| |
| |||||||
Log-Analyse und Auswertung: Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.06.2012, 21:48
| #1 |
 |  Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Hilfe, Panda gibt Fehlermeldung!!!!!!!!!! Ich habe seit 2 Tagen Probleme mit Panda mit dieser Meldung It is advisable to restart to keep your computer protectet Es funk. nur noch Firewall und Vulnerabilities !!! Nachdem ich saemtliche Scan's (auch unter malware bytes) durchgefuehrt habe, auch einen trojaner gefunden haben ihn versucht habe zu beseiten, funk. mein panda denoch nicht. Ich lasse grad Malwarebytes nach dem Restart nochmals durchlaufen habe auch ein hijackthis. gemacht... kenne mich leider nicht so super gut aus mit computer + laptops, deswegen waere ich fuer eine Hilfe sehr danke. anbei noch die hyjackthis.log HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:29:54 PM, on 6/5/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19222) Boot mode: Normal Running processes: C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Panda Security\Panda Internet Security 2012\ApVxdWin.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Panda Security\Panda Internet Security 2012\PavBckPT.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Owner\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing) O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing) O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2012\Inicio.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; yie8)" -"hxxp://www.candystand.com/play/pool-sharks" O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2012\PskSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 16070 bytes anbei noch die log Malwarebytes Anti-Malware (Test) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.05.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19222 Owner :: OWNER-PC [Administrator] Schutz: Aktiviert 6/5/2012 4:04:02 PM mbam-log-2012-06-05 (16-04-02).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 399284 Laufzeit: 3 Stunde(n), 18 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|53822020 (Trojan.Agent) -> Daten: C:\ProgramData\53822020\53822020.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.05.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19222 Owner :: OWNER-PC [Administrator] Schutz: Aktiviert 6/5/2012 8:13:04 PM mbam-log-2012-06-05 (20-13-04).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 398930 Laufzeit: 3 Stunde(n), 14 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 2012/06/05 16:03:43 +0200 OWNER-PC Owner MESSAGE Starting protection 2012/06/05 16:03:52 +0200 OWNER-PC Owner MESSAGE Protection started successfully 2012/06/05 16:03:55 +0200 OWNER-PC Owner MESSAGE Starting IP protection 2012/06/05 16:04:29 +0200 OWNER-PC Owner MESSAGE IP Protection started successfully 2012/06/05 20:00:08 +0200 OWNER-PC Owner MESSAGE Starting protection 2012/06/05 20:00:21 +0200 OWNER-PC Owner MESSAGE Protection started successfully 2012/06/05 20:00:24 +0200 OWNER-PC Owner MESSAGE Starting IP protection 2012/06/05 20:00:43 +0200 OWNER-PC Owner MESSAGE IP Protection started successfully Habe auch ein ETES scan durchgefuehrt anbei die log. dafuer. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0a2d3bfb9c92ea4d9cbb7b22dcf3c530
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-06 02:19:59
# local_time=2012-06-06 04:19:59 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1536 16777215 100 0 89283 89283 0 0
# compatibility_mode=5892 16776573 100 100 14062 176464955 0 0
# compatibility_mode=8192 67108863 100 0 205 205 0 0
# scanned=207336
# found=1
# cleaned=0
# scan_time=16972
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\2617f10-2ba5584b a variant of Java/Exploit.Agent.NBQ trojan (unable to clean) 00000000000000000000000000000000 I
|
|
08.06.2012, 11:02
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
08.06.2012, 14:32
| #3 |
| | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet hier ist der otl nochmals
__________________vielen dank  OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/8/2012 1:47:47 PM - Run 1 OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Owner\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 52.36% Memory free 4.78 Gb Paging File | 3.50 Gb Available in Paging File | 73.14% Paging File free Paging file location(s): c:\pagefile.sys 2973 2973 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.98 Gb Total Space | 148.02 Gb Free Space | 66.98% Space Free | Partition Type: NTFS Drive D: | 11.90 Gb Total Space | 1.84 Gb Free Space | 15.44% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/08 13:46:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2011/04/13 18:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\ApVxdWin.exe PRC - [2010/10/20 16:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe PRC - [2010/08/16 15:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe PRC - [2010/06/04 11:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe PRC - [2010/05/28 14:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\AVENGINE.EXE PRC - [2010/04/22 19:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\WebProxy.exe PRC - [2010/02/23 13:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavBckPT.exe PRC - [2009/11/26 18:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2012\FIREWALL\PSHost.exe PRC - [2009/08/10 15:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrlS.exe PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/06/27 14:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\SrvLoad.exe PRC - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe PRC - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe PRC - [2008/01/19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/09/15 10:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe PRC - [2006/11/02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe ========== Modules (No Company Name) ========== MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007/10/01 05:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007/02/14 14:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\MiniCrypto.dll MOD - [2004/05/19 12:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\LIBXML2.DLL ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012/06/06 09:57:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/06 01:31:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2011/04/14 17:07:58 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe -- (TPSrv) SRV - [2010/10/20 16:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe -- (PAVFNSVR) SRV - [2010/08/16 15:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe -- (PskSvcRetail) SRV - [2010/06/04 11:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe -- (PAVSRV) SRV - [2009/11/26 18:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\Program Files\Panda Security\Panda Internet Security 2012\FIREWALL\PSHost.exe -- (PSHost) SRV - [2009/08/10 15:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrlS.exe -- (Panda Software Controller) SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe -- (PSIMSVC) SRV - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv) SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008/01/19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/03/05 20:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- a -- (vsdatant) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PavTPK.sys -- (PavTPK.sys) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PavSRK.sys -- (PavSRK.sys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/06/08 09:28:23 | 000,105,088 | ---- | M] (Panda Security, S.L.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\av5flt.sys -- (AvFlt) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/12/01 21:34:40 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMFiltr.sys -- (ComFiltr) DRV - [2011/02/21 15:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv) DRV - [2011/01/31 17:41:28 | 000,083,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\APPFLT.SYS -- (APPFLT) DRV - [2010/09/09 17:23:00 | 000,193,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\idsflt.sys -- (IDSFLT) DRV - [2010/09/01 12:09:14 | 000,201,032 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\neti1644.sys -- (NETIMFLT01060044) DRV - [2010/06/22 19:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) DRV - [2010/05/21 14:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM) DRV - [2010/05/06 18:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc) DRV - [2009/09/25 15:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\wnmflt.sys -- (WNMFLT) DRV - [2009/09/25 15:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\Windows\System32\drivers\NETFLTDI.SYS -- (NETFLTDI) DRV - [2009/09/25 15:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\fnetmon.sys -- (FNETMON) DRV - [2009/09/25 15:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dsaflt.sys -- (DSAFLT) DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/04/11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009/04/11 06:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/09/10 00:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007/07/11 20:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007/06/19 03:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/05/31 01:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007/03/22 08:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/02/25 00:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/02/16 23:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007/01/24 02:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKLM\..