09.17 20:31:20 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Mozilla [2008.03.28 00:10:18 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\mquadr.at [2008.09.09 22:04:29 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Printer Info Cache [2011.05.16 21:14:44 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Samsung [2009.11.14 19:24:07 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\SharePod [2009.10.27 17:04:30 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Sibelius Software [2009.04.26 12:44:56 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\SignaturUmgebung [2011.07.29 20:46:51 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Skype [2011.07.29 19:55:15 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\skypePM [2007.11.15 21:53:45 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Sony Corporation [2012.03.06 19:35:24 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Spotify [2008.04.16 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Talkback [2008.04.16 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Template [2011.10.02 19:45:39 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\U3 [2008.09.23 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.08.16 12:38:59 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe [2011.04.29 01:24:06 | 000,934,800 | ---- | M] (Samsung) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2011.04.29 01:24:10 | 000,278,928 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2011.04.29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2011.04.27 14:19:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2011.04.27 14:19:58 | 000,283,136 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2011.04.27 14:19:58 | 000,659,456 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2011.04.27 14:19:58 | 000,107,008 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\HSPConnection.exe [2011.04.29 01:24:14 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2011.04.29 01:24:16 | 000,131,984 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2011.04.29 01:24:22 | 004,661,464 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2011.04.27 14:19:26 | 020,636,968 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2011.04.29 01:24:24 | 000,360,336 | ---- | M] (ml) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe [2011.08.01 05:32:24 | 000,362,384 | ---- | M] (ml) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe [2012.02.10 00:00:44 | 004,009,648 | ---- | M] (Spotify Ltd) -- C:\Users\Teresa\AppData\Roaming\Spotify\spotify.exe [2011.11.16 12:06:03 | 000,090,044 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Spotify\Uninstall.exe [2006.12.14 10:00:02 | 000,110,592 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\U3\temp\cleanup.exe [2007.02.12 17:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Users\Teresa\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.16 14:37:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.16 14:37:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.16 14:37:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.10.13 14:29:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.10.13 14:29:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.02.26 21:02:21 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.02.26 21:02:19 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.02.26 21:02:21 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.02.26 21:02:31 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.02.26 21:02:34 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
03.05.2012, 18:38
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX Account verschickt Spammails Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found
[2010.05.14 20:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.29 12:56:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.04.16 17:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Teresa\AppData\Roaming\mozilla\Sunbird\Profiles\s9ruia50.default\extensions
[2008.11.14 11:52:36 | 000,000,509 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\exalead.xml
[2012.04.29 19:58:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-1.xml
[2009.03.21 10:34:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-10.xml
[2009.03.30 14:49:04 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-11.xml
[2009.05.05 00:26:43 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-12.xml
[2009.06.15 14:01:51 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-13.xml
[2009.07.29 10:10:06 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-14.xml
[2009.07.29 21:22:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-15.xml
[2009.10.08 17:42:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-16.xml
[2009.10.28 14:38:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-17.xml
[2009.12.17 14:04:03 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-18.xml
[2010.01.07 14:58:13 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-19.xml
[2008.04.02 17:44:08 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-2.xml
[2010.02.18 18:52:01 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-20.xml
[2010.03.21 13:48:51 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-21.xml
[2010.03.24 18:07:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-22.xml
[2010.04.09 09:11:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-23.xml
[2010.06.23 23:10:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-24.xml
[2010.06.27 20:16:49 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-25.xml
[2010.08.19 16:45:26 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-26.xml
[2010.09.08 22:11:02 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-27.xml
[2010.09.17 15:18:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-28.xml
[2010.10.25 17:00:19 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-29.xml
[2008.04.19 18:32:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-3.xml
[2010.10.28 13:12:48 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-30.xml
[2010.12.10 15:20:30 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-31.xml
[2011.03.02 11:40:10 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-32.xml
[2011.03.06 02:36:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-33.xml
[2011.03.24 01:15:38 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-34.xml
[2011.04.30 15:33:36 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-35.xml
[2011.04.30 15:37:58 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-36.xml
[2011.06.22 20:38:18 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-37.xml
[2008.06.19 09:18:52 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-4.xml
[2008.09.12 20:42:44 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-5.xml
[2008.10.03 10:28:27 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-6.xml
[2008.11.15 15:43:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-7.xml
[2008.12.19 00:03:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-8.xml
[2009.02.06 12:48:44 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-9.xml
[2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin.xml
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
:Files
C:\Users\Teresa\AppData\Roaming\CheckPoint
C:\Users\Teresa\AppData\Roaming\ICQ Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2012, 20:31
| #9 |
| | GMX Account verschickt SpammailsCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
Folder C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Users\Teresa\AppData\Roaming\mozilla\Sunbird\Profiles\s9ruia50.default\extensions\ not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\exalead.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-10.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-11.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-12.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-13.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-14.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-15.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-16.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-17.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-18.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-19.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-20.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-21.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-22.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-23.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-24.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-25.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-26.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-27.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-28.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-29.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-30.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-31.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-32.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-33.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-34.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-35.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-36.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-37.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
File C:\PROGRA~1\GOOGLE~1\BAE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-2997398748-1152511716-2951032985-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Zur Filterliste hinzufügen (WebWasher)\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\Autorun.exe not found.
========== FILES ==========
File\Folder C:\Users\Teresa\AppData\Roaming\CheckPoint not found.