\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}: "URL" = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.com/ IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60452 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{523F32BA-7501-476E-AC0C-D22EEB29AD04}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{80D6DB76-1108-49F6-A896-FEA8CB78E157}: "URL" = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{8C367274-CC00-41DA-BEAC-6C2CF70BB39E}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8153DA5E-4623-4182-84EC-97BE10D92242}&mid=b1c4cd4de19f631f6d81056869bace19-19797f26317ae0b17f4a1412906e404ec3d12118&lang=en&ds=AVG&pr=fr&d=2011-12-01 21:12:09&v=8.0.0.40&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{C1E0C7A6-A8E2-4FE0-9787-1C4A8155D7D4}: "URL" = hxxp://delicious.com/search?p={searchTerms} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{DCA623BF-EA31-4439-9168-7930D9D25A8B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}: "URL" = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.11.20110727115843 FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Owner\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2011/01/16 18:28:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/11/30 20:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 09:57:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/28 10:04:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/19 20:54:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 09:57:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/28 10:04:56 | 000,000,000 | ---D | M] [2011/01/06 22:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions [2009/06/20 10:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012/05/31 18:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions [2011/11/23 12:43:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/11/23 12:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash [2012/05/20 10:51:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/05/31 18:51:09 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2010/12/29 14:49:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/03/30 20:42:50 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\personas@christopher.beard [2010/09/02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\taztryfv.default\searchplugins\iMeshWebSearch.xml [2012/02/23 07:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/05/18 13:40:53 | 000,047,322 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TAZTRYFV.DEFAULT\EXTENSIONS\GOOGLEDICTIONARY@TOPTIP.CA.XPI [2012/06/06 09:57:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/22 18:37:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/11/30 20:39:31 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/02/23 07:15:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml [2010/09/02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml [2012/02/23 07:15:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2010/04/07 00:51:04 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2012\Inicio.exe (Panda Security, S.L.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun File not found O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; yie8)" -"hxxp://www.candystand.com/play/pool-sharks" File not found O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61240696-36FB-4231-9FB7-821C2CEFFE1C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync) O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/10/23 09:21:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{175676ee-f7b8-11df-8fbf-001e68094fde}\Shell\AutoRun\command - "" = F:\Setup.exe O33 - MountPoints2\{175676ee-f7b8-11df-8fbf-001e68094fde}\Shell\Install\command - "" = F:\Setup.exe O33 - MountPoints2\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\Shell\AutoRun - "" = Autorun O33 - MountPoints2\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s O33 - MountPoints2\{3120a840-aa0c-11dd-b013-001e68094fde}\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe O33 - MountPoints2\{3120a921-aa0c-11dd-b013-001e68094fde}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe O33 - MountPoints2\{574962f6-3335-11dd-a499-001e68094fde}\Shell\AutoRun\command - "" = G:\Launch.exe O33 - MountPoints2\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\Shell\AutoRun - "" = Autorun O33 - MountPoints2\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\m.exe /s O33 - MountPoints2\{5f119fdb-5119-11dd-adfe-001e68094fde}\Shell\AutoRun\command - "" = InstallSeagateManager.exe O33 - MountPoints2\{6770080c-a034-11de-8677-001e68094fde}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{6e939d26-004f-11df-b24c-001e68094fde}\Shell\AutoRun\command - "" = F:\WDSetup.exe O33 - MountPoints2\{78252484-5e57-11dd-9fdc-001e68094fde}\Shell\AutoRun\command - "" = F:\setupSNK.exe O33 - MountPoints2\{7bd6b079-aa97-11de-a7e3-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe O33 - MountPoints2\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\Shell - "" = AutoRun O33 - MountPoints2\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: PskSvcRetail - C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe (Panda Security, S.L.) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EE330FEC-4206-4FD0-891C-7216477A74B3} - NoIE8Tour ActiveX: {F390FCA4-7CCF-4A1A-A849-C381E489A3CA} - Yahoo! Search Settings Update ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{46AA243C-6639-4E0B-AB18-E7CA14FCCFBB} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/06 12:08:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe [2012/06/05 23:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/06/05 16:01:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes [2012/06/05 16:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/05 16:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/05 16:01:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/06/05 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/04 22:52:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/06/04 22:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012/06/04 22:37:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/06/04 18:10:12 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/06/04 17:18:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5D4204C8-CDE2-4C45-9E45-D9D6F47A816F} [2012/06/04 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C8902336-5744-42D5-9EAE-9B8231018014} [2012/06/04 06:41:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DD7C8580-ED43-4779-9D46-70F8FBB54B1D} [2012/06/04 06:40:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E59139D1-CAF6-4301-AC21-80D204FBE5B0} [2012/06/04 06:30:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{015FC6A9-723F-4986-A312-95D9FB567870} [2012/06/04 06:30:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{01071753-B3F9-4D9A-ABB5-901568C73F4A} [2012/06/03 22:55:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7C4A7E94-CF0E-4F39-B26D-A354905B42DF} [2012/06/03 22:55:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E643DDFD-39E2-4CF3-B64E-007BEA09FC24} [2012/05/31 18:52:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D171E1D4-B3E4-4DD0-B5E7-B264C5BCBBB9} [2012/05/31 18:52:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{275430D3-B7F3-4225-98B3-D5775D7B675F} [2012/05/28 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6D1F1111-2507-4105-8292-95CACA139BDD} [2012/05/28 20:50:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AB926C97-9A08-47F8-99CC-756E5B2B39AB} [2012/05/28 10:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/05/28 10:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/05/28 10:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/05/28 10:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/05/28 10:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/28 10:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/05/27 