File\Folder C:\Users\Teresa\AppData\Roaming\ICQ Toolbar not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
User: Kerstin
User: Public
User: Teresa
->Temp folder emptied: 354949 bytes
->Temporary Internet Files folder emptied: 67265 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6830902 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9871057875 bytes
RecycleBin emptied: 959673 bytes
Total Files Cleaned = 9.422,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
User: Kerstin
User: Public
User: Teresa
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.2 log created on 05032012_212145
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
04.05.2012, 10:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX Account verschickt Spammails Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2012, 13:03
| #11 |
| | GMX Account verschickt SpammailsCode:
ATTFilter 13:53:48.0242 5704 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:53:48.0625 5704 ============================================================
13:53:48.0626 5704 Current date / time: 2012/05/04 13:53:48.0625
13:53:48.0626 5704 SystemInfo:
13:53:48.0626 5704
13:53:48.0626 5704 OS Version: 6.0.6002 ServicePack: 2.0
13:53:48.0626 5704 Product type: Workstation
13:53:48.0626 5704 ComputerName: TERESA-PC
13:53:48.0627 5704 UserName: Teresa
13:53:48.0627 5704 Windows directory: C:\Windows
13:53:48.0627 5704 System windows directory: C:\Windows
13:53:48.0627 5704 Processor architecture: Intel x86
13:53:48.0627 5704 Number of processors: 2
13:53:48.0627 5704 Page size: 0x1000
13:53:48.0627 5704 Boot type: Normal boot
13:53:48.0627 5704 ============================================================
13:53:50.0923 5704 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:53:50.0932 5704 ============================================================
13:53:50.0932 5704 \Device\Harddisk0\DR0:
13:53:50.0933 5704 MBR partitions:
13:53:50.0933 5704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x12A0800, BlocksNum 0x11778EB0
13:53:50.0933 5704 ============================================================
13:53:50.0967 5704 C: <-> \Device\Harddisk0\DR0\Partition0
13:53:50.0968 5704 ============================================================
13:53:50.0968 5704 Initialize success
13:53:50.0968 5704 ============================================================
13:55:01.0243 2120 ============================================================
13:55:01.0243 2120 Scan started
13:55:01.0243 2120 Mode: Manual; SigCheck; TDLFS;
13:55:01.0244 2120 ============================================================
13:55:01.0681 2120 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:55:01.0999 2120 ACPI - ok
13:55:02.0349 2120 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:55:02.0387 2120 AdobeFlashPlayerUpdateSvc - ok
13:55:02.0458 2120 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:55:02.0518 2120 adp94xx - ok
13:55:02.0572 2120 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:55:02.0618 2120 adpahci - ok
13:55:02.0650 2120 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:55:02.0685 2120 adpu160m - ok
13:55:02.0713 2120 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:55:02.0751 2120 adpu320 - ok
13:55:02.0800 2120 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:55:02.0949 2120 AeLookupSvc - ok
13:55:03.0041 2120 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:55:03.0143 2120 AFD - ok
13:55:03.0201 2120 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:55:03.0234 2120 agp440 - ok
13:55:03.0277 2120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:55:03.0311 2120 aic78xx - ok
13:55:03.0349 2120 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:55:03.0617 2120 ALG - ok
13:55:03.0644 2120 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:55:03.0674 2120 aliide - ok
13:55:03.0717 2120 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:55:03.0751 2120 amdagp - ok
13:55:03.0769 2120 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:55:03.0800 2120 amdide - ok
13:55:03.0823 2120 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:55:04.0095 2120 AmdK7 - ok
13:55:04.0119 2120 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:55:04.0277 2120 AmdK8 - ok
13:55:04.0337 2120 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
13:55:04.0470 2120 androidusb - ok
13:55:04.0712 2120 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:55:04.0741 2120 AntiVirSchedulerService - ok
13:55:04.0798 2120 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:55:04.0830 2120 AntiVirService - ok
13:55:04.0909 2120 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:55:04.0984 2120 ApfiltrService - ok
13:55:05.0060 2120 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:55:05.0134 2120 Appinfo - ok
13:55:05.0274 2120 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:55:05.0303 2120 Apple Mobile Device - ok
13:55:05.0353 2120 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:55:05.0386 2120 arc - ok
13:55:05.0426 2120 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:55:05.0460 2120 arcsas - ok
13:55:05.0533 2120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:55:05.0645 2120 AsyncMac - ok
13:55:05.0682 2120 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:55:05.0716 2120 atapi - ok
13:55:05.0868 2120 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys
13:55:06.0017 2120 athr - ok
13:55:06.0137 2120 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:55:06.0212 2120 AudioEndpointBuilder - ok
13:55:06.0226 2120 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:55:06.0293 2120 Audiosrv - ok
13:55:06.0480 2120 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
13:55:06.0501 2120 avgio - ok
13:55:06.0582 2120 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
13:55:06.0616 2120 avgntflt - ok
13:55:06.0656 2120 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
13:55:06.0685 2120 avipbb - ok
13:55:06.0759 2120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:55:06.0856 2120 Beep - ok
13:55:06.0938 2120 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:55:07.0038 2120 BFE - ok
13:55:07.0143 2120 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:55:07.0259 2120 BITS - ok
13:55:07.0268 2120 blbdrive - ok
13:55:07.0566 2120 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:55:07.0611 2120 Bonjour Service - ok
13:55:07.0662 2120 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:55:07.0733 2120 bowser - ok
13:55:07.0777 2120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:55:07.0833 2120 BrFiltLo - ok
13:55:07.0847 2120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:55:07.0933 2120 BrFiltUp - ok
13:55:07.0983 2120 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:55:08.0082 2120 Browser - ok
13:55:08.0108 2120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:55:08.0272 2120 Brserid - ok
13:55:08.0298 2120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:55:08.0447 2120 BrSerWdm - ok
13:55:08.0472 2120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:55:08.0622 2120 BrUsbMdm - ok
13:55:08.0643 2120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:55:08.0771 2120 BrUsbSer - ok
13:55:08.0812 2120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:55:08.0944 2120 BTHMODEM - ok
13:55:09.0033 2120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:55:09.0132 2120 cdfs - ok
13:55:09.0174 2120 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:55:09.0259 2120 cdrom - ok
13:55:09.0322 2120 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:55:09.0399 2120 CertPropSvc - ok
13:55:09.0448 2120 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:55:09.0594 2120 circlass - ok
13:55:09.0707 2120 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:55:09.0755 2120 CLFS - ok
13:55:09.0840 2120 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:55:09.0873 2120 clr_optimization_v2.0.50727_32 - ok
13:55:10.0341 2120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:55:10.0374 2120 clr_optimization_v4.0.30319_32 - ok
13:55:10.0521 2120 CLTNetCnService - ok
13:55:10.0593 2120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:55:10.0689 2120 CmBatt - ok
13:55:10.0734 2120 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:55:10.0765 2120 cmdide - ok
13:55:10.0775 2120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:55:10.0808 2120 Compbatt - ok
13:55:10.0817 2120 COMSysApp - ok