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E1400CBB-620B-4369-812C-7A3F47BAEDB1} [2012/05/27 16:20:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4A832F31-EE92-419C-B4A5-631F04CDC58A} [2012/05/26 09:33:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012/05/25 20:32:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4BE63C1A-E81B-4D4C-BB31-215B8FFE8702} [2012/05/25 20:32:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6E57EAED-4982-47E5-B751-BEC6C1E37FC5} [2012/05/23 23:42:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6285ED63-90D0-4639-AE82-1340F9DD4369} [2012/05/23 23:42:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D676B265-7EB2-4971-999B-FBA0443AF276} [2012/05/15 06:39:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D965FE57-8D8D-4B74-B99A-366EFE7372FA} [2012/05/15 06:39:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AB4B5A7D-4279-446D-80DA-E08D34EFF7BD} [2012/05/14 06:24:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E9AB4B54-2C52-40FE-AA77-3541B8E29488} [2012/05/14 06:24:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{33CFD962-3C68-4174-BF50-A18DF3CED55B} [2012/05/13 20:14:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{14792B86-9AA8-4CCE-A360-62213FDFAD08} [2012/05/13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5039D79B-F42F-43AD-A5C2-C01C1E2DFA17} [2012/05/12 22:56:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{122158B0-BD92-45EC-9859-4EB92371C761} [2012/05/12 22:56:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{54B1B045-FE0F-4B6F-9DC9-EB213021BB43} [2012/05/12 09:30:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EA417B02-358A-42CB-974A-1162FFED61B7} [2012/05/12 09:30:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A0DC8AB2-7755-42D0-937E-9E46C7BA00C9} [2012/05/11 23:12:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6CFB91FA-44A7-43A4-BEB0-7561FF2F82CB} [2012/05/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1DFC6FEE-548D-4585-B67A-2FAA118461FC} [2012/05/11 06:18:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A41FD33F-E118-410A-A0ED-F0DD28237243} [2012/05/11 06:18:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{142D52DB-E444-47AC-B498-D88F3B782DAA} [2012/05/10 18:54:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0BF665E7-83EE-4929-8988-E78323550EFD} [2012/05/10 18:54:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F6FACA2F-CEC7-42E8-A828-1DDB4EC94B48} [2012/05/10 06:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/10 06:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/05/10 05:50:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{64878248-3A18-4915-9AD1-5CCF1BCE691B} [2012/05/10 05:50:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{173C4041-DAB5-4DA2-BF07-BE6B19B2F143} ========== Files - Modified Within 30 Days ========== [2012/06/08 13:56:42 | 000,315,076 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck [2012/06/08 13:56:42 | 000,315,076 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT [2012/06/08 13:37:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/08 13:37:17 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2725313977-2452428163-366678771-1000UA.job [2012/06/08 13:37:11 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/06/08 13:37:11 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/06/08 13:36:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/08 13:36:17 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck [2012/06/08 13:36:17 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg [2012/06/08 13:36:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/08 13:36:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/08 13:36:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/08 09:38:10 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2725313977-2452428163-366678771-1000Core.job [2012/06/08 09:33:59 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck [2012/06/08 09:33:59 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG [2012/06/08 09:33:59 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck [2012/06/08 09:33:59 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg [2012/06/08 09:33:59 | 000,000,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck [2012/06/08 09:33:59 | 000,000,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt [2012/06/08 09:33:59 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck [2012/06/08 09:33:59 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg [2012/06/08 09:33:59 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck [2012/06/08 09:33:59 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg [2012/06/08 09:33:59 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck [2012/06/08 09:33:59 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg [2012/06/08 09:33:58 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck [2012/06/08 09:33:58 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls [2012/06/08 09:33:16 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD707F92-E982-4E85-8D70-10F1713EB1FD}.job [2012/06/08 09:32:31 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2012/06/08 09:30:19 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/08 09:28:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck [2012/06/08 09:28:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt [2012/06/08 09:28:23 | 000,105,088 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\av5flt.sys [2012/06/06 16:58:41 | 000,311,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/06/06 14:15:37 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC [2012/06/06 12:46:53 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/06 12:46:53 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/06 12:08:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe [2012/06/06 09:40:24 | 000,000,929 | ---- | M] () -- C:\Users\Owner\log.exe [2012/06/04 22:53:01 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\Panda ActiveScan Cleaner.lnk [2012/06/04 22:37:49 | 000,006,944 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2012/05/29 20:50:37 | 000,193,024 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/28 10:27:17 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/28 10:04:05 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/23 23:38:48 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job [2012/05/21 22:55:15 | 000,128,614 | ---- | M] () -- C:\Users\Owner\Desktop\3527906_orig.jpg ========== Files Created - No Company Name ========== [2012/06/06 09:40:23 | 000,000,929 | ---- | C] () -- C:\Users\Owner\log.exe [2012/06/04 22:49:21 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\Panda ActiveScan Cleaner.lnk [2012/05/28 10:27:17 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/28 10:04:05 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/21 22:55:13 | 000,128,614 | ---- | C] () -- C:\Users\Owner\Desktop\3527906_orig.jpg [2011/12/01 21:34:40 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys [2011/12/01 21:34:06 | 000,000,262 | ---- | C] () -- C:\Windows\System32\PavCPL.dat [2011/12/01 21:33:40 | 000,315,076 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck [2011/12/01 21:33:40 | 000,315,076 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT [2010/12/15 13:46:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2009/04/23 08:41:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\7Wonders [2011/01/16 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft [2010/12/29 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers [2008/07/05 01:49:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HotSync [2008/07/05 02:13:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech [2011/09/09 12:22:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MAGIX [2008/03/15 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MSNInstaller [2009/06/10 09:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies [2011/12/01 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panda Security [2008/05/11 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking [2010/09/28 16:19:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PureEdge [2009/04/01 20:27:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template [2012/05/31 17:08:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2012/06/08 09:38:10 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2725313977-2452428163-366678771-1000Core.job [2012/06/08 13:37:17 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2725313977-2452428163-366678771-1000UA.job [2012/06/07 13:09:54 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/06/08 09:33:16 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DD707F92-E982-4E85-8D70-10F1713EB1FD}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009/04/23 08:41:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\7Wonders [2008/07/01 07:30:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Adobe [2011/01/16 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft [2009/12/27 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apple Computer [2008/07/28 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Arcsoft [2008/08/18 08:47:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CyberLink [2012/02/14 20:26:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\dvdcss [2010/12/29 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers [2011/12/23 13:26:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Google [2011/04/20 06:02:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hewlett-Packard [2008/07/05 01:49:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HotSync [2008/03/11 04:09:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HP [2010/03/31 12:27:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HPAppData [2011/07/06 05:33:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HpUpdate [2008/02/16 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Identities [2008/07/05 02:13:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech [2008/02/16 16:11:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Macromedia [2011/09/09 12:22:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MAGIX [2012/06/05 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Malwarebytes [2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Media Center Programs [2010/11/23 09:21:57 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Microsoft [2010/12/15 17:50:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla [2008/03/15 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MSNInstaller [2009/06/10 09:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies [2011/12/01 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panda Security [2008/05/11 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking [2010/09/28 16:19:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PureEdge [2012/06/06 11:54:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Skype [2012/02/22 21:23:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\skypePM [2009/04/01 20:27:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template [2009/01/17 20:07:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\U3 [2012/05/31 17:08:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2012/06/06 10:10:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\vlc [2010/12/15 09:39:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yahoo! [2008/10/14 18:14:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yahoo! Companion < %APPDATA%\*.exe /s > [2008/07/05 01:56:26 | 000,008,854 | R--- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{3AC275FB-658D-43DA-A04D-9B2E30E517B2}\NewShortcut15_4B691FC6F103435EA1F6339BD6C78617.exe [2006/12/07 11:45:12 | 000,110,592 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\U3\temp\cleanup.exe [2006/12/07 11:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Users\Owner\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007/10/23 09:53:29 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2007/10/23 09:53:29 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2007/10/23 09:53:29 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/02/23 13:23:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/02/23 13:23:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/02/23 13:23:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/01/13 07:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007/10/23 08:11:16 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007/10/23 08:11:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008/01/19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006/11/02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006/11/02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006/11/02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008/01/19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008/01/19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Geändert von sil_booksi (08.06.2012 um 15:01 Uhr) |
|
08.06.2012, 18:15
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKLM\..\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60452
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{523F32BA-7501-476E-AC0C-D22EEB29AD04}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{80D6DB76-1108-49F6-A896-FEA8CB78E157}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{8C367274-CC00-41DA-BEAC-6C2CF70BB39E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={8153DA5E-4623-4182-84EC-97BE10D92242}&mid=b1c4cd4de19f631f6d81056869bace19-19797f26317ae0b17f4a1412906e404ec3d12118&lang=en&ds=AVG&pr=fr&d=2011-12-01 21:12:09&v=8.0.0.40&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{C1E0C7A6-A8E2-4FE0-9787-1C4A8155D7D4}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{DCA623BF-EA31-4439-9168-7930D9D25A8B}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
[2011/11/23 12:43:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/11/23 12:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2012/05/20 10:51:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/31 18:51:09 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2010/12/29 14:49:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/09/02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\taztryfv.default\searchplugins\iMeshWebSearch.xml
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010/09/02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/23 09:21:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{175676ee-f7b8-11df-8fbf-001e68094fde}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{175676ee-f7b8-11df-8fbf-001e68094fde}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
O33 - MountPoints2\{3120a840-aa0c-11dd-b013-001e68094fde}\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{3120a921-aa0c-11dd-b013-001e68094fde}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{574962f6-3335-11dd-a499-001e68094fde}\Shell\AutoRun\command - "" = G:\Launch.exe
O33 - MountPoints2\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\m.exe /s
O33 - MountPoints2\{5f119fdb-5119-11dd-adfe-001e68094fde}\Shell\AutoRun\command - "" = InstallSeagateManager.exe
O33 - MountPoints2\{6770080c-a034-11de-8677-001e68094fde}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{6e939d26-004f-11df-b24c-001e68094fde}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\{78252484-5e57-11dd-9fdc-001e68094fde}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{7bd6b079-aa97-11de-a7e3-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\Shell - "" = AutoRun
O33 - MountPoints2\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe
[2012/06/06 09:40:23 | 000,000,929 | ---- | C] () -- C:\Users\Owner\log.exe
:Files
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.06.2012, 20:49
| #5 |
| | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Habe alles nach Anweisung gemacht, bekam jedoch eine Fehlermeldung : Cannot create file C:\Windows\system32\drivers\etc\Hosts Danach ging gar nichts mehr?! Wie soll ich jetzt weiter forgehen, den OTL fix nochmals durchfuehren?! Vielen Dank MFG |
|
08.06.2012, 21:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Hast du OTL per Rechtsklick als Admin gestartet vorher? Wenn nicht bitte nochmal so machen
__________________ --> Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet |
|
08.06.2012, 22:04
| #7 |
| | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet so jetzt duerfte es stimmen danke dir mfg sarah Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0A3935-5FCC-4484-9160-3B53CF57C671}\ not found.
HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll not found.
HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{523F32BA-7501-476E-AC0C-D22EEB29AD04}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{523F32BA-7501-476E-AC0C-D22EEB29AD04}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{80D6DB76-1108-49F6-A896-FEA8CB78E157}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80D6DB76-1108-49F6-A896-FEA8CB78E157}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8C367274-CC00-41DA-BEAC-6C2CF70BB39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C367274-CC00-41DA-BEAC-6C2CF70BB39E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C1E0C7A6-A8E2-4FE0-9787-1C4A8155D7D4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1E0C7A6-A8E2-4FE0-9787-1C4A8155D7D4}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DCA623BF-EA31-4439-9168-7930D9D25A8B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCA623BF-EA31-4439-9168-7930D9D25A8B}\ not found.