13:55:10.0832 2120 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:55:10.0864 2120 crcdisk - ok
13:55:10.0893 2120 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:55:11.0048 2120 Crusoe - ok
13:55:11.0118 2120 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:55:11.0193 2120 CryptSvc - ok
13:55:11.0285 2120 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:55:11.0437 2120 DcomLaunch - ok
13:55:11.0487 2120 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:55:11.0561 2120 DfsC - ok
13:55:11.0760 2120 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:55:11.0946 2120 DFSR - ok
13:55:12.0116 2120 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:55:12.0190 2120 Dhcp - ok
13:55:12.0286 2120 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:55:12.0322 2120 disk - ok
13:55:12.0352 2120 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
13:55:12.0378 2120 DMICall - ok
13:55:12.0445 2120 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:55:12.0495 2120 Dnscache - ok
13:55:12.0539 2120 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:55:12.0624 2120 dot3svc - ok
13:55:12.0694 2120 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:55:12.0792 2120 Dot4 - ok
13:55:12.0842 2120 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:55:12.0932 2120 Dot4Print - ok
13:55:12.0956 2120 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:55:13.0048 2120 dot4usb - ok
13:55:13.0122 2120 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:55:13.0242 2120 DPS - ok
13:55:13.0293 2120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:55:13.0374 2120 drmkaud - ok
13:55:13.0454 2120 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:55:13.0524 2120 DXGKrnl - ok
13:55:13.0612 2120 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:55:13.0756 2120 E1G60 - ok
13:55:13.0827 2120 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:55:13.0911 2120 EapHost - ok
13:55:13.0985 2120 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:55:14.0026 2120 Ecache - ok
13:55:14.0114 2120 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:55:14.0177 2120 ehRecvr - ok
13:55:14.0248 2120 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:55:14.0321 2120 ehSched - ok
13:55:14.0346 2120 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:55:14.0401 2120 ehstart - ok
13:55:14.0480 2120 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:55:14.0527 2120 elxstor - ok
13:55:14.0611 2120 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:55:14.0720 2120 EMDMgmt - ok
13:55:14.0786 2120 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:55:14.0888 2120 EventSystem - ok
13:55:14.0986 2120 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:55:15.0065 2120 exfat - ok
13:55:15.0122 2120 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:55:15.0201 2120 fastfat - ok
13:55:15.0253 2120 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:55:15.0404 2120 fdc - ok
13:55:15.0449 2120 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:55:15.0556 2120 fdPHost - ok
13:55:15.0597 2120 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:55:15.0741 2120 FDResPub - ok
13:55:15.0815 2120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:55:15.0851 2120 FileInfo - ok
13:55:15.0900 2120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:55:15.0988 2120 Filetrace - ok
13:55:16.0041 2120 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:55:16.0187 2120 flpydisk - ok
13:55:16.0630 2120 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:55:16.0674 2120 FltMgr - ok
13:55:16.0804 2120 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:55:16.0959 2120 FontCache - ok
13:55:17.0066 2120 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:55:17.0097 2120 FontCache3.0.0.0 - ok
13:55:17.0165 2120 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:55:17.0236 2120 Fs_Rec - ok
13:55:17.0274 2120 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:55:17.0306 2120 gagp30kx - ok
13:55:17.0360 2120 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:55:17.0385 2120 GEARAspiWDM - ok
13:55:17.0515 2120 GoogleDesktopManager-061008-081103 (6542dc2e93bce4d4289fa70a4d367dc2) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
13:55:17.0540 2120 GoogleDesktopManager-061008-081103 - ok
13:55:17.0641 2120 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:55:17.0743 2120 gpsvc - ok
13:55:17.0849 2120 gupdate1c9b22b9c050ae8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:55:17.0878 2120 gupdate1c9b22b9c050ae8 - ok
13:55:17.0899 2120 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:55:17.0928 2120 gupdatem - ok
13:55:17.0993 2120 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:55:18.0023 2120 gusvc - ok
13:55:18.0084 2120 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:55:18.0238 2120 HdAudAddService - ok
13:55:18.0314 2120 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:55:18.0470 2120 HDAudBus - ok
13:55:18.0503 2120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:55:18.0657 2120 HidBth - ok
13:55:18.0710 2120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:55:18.0854 2120 HidIr - ok
13:55:18.0913 2120 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
13:55:18.0993 2120 hidserv - ok
13:55:19.0036 2120 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:55:19.0111 2120 HidUsb - ok
13:55:19.0158 2120 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:55:19.0249 2120 hkmsvc - ok
13:55:19.0298 2120 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:55:19.0329 2120 HpCISSs - ok
13:55:19.0611 2120 hpqcxs08 (e4e285a3766b4a57401feeaf66cb07b5) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:55:19.0627 2120 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:55:19.0628 2120 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:55:19.0724 2120 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:55:19.0752 2120 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:55:19.0752 2120 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:55:19.0873 2120 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:55:19.0982 2120 HSF_DPV - ok
13:55:20.0046 2120 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:55:20.0103 2120 HSXHWAZL - ok
13:55:20.0172 2120 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:55:20.0295 2120 HTTP - ok
13:55:20.0338 2120 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:55:20.0370 2120 i2omp - ok
13:55:20.0436 2120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:55:20.0510 2120 i8042prt - ok
13:55:20.0571 2120 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:55:20.0612 2120 iaStorV - ok
13:55:20.0850 2120 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:55:20.0888 2120 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:55:20.0888 2120 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:55:21.0054 2120 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:55:21.0176 2120 idsvc - ok
13:55:21.0439 2120 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:55:21.0611 2120 igfx - ok
13:55:21.0770 2120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:55:21.0801 2120 iirsp - ok
13:55:21.0870 2120 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:55:21.0978 2120 IKEEXT - ok
13:55:22.0157 2120 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
13:55:22.0305 2120 IntcAzAudAddService - ok
13:55:22.0465 2120 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
13:55:22.0496 2120 intelide - ok
13:55:22.0559 2120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:55:22.0654 2120 intelppm - ok
13:55:22.0711 2120 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:55:22.0789 2120 IPBusEnum - ok
13:55:22.0844 2120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:55:22.0937 2120 IpFilterDriver - ok
13:55:23.0014 2120 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:55:23.0096 2120 iphlpsvc - ok
13:55:23.0114 2120 IpInIp - ok
13:55:23.0163 2120 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:55:23.0315 2120 IPMIDRV - ok
13:55:23.0365 2120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:55:23.0462 2120 IPNAT - ok
13:55:23.0594 2120 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:55:23.0698 2120 iPod Service - ok
13:55:23.0747 2120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:55:23.0832 2120 IRENUM - ok
13:55:23.0870 2120 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:55:23.0903 2120 isapnp - ok
13:55:23.0948 2120 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:55:23.0990 2120 iScsiPrt - ok
13:55:24.0015 2120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:55:24.0047 2120 iteatapi - ok
13:55:24.0085 2120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:55:24.0118 2120 iteraid - ok
13:55:24.0177 2120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:55:24.0213 2120 kbdclass - ok
13:55:24.0230 2120 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
13:55:24.0376 2120 kbdhid - ok
13:55:24.0466 2120 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:55:24.0544 2120 KeyIso - ok
13:55:24.0600 2120 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:55:24.0660 2120 KSecDD - ok
13:55:24.0743 2120 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:55:24.0854 2120 KtmRm - ok
13:55:24.0916 2120 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
13:55:25.0009 2120 LanmanServer - ok
13:55:25.0050 2120 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:55:25.0123 2120 LanmanWorkstation - ok
13:55:25.0288 2120 LiveUpdate Notice Ex - ok
13:55:25.0405 2120 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
13:55:25.0480 2120 LiveUpdate Notice Service - ok
13:55:25.0560 2120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:55:25.0650 2120 lltdio - ok
13:55:25.0717 2120 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:55:25.0817 2120 lltdsvc - ok
13:55:25.0844 2120 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:55:26.0001 2120 lmhosts - ok
13:55:26.0357 2120 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:55:26.0393 2120 LSI_FC - ok
13:55:26.0448 2120 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:55:26.0483 2120 LSI_SAS - ok
13:55:26.0522 2120 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:55:26.0557 2120 LSI_SCSI - ok
13:55:26.0634 2120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:55:26.0737 2120 luafv - ok
13:55:26.0786 2120 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:55:26.0848 2120 Mcx2Svc - ok
13:55:27.0061 2120 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:55:27.0104 2120 MDM - ok
13:55:27.0133 2120 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:55:27.0177 2120 mdmxsdk - ok
13:55:27.0239 2120 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:55:27.0270 2120 megasas - ok
13:55:27.0413 2120 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:55:27.0521 2120 MMCSS - ok
13:55:27.0623 2120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:55:27.0719 2120 Modem - ok
13:55:27.0827 2120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:55:27.0930 2120 monitor - ok
13:55:27.0951 2120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:55:27.0986 2120 mouclass - ok
13:55:28.0068 2120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:55:28.0160 2120 mouhid - ok
13:55:28.0242 2120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:55:28.0279 2120 MountMgr - ok
13:55:28.0314 2120 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:55:28.0365 2120 mpio - ok
13:55:28.0413 2120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:55:28.0470 2120 mpsdrv - ok
13:55:28.0778 2120 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:55:28.0867 2120 MpsSvc - ok
13:55:28.0918 2120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:55:28.0951 2120 Mraid35x - ok
13:55:28.0994 2120 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:55:29.0051 2120 MRxDAV - ok
13:55:29.0103 2120 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:55:29.0172 2120 mrxsmb - ok
13:55:29.0391 2120 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:55:29.0448 2120 mrxsmb10 - ok
13:55:29.0522 2120 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:55:29.0564 2120 mrxsmb20 - ok
13:55:29.0633 2120 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:55:29.0668 2120 msahci - ok
13:55:29.0990 2120 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
13:55:30.0027 2120 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
13:55:30.0027 2120 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
13:55:30.0124 2120 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:55:30.0167 2120 msdsm - ok
13:55:30.0308 2120 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:55:30.0410 2120 MSDTC - ok
13:55:30.0543 2120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:55:30.0622 2120 Msfs - ok
13:55:30.0684 2120 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:55:30.0718 2120 msisadrv - ok
13:55:30.0967 2120 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:55:31.0063 2120 MSiSCSI - ok
13:55:31.0071 2120 msiserver - ok
13:55:31.0179 2120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:55:31.0268 2120 MSKSSRV - ok
13:55:31.0349 2120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:55:31.0430 2120 MSPCLOCK - ok
13:55:31.0508 2120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:55:31.0605 2120 MSPQM - ok
13:55:31.0868 2120 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:55:31.0911 2120 MsRPC - ok
13:55:32.0112 2120 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:55:32.0145 2120 mssmbios - ok
13:55:32.0197 2120 MSSQL$VAIO_VEDB - ok
13:55:32.0581 2120 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:55:32.0609 2120 MSSQLServerADHelper - ok
13:55:32.0715 2120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:55:32.0820 2120 MSTEE - ok
13:55:33.0149 2120 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:55:33.0186 2120 Mup - ok
13:55:34.0556 2120 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:55:34.0824 2120 napagent - ok
13:55:34.0889 2120 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:55:34.0986 2120 NativeWifiP - ok
13:55:36.0127 2120 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:55:36.0197 2120 NDIS - ok
13:55:36.0326 2120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:55:36.0400 2120 NdisTapi - ok
13:55:36.0506 2120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:55:36.0577 2120 Ndisuio - ok
13:55:36.0934 2120 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:55:37.0032 2120 NdisWan - ok
13:55:37.0260 2120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:55:37.0401 2120 NDProxy - ok
13:55:37.0471 2120 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
13:55:37.0516 2120 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:55:37.0516 2120 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:55:37.0564 2120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:55:37.0638 2120 NetBIOS - ok
13:55:38.0161 2120 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:55:38.0304 2120 netbt - ok
13:55:38.0343 2120 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:55:38.0379 2120 Netlogon - ok
13:55:38.0908 2120 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:55:39.0040 2120 Netman - ok
13:55:39.0203 2120 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:55:39.0309 2120 netprofm - ok
13:55:40.0471 2120 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:55:40.0669 2120 NetTcpPortSharing - ok
13:55:44.0233 2120 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
13:55:44.0497 2120 NETw3v32 - ok
13:55:47.0258 2120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:55:47.0350 2120 nfrd960 - ok
13:55:47.0851 2120 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:55:47.0930 2120 NlaSvc - ok
13:55:48.0847 2120 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:55:48.0921 2120 Npfs - ok
13:55:49.0239 2120 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:55:49.0361 2120 nsi - ok
13:55:49.0439 2120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:55:49.0527 2120 nsiproxy - ok
13:55:50.0543 2120 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:55:50.0844 2120 Ntfs - ok
13:55:50.0934 2120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:55:51.0096 2120 ntrigdigi - ok
13:55:51.0142 2120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:55:51.0212 2120 Null - ok
13:55:51.0246 2120 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:55:51.0284 2120 nvraid - ok
13:55:51.0314 2120 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:55:51.0348 2120 nvstor - ok
13:55:51.0394 2120 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:55:51.0433 2120 nv_agp - ok
13:55:51.0441 2120 NwlnkFlt - ok
13:55:51.0458 2120 NwlnkFwd - ok
13:55:52.0247 2120 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:55:52.0330 2120 odserv - ok
13:55:52.0393 2120 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:55:52.0468 2120 ohci1394 - ok
13:55:53.0109 2120 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:55:53.0144 2120 ose - ok