Registry key HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0A3935-5FCC-4484-9160-3B53CF57C671}\ not found.
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL
Folder C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\ not found.
Folder C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash\ not found.
Folder C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
Folder C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Folder C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
File C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\taztryfv.default\searchplugins\iMeshWebSearch.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ not found.
File C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
File C:\Program Files\Spybot - Search & Destroy\SDHelper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
File C:\Program Files\Yahoo!\Common\yiesrvc.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\ not found.
File C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update not found.
File C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
File C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
File C:\Program Files\Yahoo!\Common\yiesrvc.dll not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{175676ee-f7b8-11df-8fbf-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{175676ee-f7b8-11df-8fbf-001e68094fde}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{175676ee-f7b8-11df-8fbf-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{175676ee-f7b8-11df-8fbf-001e68094fde}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3120a840-aa0c-11dd-b013-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3120a840-aa0c-11dd-b013-001e68094fde}\ not found.
File wd_windows_tools\WDEULA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3120a921-aa0c-11dd-b013-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3120a921-aa0c-11dd-b013-001e68094fde}\ not found.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{574962f6-3335-11dd-a499-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{574962f6-3335-11dd-a499-001e68094fde}\ not found.
File G:\Launch.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\m.exe /s not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f119fdb-5119-11dd-adfe-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f119fdb-5119-11dd-adfe-001e68094fde}\ not found.
File InstallSeagateManager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6770080c-a034-11de-8677-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6770080c-a034-11de-8677-001e68094fde}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e939d26-004f-11df-b24c-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e939d26-004f-11df-b24c-001e68094fde}\ not found.
File F:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78252484-5e57-11dd-9fdc-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78252484-5e57-11dd-9fdc-001e68094fde}\ not found.
File F:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bd6b079-aa97-11de-a7e3-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd6b079-aa97-11de-a7e3-001e68094fde}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\setup.exe not found.
File C:\Users\Owner\log.exe not found.
========== FILES ==========
File\Folder C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
->Temp folder emptied: 36818 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 12211592 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 12.00 mb
[EMPTYFLASH]
User: Default
User: Owner
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.47.0 log created on 06082012_225504
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
08.06.2012, 22:13
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.06.2012, 20:05
| #9 |
| | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Hier ist das log. Vielen Dank Code:
ATTFilter 20:59:26.0791 4596 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:59:28.0870 4596 ============================================================
20:59:28.0870 4596 Current date / time: 2012/06/09 20:59:28.0870
20:59:28.0870 4596 SystemInfo:
20:59:28.0870 4596
20:59:28.0870 4596 OS Version: 6.0.6002 ServicePack: 2.0
20:59:28.0870 4596 Product type: Workstation
20:59:28.0871 4596 ComputerName: OWNER-PC
20:59:28.0871 4596 UserName: Owner
20:59:28.0871 4596 Windows directory: C:\Windows
20:59:28.0871 4596 System windows directory: C:\Windows
20:59:28.0871 4596 Processor architecture: Intel x86
20:59:28.0871 4596 Number of processors: 2
20:59:28.0871 4596 Page size: 0x1000
20:59:28.0871 4596 Boot type: Normal boot
20:59:28.0871 4596 ============================================================
20:59:31.0134 4596 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:59:31.0141 4596 ============================================================
20:59:31.0141 4596 \Device\Harddisk0\DR0:
20:59:31.0141 4596 MBR partitions:
20:59:31.0141 4596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1B9F55B0
20:59:31.0141 4596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B9F55EF, BlocksNum 0x17CEF92
20:59:31.0141 4596 ============================================================
20:59:31.0149 4596 C: <-> \Device\Harddisk0\DR0\Partition0
20:59:31.0201 4596 D: <-> \Device\Harddisk0\DR0\Partition1
20:59:31.0203 4596 ============================================================
20:59:31.0203 4596 Initialize success
20:59:31.0203 4596 ============================================================
21:00:02.0432 2212 ============================================================
21:00:02.0432 2212 Scan started
21:00:02.0432 2212 Mode: Manual; SigCheck; TDLFS;
21:00:02.0432 2212 ============================================================
21:00:03.0102 2212 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:00:03.0486 2212 ACPI - ok
21:00:03.0631 2212 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:00:03.0677 2212 AdobeFlashPlayerUpdateSvc - ok
21:00:03.0743 2212 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:00:03.0836 2212 adp94xx - ok
21:00:03.0893 2212 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:00:03.0959 2212 adpahci - ok
21:00:03.0984 2212 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:00:04.0027 2212 adpu160m - ok
21:00:04.0053 2212 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:00:04.0106 2212 adpu320 - ok
21:00:04.0149 2212 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:00:04.0272 2212 AeLookupSvc - ok
21:00:04.0327 2212 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:00:04.0431 2212 AFD - ok
21:00:04.0479 2212 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:00:04.0517 2212 agp440 - ok
21:00:04.0562 2212 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:00:04.0602 2212 aic78xx - ok
21:00:04.0639 2212 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:00:04.0790 2212 ALG - ok
21:00:04.0814 2212 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:00:04.0850 2212 aliide - ok
21:00:04.0871 2212 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:00:04.0910 2212 amdagp - ok
21:00:04.0924 2212 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:00:04.0964 2212 amdide - ok
21:00:04.0985 2212 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:00:05.0227 2212 AmdK7 - ok