13:55:54.0182 2120 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:55:54.0279 2120 p2pimsvc - ok
13:55:54.0298 2120 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:55:54.0393 2120 p2psvc - ok
13:55:54.0554 2120 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
13:55:54.0588 2120 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
13:55:54.0588 2120 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
13:55:54.0636 2120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:55:54.0787 2120 Parport - ok
13:55:55.0250 2120 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:55:55.0318 2120 partmgr - ok
13:55:55.0359 2120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:55:55.0486 2120 Parvdm - ok
13:55:55.0648 2120 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:55:55.0718 2120 PcaSvc - ok
13:55:55.0771 2120 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:55:55.0813 2120 pci - ok
13:55:55.0836 2120 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
13:55:55.0873 2120 pciide - ok
13:55:55.0936 2120 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
13:55:55.0986 2120 pcmcia - ok
13:55:56.0092 2120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:55:56.0509 2120 PEAUTH - ok
13:55:58.0216 2120 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:55:58.0575 2120 pla - ok
13:56:00.0046 2120 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:56:00.0152 2120 PlugPlay - ok
13:56:00.0212 2120 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
13:56:00.0246 2120 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:56:00.0246 2120 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:56:00.0346 2120 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:56:00.0461 2120 PNRPAutoReg - ok
13:56:00.0480 2120 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:56:00.0544 2120 PNRPsvc - ok
13:56:00.0675 2120 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:56:00.0781 2120 PolicyAgent - ok
13:56:01.0322 2120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:56:01.0447 2120 PptpMiniport - ok
13:56:01.0641 2120 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:56:01.0820 2120 Processor - ok
13:56:01.0909 2120 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:56:01.0990 2120 ProfSvc - ok
13:56:02.0109 2120 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:56:02.0147 2120 ProtectedStorage - ok
13:56:02.0474 2120 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:56:02.0559 2120 PSched - ok
13:56:02.0620 2120 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
13:56:02.0649 2120 PxHelp20 - ok
13:56:02.0750 2120 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:56:02.0851 2120 ql2300 - ok
13:56:02.0884 2120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:56:02.0920 2120 ql40xx - ok
13:56:03.0722 2120 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:56:03.0802 2120 QWAVE - ok
13:56:04.0222 2120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:56:04.0314 2120 QWAVEdrv - ok
13:56:04.0364 2120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:56:04.0439 2120 RasAcd - ok
13:56:04.0782 2120 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:56:04.0886 2120 RasAuto - ok
13:56:05.0007 2120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:56:05.0110 2120 Rasl2tp - ok
13:56:05.0791 2120 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:56:05.0880 2120 RasMan - ok
13:56:05.0973 2120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:56:06.0076 2120 RasPppoe - ok
13:56:06.0180 2120 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:56:06.0257 2120 RasSstp - ok
13:56:06.0598 2120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:56:06.0694 2120 rdbss - ok
13:56:06.0765 2120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:56:06.0852 2120 RDPCDD - ok
13:56:06.0988 2120 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:56:07.0149 2120 rdpdr - ok
13:56:07.0236 2120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:56:07.0349 2120 RDPENCDD - ok
13:56:07.0621 2120 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
13:56:07.0737 2120 RDPWD - ok
13:56:07.0819 2120 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:56:07.0920 2120 RemoteAccess - ok
13:56:08.0074 2120 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:56:08.0140 2120 RemoteRegistry - ok
13:56:08.0205 2120 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:56:08.0272 2120 RpcLocator - ok
13:56:08.0704 2120 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:56:08.0843 2120 RpcSs - ok
13:56:08.0998 2120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:56:09.0075 2120 rspndr - ok
13:56:09.0151 2120 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:56:09.0191 2120 SamSs - ok
13:56:09.0329 2120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:56:09.0370 2120 sbp2port - ok
13:56:09.0505 2120 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:56:09.0590 2120 SCardSvr - ok
13:56:11.0438 2120 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:56:11.0557 2120 Schedule - ok
13:56:11.0743 2120 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:56:11.0798 2120 SCPolicySvc - ok
13:56:12.0611 2120 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:56:12.0710 2120 SDRSVC - ok
13:56:12.0819 2120 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:56:12.0927 2120 seclogon - ok
13:56:13.0634 2120 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:56:13.0744 2120 SENS - ok
13:56:14.0051 2120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:56:14.0230 2120 Serenum - ok
13:56:14.0521 2120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:56:14.0675 2120 Serial - ok
13:56:14.0730 2120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:56:14.0832 2120 sermouse - ok
13:56:15.0165 2120 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:56:15.0247 2120 SessionEnv - ok
13:56:15.0303 2120 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
13:56:15.0332 2120 sfdrv01 - ok
13:56:15.0537 2120 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
13:56:15.0719 2120 sffdisk - ok
13:56:15.0757 2120 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:56:15.0900 2120 sffp_mmc - ok
13:56:16.0081 2120 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
13:56:16.0246 2120 sffp_sd - ok
13:56:16.0321 2120 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
13:56:16.0377 2120 sfhlp02 - ok
13:56:16.0394 2120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
13:56:16.0543 2120 sfloppy - ok
13:56:16.0617 2120 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
13:56:16.0644 2120 sfsync02 - ok
13:56:17.0093 2120 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:56:17.0186 2120 SharedAccess - ok
13:56:17.0825 2120 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:56:17.0946 2120 ShellHWDetection - ok
13:56:18.0419 2120 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:56:18.0459 2120 sisagp - ok
13:56:18.0595 2120 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:56:18.0643 2120 SiSRaid2 - ok
13:56:18.0926 2120 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:56:18.0976 2120 SiSRaid4 - ok
13:56:21.0567 2120 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:56:21.0963 2120 slsvc - ok
13:56:22.0790 2120 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:56:22.0870 2120 SLUINotify - ok
13:56:23.0371 2120 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:56:23.0491 2120 Smb - ok
13:56:23.0541 2120 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
13:56:23.0607 2120 SNC - ok
13:56:23.0641 2120 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:56:23.0684 2120 SNMPTRAP - ok
13:56:24.0020 2120 SonicStage Back-End Service (86da2befb800d726fea98a539606553c) C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
13:56:24.0067 2120 SonicStage Back-End Service - ok
13:56:24.0120 2120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:56:24.0154 2120 spldr - ok
13:56:24.0811 2120 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:56:24.0882 2120 Spooler - ok
13:56:24.0975 2120 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
13:56:24.0988 2120 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
13:56:24.0988 2120 SPTISRV - detected UnsignedFile.Multi.Generic (1)
13:56:25.0062 2120 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:56:25.0098 2120 SQLBrowser - ok
13:56:25.0211 2120 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:56:25.0241 2120 SQLWriter - ok
13:56:25.0801 2120 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:56:25.0854 2120 srv - ok
13:56:26.0715 2120 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:56:26.0802 2120 srv2 - ok
13:56:26.0862 2120 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:56:26.0918 2120 srvnet - ok
13:56:26.0964 2120 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
13:56:27.0029 2120 ssadbus - ok
13:56:27.0089 2120 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:56:27.0136 2120 ssadmdfl - ok
13:56:27.0270 2120 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
13:56:27.0330 2120 ssadmdm - ok
13:56:27.0396 2120 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys
13:56:27.0475 2120 ssadserd - ok
13:56:27.0636 2120 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:56:27.0726 2120 SSDPSRV - ok
13:56:27.0800 2120 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:56:27.0823 2120 ssmdrv - ok
13:56:28.0015 2120 SSScsiSV (6eb13f919d22d5056b4fb66aa3bb497a) C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
13:56:28.0043 2120 SSScsiSV - ok
13:56:28.0114 2120 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:56:28.0157 2120 SstpSvc - ok
13:56:28.0233 2120 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:56:28.0318 2120 stisvc - ok
13:56:28.0360 2120 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:56:28.0393 2120 swenum - ok
13:56:28.0446 2120 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:56:28.0544 2120 swprv - ok
13:56:28.0579 2120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:56:28.0611 2120 Symc8xx - ok
13:56:28.0633 2120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:56:28.0665 2120 Sym_hi - ok
13:56:28.0695 2120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:56:28.0727 2120 Sym_u3 - ok
13:56:28.0809 2120 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:56:28.0889 2120 SysMain - ok
13:56:28.0940 2120 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:56:28.0984 2120 TabletInputService - ok
13:56:29.0039 2120 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:56:29.0128 2120 TapiSrv - ok
13:56:29.0177 2120 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:56:29.0255 2120 TBS - ok
13:56:29.0374 2120 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
13:56:29.0466 2120 Tcpip - ok
13:56:29.0496 2120 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
13:56:29.0578 2120 Tcpip6 - ok
13:56:29.0615 2120 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
13:56:29.0662 2120 tcpipreg - ok
13:56:29.0709 2120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:56:29.0784 2120 TDPIPE - ok
13:56:29.0828 2120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:56:29.0916 2120 TDTCP - ok
13:56:29.0957 2120 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:56:30.0032 2120 tdx - ok
13:56:30.0071 2120 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:56:30.0109 2120 TermDD - ok
13:56:30.0171 2120 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:56:30.0304 2120 TermService - ok
13:56:30.0372 2120 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:56:30.0417 2120 Themes - ok
13:56:30.0478 2120 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:56:30.0553 2120 THREADORDER - ok
13:56:30.0646 2120 ti21sony (dcd46a3fc856167fd985507492ae610a) C:\Windows\system32\drivers\ti21sony.sys
13:56:30.0750 2120 ti21sony - ok
13:56:30.0815 2120 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:56:30.0916 2120 TrkWks - ok
13:56:30.0988 2120 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:56:31.0068 2120 TrustedInstaller - ok
13:56:31.0115 2120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:56:31.0204 2120 tssecsrv - ok
13:56:31.0277 2120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:56:31.0350 2120 tunmp - ok
13:56:31.0411 2120 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:56:31.0461 2120 tunnel - ok
13:56:31.0513 2120 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:56:31.0546 2120 uagp35 - ok
13:56:31.0618 2120 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:56:31.0697 2120 udfs - ok
13:56:31.0827 2120 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:56:32.0008 2120 UI0Detect - ok
13:56:32.0133 2120 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:56:32.0165 2120 uliagpkx - ok
13:56:32.0202 2120 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:56:32.0245 2120 uliahci - ok
13:56:32.0298 2120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:56:32.0335 2120 UlSata - ok
13:56:32.0366 2120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:56:32.0403 2120 ulsata2 - ok
13:56:32.0451 2120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:56:32.0525 2120 umbus - ok
13:56:32.0591 2120 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:56:32.0676 2120 upnphost - ok
13:56:32.0729 2120 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:56:32.0764 2120 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
13:56:32.0764 2120 USBAAPL - detected UnsignedFile.Multi.Generic (1)
13:56:32.0835 2120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:56:32.0894 2120 usbccgp - ok
13:56:32.0949 2120 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
13:56:33.0026 2120 USBCCID - ok
13:56:33.0106 2120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:56:33.0249 2120 usbcir - ok
13:56:33.0347 2120 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:56:33.0418 2120 usbehci - ok
13:56:33.0460 2120 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:56:33.0544 2120 usbhub - ok
13:56:33.0579 2120 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:56:33.0709 2120 usbohci - ok
13:56:33.0753 2120 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:56:33.0825 2120 usbprint - ok
13:56:33.0875 2120 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:56:33.0930 2120 usbscan - ok
13:56:33.0964 2120 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:56:34.0036 2120 USBSTOR - ok
13:56:34.0088 2120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:56:34.0166 2120 usbuhci - ok
13:56:34.0212 2120 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:56:34.0273 2120 UxSms - ok
13:56:34.0475 2120 VAIO Entertainment TV Device Arbitration Service (4e9c6bf8d0655bb7538088dc6f2306d9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
13:56:34.0505 2120 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
13:56:34.0506 2120 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
13:56:34.0574 2120 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
13:56:34.0605 2120 VAIO Event Service - ok
13:56:34.0805 2120 VAIOMediaPlatform-IntegratedServer-AppServer (88dc6b884824a578b0e1e9c3790c105b) C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
13:56:34.0959 2120 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
13:56:34.0959 2120 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
13:56:35.0187 2120 VAIOMediaPlatform-IntegratedServer-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
13:56:35.0219 2120 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
13:56:35.0219 2120 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
13:56:35.0328 2120 VAIOMediaPlatform-IntegratedServer-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
13:56:35.0694 2120 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
13:56:35.0694 2120 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
13:56:35.0821 2120 VAIOMediaPlatform-UCLS-AppServer (52d4f568fe7d05ae5026b8717eeb59eb) C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
13:56:35.0900 2120 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - warning
13:56:35.0900 2120 VAIOMediaPlatform-UCLS-AppServer - detected UnsignedFile.Multi.Generic (1)
13:56:35.0965 2120 VAIOMediaPlatform-UCLS-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
13:56:35.0990 2120 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - warning
13:56:35.0990 2120 VAIOMediaPlatform-UCLS-HTTP - detected UnsignedFile.Multi.Generic (1)
13:56:36.0084 2120 VAIOMediaPlatform-UCLS-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
13:56:36.0207 2120 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - warning
13:56:36.0208 2120 VAIOMediaPlatform-UCLS-UPnP - detected UnsignedFile.Multi.Generic (1)
13:56:36.0280 2120 Vcsw - ok
13:56:36.0459 2120 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:56:36.0583 2120 vds - ok
13:56:36.0664 2120 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:56:36.0815 2120 vga - ok
13:56:36.0865 2120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:56:36.0938 2120 VgaSave - ok