21:00:05.0265 2212 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
21:00:05.0349 2212 AmdK8 - ok
21:00:05.0393 2212 AmFSM (36b58a8bafe100de90c87a3c0e56a3f2) C:\Windows\system32\DRIVERS\amm8660.sys
21:00:05.0503 2212 AmFSM - ok
21:00:05.0592 2212 APPFLT (6b467e791ec470d010bd50e5e98bf467) C:\Windows\system32\Drivers\APPFLT.SYS
21:00:05.0629 2212 APPFLT - ok
21:00:05.0691 2212 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:00:05.0774 2212 Appinfo - ok
21:00:05.0895 2212 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:00:05.0931 2212 Apple Mobile Device - ok
21:00:05.0968 2212 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:00:06.0008 2212 arc - ok
21:00:06.0046 2212 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:00:06.0085 2212 arcsas - ok
21:00:06.0129 2212 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:00:06.0218 2212 AsyncMac - ok
21:00:06.0253 2212 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:00:06.0292 2212 atapi - ok
21:00:06.0399 2212 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
21:00:06.0505 2212 athr - ok
21:00:06.0587 2212 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:00:06.0669 2212 AudioEndpointBuilder - ok
21:00:06.0684 2212 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:00:06.0756 2212 Audiosrv - ok
21:00:06.0788 2212 AvFlt - ok
21:00:06.0968 2212 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
21:00:07.0016 2212 BBSvc - ok
21:00:07.0071 2212 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
21:00:07.0119 2212 BBUpdate - ok
21:00:07.0193 2212 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:00:07.0409 2212 BCM43XV - ok
21:00:07.0447 2212 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:00:07.0538 2212 Beep - ok
21:00:07.0613 2212 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:00:07.0766 2212 BFE - ok
21:00:07.0882 2212 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
21:00:08.0032 2212 BITS - ok
21:00:08.0043 2212 blbdrive - ok
21:00:08.0173 2212 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:00:08.0227 2212 Bonjour Service - ok
21:00:08.0263 2212 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:00:08.0326 2212 bowser - ok
21:00:08.0372 2212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:00:08.0442 2212 BrFiltLo - ok
21:00:08.0461 2212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:00:08.0532 2212 BrFiltUp - ok
21:00:08.0575 2212 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:00:08.0671 2212 Browser - ok
21:00:08.0709 2212 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:00:08.0863 2212 Brserid - ok
21:00:08.0890 2212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:00:09.0031 2212 BrSerWdm - ok
21:00:09.0059 2212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:00:09.0207 2212 BrUsbMdm - ok
21:00:09.0230 2212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:00:09.0360 2212 BrUsbSer - ok
21:00:09.0386 2212 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:00:09.0563 2212 BTHMODEM - ok
21:00:09.0608 2212 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:00:09.0698 2212 cdfs - ok
21:00:09.0752 2212 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:00:09.0830 2212 cdrom - ok
21:00:09.0887 2212 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:00:09.0949 2212 CertPropSvc - ok
21:00:09.0970 2212 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:00:10.0125 2212 circlass - ok
21:00:10.0182 2212 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:00:10.0241 2212 CLFS - ok
21:00:10.0305 2212 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:00:10.0346 2212 clr_optimization_v2.0.50727_32 - ok
21:00:10.0456 2212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:00:10.0497 2212 clr_optimization_v4.0.30319_32 - ok
21:00:10.0551 2212 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:00:10.0671 2212 CmBatt - ok
21:00:10.0699 2212 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:00:10.0743 2212 cmdide - ok
21:00:10.0789 2212 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
21:00:10.0864 2212 CnxtHdAudService - ok
21:00:10.0959 2212 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
21:00:11.0004 2212 Com4Qlb ( UnsignedFile.Multi.Generic ) - warning
21:00:11.0005 2212 Com4Qlb - detected UnsignedFile.Multi.Generic (1)
21:00:11.0040 2212 ComFiltr (d9c33e68f61f27d8206f65b0190dc5cf) C:\Windows\system32\DRIVERS\COMFiltr.sys
21:00:11.0075 2212 ComFiltr - ok
21:00:11.0119 2212 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:00:11.0159 2212 Compbatt - ok
21:00:11.0170 2212 COMSysApp - ok
21:00:11.0194 2212 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:00:11.0231 2212 crcdisk - ok
21:00:11.0259 2212 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:00:11.0407 2212 Crusoe - ok
21:00:11.0500 2212 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
21:00:11.0611 2212 CryptSvc - ok
21:00:11.0705 2212 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:00:11.0804 2212 DcomLaunch - ok
21:00:11.0847 2212 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:00:11.0911 2212 DfsC - ok
21:00:12.0173 2212 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:00:12.0355 2212 DFSR - ok
21:00:12.0540 2212 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:00:12.0610 2212 Dhcp - ok
21:00:12.0660 2212 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:00:12.0704 2212 disk - ok
21:00:12.0764 2212 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:00:12.0842 2212 Dnscache - ok
21:00:12.0897 2212 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:00:12.0970 2212 dot3svc - ok
21:00:13.0031 2212 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:00:13.0123 2212 DPS - ok
21:00:13.0176 2212 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:00:13.0244 2212 drmkaud - ok
21:00:13.0284 2212 DSAFLT (5bb0f91ffd84057d094d106d9ff53298) C:\Windows\system32\Drivers\DSAFLT.SYS
21:00:13.0321 2212 DSAFLT - ok
21:00:13.0405 2212 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:00:13.0518 2212 DXGKrnl - ok
21:00:13.0602 2212 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
21:00:13.0749 2212 E100B - ok
21:00:13.0861 2212 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:00:14.0022 2212 E1G60 - ok
21:00:14.0098 2212 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:00:14.0165 2212 EapHost - ok
21:00:14.0213 2212 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:00:14.0271 2212 Ecache - ok
21:00:14.0361 2212 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:00:14.0436 2212 ehRecvr - ok
21:00:14.0469 2212 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:00:14.0544 2212 ehSched - ok
21:00:14.0566 2212 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:00:14.0620 2212 ehstart - ok
21:00:14.0676 2212 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:00:14.0737 2212 elxstor - ok
21:00:14.0825 2212 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:00:14.0959 2212 EMDMgmt - ok
21:00:15.0037 2212 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:00:15.0128 2212 EventSystem - ok
21:00:15.0195 2212 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:00:15.0278 2212 exfat - ok
21:00:15.0337 2212 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:00:15.0427 2212 fastfat - ok
21:00:15.0455 2212 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:00:15.0601 2212 fdc - ok
21:00:15.0645 2212 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:00:15.0734 2212 fdPHost - ok
21:00:15.0768 2212 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:00:15.0909 2212 FDResPub - ok
21:00:16.0030 2212 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:00:16.0074 2212 FileInfo - ok
21:00:16.0118 2212 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:00:16.0207 2212 Filetrace - ok
21:00:16.0237 2212 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:00:16.0378 2212 flpydisk - ok
21:00:16.0442 2212 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:00:16.0489 2212 FltMgr - ok
21:00:16.0527 2212 FNETMON (a38b9ba7a4c17f7dce9ec4e8f7870026) C:\Windows\system32\Drivers\fnetmon.SYS
21:00:16.0564 2212 FNETMON - ok
21:00:16.0707 2212 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:00:16.0818 2212 FontCache - ok
21:00:16.0913 2212 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:00:16.0952 2212 FontCache3.0.0.0 - ok
21:00:17.0008 2212 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
21:00:17.0046 2212 fssfltr - ok
21:00:17.0254 2212 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:00:17.0456 2212 fsssvc - ok
21:00:17.0628 2212 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:00:17.0696 2212 Fs_Rec - ok
21:00:17.0746 2212 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:00:17.0787 2212 gagp30kx - ok
21:00:17.0839 2212 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:00:17.0872 2212 GEARAspiWDM - ok
21:00:17.0958 2212 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:00:18.0084 2212 gpsvc - ok
21:00:18.0227 2212 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:18.0277 2212 gupdate - ok
21:00:18.0289 2212 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:18.0326 2212 gupdatem - ok
21:00:18.0386 2212 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:00:18.0435 2212 gusvc - ok
21:00:18.0513 2212 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
21:00:18.0585 2212 HdAudAddService - ok
21:00:18.0663 2212 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:00:18.0792 2212 HDAudBus - ok
21:00:18.0839 2212 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:00:18.0973 2212 HidBth - ok
21:00:19.0057 2212 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:00:19.0198 2212 HidIr - ok
21:00:19.0242 2212 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
21:00:19.0326 2212 hidserv - ok
21:00:19.0374 2212 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:00:19.0434 2212 HidUsb - ok
21:00:19.0491 2212 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:00:19.0593 2212 hkmsvc - ok
21:00:19.0685 2212 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:00:19.0716 2212 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:00:19.0717 2212 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:00:19.0758 2212 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:00:19.0797 2212 HpCISSs - ok
21:00:19.0865 2212 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:00:19.0923 2212 HpqKbFiltr - ok
21:00:19.0960 2212 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
21:00:20.0018 2212 HpqRemHid - ok
21:00:20.0049 2212 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:00:20.0078 2212 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
21:00:20.0078 2212 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
21:00:20.0113 2212 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:00:20.0210 2212 HSFHWAZL - ok
21:00:20.0336 2212 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:00:20.0522 2212 HSF_DPV - ok
21:00:20.0628 2212 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:00:20.0687 2212 HSXHWAZL - ok
21:00:20.0760 2212 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:00:20.0858 2212 HTTP - ok
21:00:20.0896 2212 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:00:20.0934 2212 i2omp - ok
21:00:21.0005 2212 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:00:21.0087 2212 i8042prt - ok
21:00:21.0234 2212 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:00:21.0529 2212 ialm - ok
21:00:21.0694 2212 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:00:21.0748 2212 iaStorV - ok
21:00:21.0865 2212 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:00:21.0895 2212 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:00:21.0896 2212 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:00:21.0946 2212 IDSFLT (c4e887cf7ba2d3624233231aecd34c9d) C:\Windows\system32\Drivers\IDSFLT.SYS
21:00:21.0994 2212 IDSFLT - ok
21:00:22.0126 2212 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:00:22.0268 2212 idsvc - ok
21:00:22.0322 2212 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:00:22.0362 2212 iirsp - ok
21:00:22.0442 2212 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:00:22.0536 2212 IKEEXT - ok
21:00:22.0598 2212 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
21:00:22.0636 2212 intelide - ok
21:00:22.0659 2212 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
21:00:22.0808 2212 intelppm - ok
21:00:22.0924 2212 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:00:23.0024 2212 IPBusEnum - ok
21:00:23.0067 2212 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:00:23.0152 2212 IpFilterDriver - ok
21:00:23.0214 2212 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:00:23.0290 2212 iphlpsvc - ok
21:00:23.0304 2212 IpInIp - ok
21:00:23.0351 2212 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:00:23.0490 2212 IPMIDRV - ok
21:00:23.0540 2212 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:00:23.0642 2212 IPNAT - ok
21:00:23.0782 2212 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:00:23.0859 2212 iPod Service - ok
21:00:23.0899 2212 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:00:23.0976 2212 IRENUM - ok
21:00:24.0013 2212 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:00:24.0053 2212 isapnp - ok
21:00:24.0130 2212 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:00:24.0179 2212 iScsiPrt - ok
21:00:24.0205 2212 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:00:24.0245 2212 iteatapi - ok
21:00:24.0268 2212 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:00:24.0307 2212 iteraid - ok
21:00:24.0354 2212 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:00:24.0397 2212 kbdclass - ok
21:00:24.0441 2212 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:00:24.0523 2212 kbdhid - ok
21:00:24.0571 2212 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:00:24.0641 2212 KeyIso - ok
21:00:24.0718 2212 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:00:24.0799 2212 KSecDD - ok
21:00:24.0872 2212 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:00:24.0990 2212 KtmRm - ok
21:00:25.0057 2212 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
21:00:25.0136 2212 LanmanServer - ok
21:00:25.0196 2212 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:00:25.0263 2212 LanmanWorkstation - ok
21:00:25.0368 2212 LightScribeService (53710476495886d9961be46983a6a33f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:00:25.0404 2212 LightScribeService - ok
21:00:25.0472 2212 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:00:25.0562 2212 lltdio - ok