13:56:36.0972 2120 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:56:37.0005 2120 viaagp - ok
13:56:37.0023 2120 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:56:37.0157 2120 ViaC7 - ok
13:56:37.0228 2120 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:56:37.0259 2120 viaide - ok
13:56:37.0309 2120 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:56:37.0344 2120 volmgr - ok
13:56:37.0406 2120 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:56:37.0456 2120 volmgrx - ok
13:56:37.0586 2120 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:56:37.0746 2120 volsnap - ok
13:56:37.0894 2120 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:56:37.0931 2120 vsmraid - ok
13:56:38.0056 2120 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:56:38.0223 2120 VSS - ok
13:56:38.0425 2120 VzCdbSvc (5feb20d9ed9a2bd4f234222b0a3bb855) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
13:56:38.0463 2120 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
13:56:38.0463 2120 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
13:56:38.0502 2120 VzFw (3757dfd3c07896ef660d4060366e7b4e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
13:56:38.0516 2120 VzFw ( UnsignedFile.Multi.Generic ) - warning
13:56:38.0516 2120 VzFw - detected UnsignedFile.Multi.Generic (1)
13:56:38.0664 2120 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:56:38.0733 2120 W32Time - ok
13:56:38.0809 2120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:56:38.0967 2120 WacomPen - ok
13:56:39.0029 2120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:56:39.0109 2120 Wanarp - ok
13:56:39.0125 2120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:56:39.0185 2120 Wanarpv6 - ok
13:56:39.0256 2120 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:56:39.0339 2120 wcncsvc - ok
13:56:39.0518 2120 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:56:39.0605 2120 WcsPlugInService - ok
13:56:39.0679 2120 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:56:39.0729 2120 Wd - ok
13:56:39.0820 2120 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:56:39.0883 2120 Wdf01000 - ok
13:56:40.0018 2120 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:56:40.0112 2120 WdiServiceHost - ok
13:56:40.0120 2120 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:56:40.0206 2120 WdiSystemHost - ok
13:56:40.0273 2120 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:56:40.0321 2120 WebClient - ok
13:56:40.0708 2120 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:56:40.0809 2120 Wecsvc - ok
13:56:40.0885 2120 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:56:40.0972 2120 wercplsupport - ok
13:56:41.0021 2120 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:56:41.0109 2120 WerSvc - ok
13:56:41.0195 2120 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:56:41.0253 2120 winachsf - ok
13:56:41.0510 2120 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:56:41.0552 2120 WinDefend - ok
13:56:41.0569 2120 WinHttpAutoProxySvc - ok
13:56:41.0643 2120 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:56:41.0707 2120 Winmgmt - ok
13:56:41.0840 2120 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:56:42.0016 2120 WinRM - ok
13:56:42.0108 2120 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:56:42.0245 2120 Wlansvc - ok
13:56:42.0593 2120 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:56:42.0902 2120 wlidsvc - ok
13:56:43.0046 2120 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:56:43.0176 2120 WmiAcpi - ok
13:56:43.0252 2120 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:56:43.0311 2120 wmiApSrv - ok
13:56:43.0461 2120 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:56:43.0581 2120 WMPNetworkSvc - ok
13:56:43.0612 2120 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:56:43.0671 2120 WPCSvc - ok
13:56:43.0713 2120 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:56:43.0793 2120 WPDBusEnum - ok
13:56:43.0877 2120 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:56:43.0932 2120 WpdUsb - ok
13:56:44.0528 2120 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:56:44.0593 2120 WPFFontCache_v0400 - ok
13:56:44.0648 2120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:56:44.0741 2120 ws2ifsl - ok
13:56:44.0778 2120 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
13:56:44.0823 2120 wscsvc - ok
13:56:44.0832 2120 WSearch - ok
13:56:45.0016 2120 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:56:45.0175 2120 wuauserv - ok
13:56:45.0365 2120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:56:45.0439 2120 WUDFRd - ok
13:56:45.0503 2120 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:56:45.0581 2120 wudfsvc - ok
13:56:45.0602 2120 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
13:56:45.0630 2120 XAudio - ok
13:56:45.0674 2120 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
13:56:45.0718 2120 XAudioService - ok
13:56:45.0772 2120 yukonwlh (69222091b6285906aff82e43681cf826) C:\Windows\system32\DRIVERS\yk60x86.sys
13:56:45.0830 2120 yukonwlh - ok
13:56:45.0875 2120 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:56:46.0045 2120 \Device\Harddisk0\DR0 - ok
13:56:46.0053 2120 Boot (0x1200) (408300534be1d9c795f43c326e6d41cd) \Device\Harddisk0\DR0\Partition0
13:56:46.0056 2120 \Device\Harddisk0\DR0\Partition0 - ok
13:56:46.0059 2120 ============================================================
13:56:46.0059 2120 Scan finished
13:56:46.0059 2120 ============================================================
13:56:46.0085 4588 Detected object count: 18
13:56:46.0085 4588 Actual detected object count: 18
13:58:33.0643 4588 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0643 4588 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0648 4588 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0649 4588 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0650 4588 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0650 4588 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0654 4588 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0654 4588 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0659 4588 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0659 4588 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0663 4588 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0663 4588 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0664 4588 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0664 4588 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0669 4588 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0670 4588 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0674 4588 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0674 4588 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0678 4588 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0678 4588 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0684 4588 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0684 4588 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0688 4588 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0688 4588 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0692 4588 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0693 4588 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0697 4588 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0697 4588 VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0698 4588 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0698 4588 VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0703 4588 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0703 4588 VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0708 4588 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0708 4588 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:58:33.0712 4588 VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
13:58:33.0712 4588 VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
04.05.2012, 18:21
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX Account verschickt Spammails Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.05.2012, 13:10
| #13 |
| | GMX Account verschickt Spammails Combofix Logfile: Code:
ATTFilter ComboFix 12-05-05.05 - Teresa 05.05.2012 13:44:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.2037.1186 [GMT 2:00]
ausgeführt von:: c:\users\Teresa\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-05 bis 2012-05-05 ))))))))))))))))))))))))))))))
.
.
2012-05-05 11:58 . 2012-05-05 11:59 -------- d-----w- c:\users\Teresa\AppData\Local\temp
2012-05-05 11:58 . 2012-05-05 11:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-05 11:21 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39A6A44A-5A1E-47BC-84D9-63B0AC1627CF}\mpengine.dll
2012-05-03 18:56 . 2012-05-03 18:56 -------- d-----w- C:\_OTL
2012-05-01 16:47 . 2012-05-01 16:47 -------- d-----w- c:\program files\ESET
2012-05-01 09:10 . 2012-05-01 09:10 -------- d-----w- c:\users\Teresa\AppData\Roaming\Malwarebytes
2012-05-01 09:09 . 2012-05-01 09:09 -------- d-----w- c:\programdata\Malwarebytes
2012-05-01 09:09 . 2012-05-01 09:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-01 09:09 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-11 22:32 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 22:32 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 22:32 . 2012-02-28 01:08 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-11 22:32 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-11 22:27 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 22:27 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 21:08 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-10 19:52 . 2012-04-14 14:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 14:09 . 2011-05-17 10:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 15:38 . 2010-05-13 19:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2012-01-15 18:55 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-14 19:09 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 19:09 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 19:09 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 19:09 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 19:09 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-03-22 17:18 . 2011-11-15 21:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-01-04 00:04 . 2008-02-16 13:14 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-24 39408]
"OnlineFestplatte"="c:\program files\aon\Onlinefestplatte\OnlineFestplatte.exe" [2008-01-25 253976]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-08-01 958352]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-08-01 3507088]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-01 20880]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4317184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-12 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 321656]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-04 29744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-03 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-26 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2011-11-03 220744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 14:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:09]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 18:07]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 18:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.club-vaio.com/vbc
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-05 13:59
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5004)
c:\program files\HappyFoto\Bestellassistent\FotoSync.dll
c:\program files\HappyFoto\Bestellassistent\xerc2701.dll
c:\program files\HappyFoto\Bestellassistent\fotosynr.dll
.
Zeit der Fertigstellung: 2012-05-05 14:04:25
ComboFix-quarantined-files.txt 2012-05-05 12:04
.
Vor Suchlauf: 17 Verzeichnis(se), 24.473.079.808 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 24.490.774.528 Bytes frei
.
- - End Of File - - DED0FFFB671FA9A5E387E3D6854342D0
|
|
06.05.2012, 18:14
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX Account verschickt Spammails Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.05.2012, 21:00
| #15 |
| | GMX Account verschickt Spammails GMER hat nicht funktioniert, hier das OSAM file: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:39:10 on 06.05.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Teresa\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {3C05B56D-4D0A-45F9-8078-931A5250F661} "HappyFoto" - "WebWare, Dipl.-Ing. Christian Aberger" - C:\Program Files\HappyFoto\Bestellassistent\FotoSync.dll {410AEE10-AB1F-4D31-8432-779CCE247A01} "HappyFoto" - "WebWare, Dipl.-Ing. Christian Aberger" - C:\Program Files\HappyFoto\Bestellassistent\FotoSync.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "ICQ6" - "ICQ, Inc." - C:\Program Files\ICQ6\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s "KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe "KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe "OnlineFestplatte" - "Telekom Austria TA AG" - C:\Program Files\aon\Onlinefestplatte\OnlineFestplatte.exe /tray "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Symantec PIF AlertEng" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Desktop Manager 5.7.806.10245" (GoogleDesktopManager-061008-081103) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9b22b9c050ae8)" (gupdate1c9b22b9c050ae8) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LiveUpdate Notice Service" (LiveUpdate Notice Service) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe "LiveUpdate Notice Service Ex" (LiveUpdate Notice Ex) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SonicStage Back-End Service" (SonicStage Back-End Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe "SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe "Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe "SQL Server (VAIO_VEDB)" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe "VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe "VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe "VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\sony\VAIO Event Service\VESMgr.exe "VAIO Media Content Collection" (VAIOMediaPlatform-UCLS-AppServer) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe "VAIO Media Content Collection (HTTP)" (VAIOMediaPlatform-UCLS-HTTP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Content Collection (UPnP)" (VAIOMediaPlatform-UCLS-UPnP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe "VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe "VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe "VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe "VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-06 20:44:12
-----------------------------
20:44:12.393 OS Version: Windows 6.0.6002 Service Pack 2
20:44:12.393 Number of processors: 2 586 0xE0C
20:44:12.396 ComputerName: TERESA-PC UserName: Teresa
20:45:07.605 Initialize success
20:47:36.819 AVAST engine defs: 12050600
20:48:17.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
20:48:17.208 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
20:48:17.215 Disk 1 \Device\Harddisk1\DR1 -> \Device\000000c1
20:48:17.225 Disk 1 Vendor: ( Size: 152627MB BusType: 0
20:48:17.233 Disk 2 \Device\Harddisk2\DR2 -> \Device\000000c2
20:48:17.241 Disk 2 Vendor: ( Size: 152627MB BusType: 0
20:48:17.264 Disk 0 MBR read successfully
20:48:17.273 Disk 0 MBR scan
20:48:17.305 Disk 0 Windows VISTA default MBR code
20:48:17.330 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9536 MB offset 2048
20:48:17.387 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143089 MB offset 19531776
20:48:17.409 Disk 0 scanning sectors +312579760
20:48:17.519 Disk 0 scanning C:\Windows\system32\drivers
20:48:45.882 Service scanning
20:49:56.205 Modules scanning
20:50:06.349 Disk 0 trace - called modules:
20:50:06.383 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:50:06.397 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85323258]
20:50:06.410 3 CLASSPNP.SYS[883c78b3] -> nt!IofCallDriver -> [0x8521b8c8]
20:50:06.423 5 acpi.sys[806926bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x852203a0]
20:50:06.439 \Driver\atapi[0x8520d770] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0x807d08b4]
20:50:08.209 AVAST engine scan C:\Windows
20:50:25.976 AVAST engine scan C:\Windows\system32
21:00:01.818 AVAST engine scan C:\Windows\system32\drivers
21:00:32.129 AVAST engine scan C:\Users\Teresa
21:48:01.769 AVAST engine scan C:\ProgramData
21:54:41.109 Scan finished successfully
21:56:42.013 Disk 0 MBR has been saved successfully to "C:\Users\Teresa\Desktop\MBR.dat"
21:56:42.028 The log file has been saved successfully to "C:\Users\Teresa\Desktop\aswMBR.txt"
|
|
| Themen zu GMX Account verschickt Spammails |
| administrator, anti-malware, autostart, browser, dateien, dateisystem, explorer, forum, gelöscht, gen, gmx, helper, heuristiks/extra, heuristiks/shuriken, icq, install, malwarebytes, microsoft, pup.bundleoffer.downloader.s, quarantäne, scan, service, service pack 2, software, speicher, trojan.bho, version, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