21:00:25.0629 2212 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:00:25.0728 2212 lltdsvc - ok
21:00:25.0761 2212 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:00:25.0906 2212 lmhosts - ok
21:00:26.0033 2212 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:00:26.0075 2212 LSI_FC - ok
21:00:26.0112 2212 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:00:26.0153 2212 LSI_SAS - ok
21:00:26.0192 2212 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:00:26.0232 2212 LSI_SCSI - ok
21:00:26.0284 2212 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:00:26.0374 2212 luafv - ok
21:00:26.0425 2212 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
21:00:26.0463 2212 MBAMProtector - ok
21:00:26.0549 2212 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:00:26.0620 2212 MBAMService - ok
21:00:26.0670 2212 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:00:26.0722 2212 Mcx2Svc - ok
21:00:26.0763 2212 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:00:26.0811 2212 mdmxsdk - ok
21:00:26.0849 2212 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:00:26.0889 2212 megasas - ok
21:00:26.0931 2212 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:00:27.0010 2212 MMCSS - ok
21:00:27.0056 2212 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:00:27.0145 2212 Modem - ok
21:00:27.0207 2212 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:00:27.0285 2212 monitor - ok
21:00:27.0337 2212 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:00:27.0381 2212 mouclass - ok
21:00:27.0406 2212 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:00:27.0496 2212 mouhid - ok
21:00:27.0558 2212 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:00:27.0600 2212 MountMgr - ok
21:00:27.0639 2212 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:00:27.0696 2212 MozillaMaintenance - ok
21:00:27.0724 2212 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:00:27.0772 2212 mpio - ok
21:00:27.0817 2212 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:00:27.0895 2212 mpsdrv - ok
21:00:27.0969 2212 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:00:28.0049 2212 MpsSvc - ok
21:00:28.0083 2212 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:00:28.0121 2212 Mraid35x - ok
21:00:28.0173 2212 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:00:28.0247 2212 MRxDAV - ok
21:00:28.0305 2212 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:00:28.0372 2212 mrxsmb - ok
21:00:28.0425 2212 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:00:28.0479 2212 mrxsmb10 - ok
21:00:28.0508 2212 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:00:28.0568 2212 mrxsmb20 - ok
21:00:28.0618 2212 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:00:28.0657 2212 msahci - ok
21:00:28.0689 2212 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:00:28.0729 2212 msdsm - ok
21:00:28.0782 2212 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:00:28.0873 2212 MSDTC - ok
21:00:28.0935 2212 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:00:29.0029 2212 Msfs - ok
21:00:29.0065 2212 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:00:29.0105 2212 msisadrv - ok
21:00:29.0153 2212 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:00:29.0251 2212 MSiSCSI - ok
21:00:29.0265 2212 msiserver - ok
21:00:29.0320 2212 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:00:29.0406 2212 MSKSSRV - ok
21:00:29.0447 2212 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:00:29.0524 2212 MSPCLOCK - ok
21:00:29.0572 2212 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:00:29.0649 2212 MSPQM - ok
21:00:29.0708 2212 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:00:29.0766 2212 MsRPC - ok
21:00:29.0814 2212 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:00:29.0853 2212 mssmbios - ok
21:00:29.0878 2212 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:00:29.0964 2212 MSTEE - ok
21:00:30.0017 2212 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:00:30.0061 2212 Mup - ok
21:00:30.0128 2212 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:00:30.0224 2212 napagent - ok
21:00:30.0283 2212 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:00:30.0348 2212 NativeWifiP - ok
21:00:30.0436 2212 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:00:30.0508 2212 NDIS - ok
21:00:30.0546 2212 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:00:30.0625 2212 NdisTapi - ok
21:00:30.0664 2212 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:00:30.0741 2212 Ndisuio - ok
21:00:30.0796 2212 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:00:30.0859 2212 NdisWan - ok
21:00:30.0900 2212 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:00:30.0976 2212 NDProxy - ok
21:00:31.0008 2212 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:00:31.0087 2212 NetBIOS - ok
21:00:31.0151 2212 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:00:31.0242 2212 netbt - ok
21:00:31.0295 2212 NETFLTDI (d8f44fc13db193c9379297973ee42272) C:\Windows\system32\Drivers\NETFLTDI.SYS
21:00:31.0345 2212 NETFLTDI - ok
21:00:31.0422 2212 NETIMFLT01060044 (9dee136c4863d5065437d07262bb5c40) C:\Windows\system32\DRIVERS\neti1644.sys
21:00:31.0465 2212 NETIMFLT01060044 - ok
21:00:31.0514 2212 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:00:31.0555 2212 Netlogon - ok
21:00:31.0616 2212 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:00:31.0723 2212 Netman - ok
21:00:31.0788 2212 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:00:31.0886 2212 netprofm - ok
21:00:31.0957 2212 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:00:32.0010 2212 NetTcpPortSharing - ok
21:00:32.0044 2212 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:00:32.0084 2212 nfrd960 - ok
21:00:32.0119 2212 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:00:32.0213 2212 NlaSvc - ok
21:00:32.0247 2212 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:00:32.0323 2212 Npfs - ok
21:00:32.0374 2212 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:00:32.0465 2212 nsi - ok
21:00:32.0509 2212 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:00:32.0614 2212 nsiproxy - ok
21:00:32.0759 2212 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:00:32.0884 2212 Ntfs - ok
21:00:32.0924 2212 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:00:33.0076 2212 ntrigdigi - ok
21:00:33.0173 2212 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:00:33.0257 2212 Null - ok
21:00:33.0384 2212 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:00:33.0527 2212 NVENETFD - ok
21:00:34.0254 2212 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:00:34.0962 2212 nvlddmkm - ok
21:00:35.0126 2212 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:00:35.0168 2212 nvraid - ok
21:00:35.0223 2212 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
21:00:35.0278 2212 nvsmu - ok
21:00:35.0314 2212 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:00:35.0353 2212 nvstor - ok
21:00:35.0407 2212 nvsvc (a8c043670699c956d56b9f1f3daefc98) C:\Windows\system32\nvvsvc.exe
21:00:35.0452 2212 nvsvc - ok
21:00:35.0493 2212 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:00:35.0536 2212 nv_agp - ok
21:00:35.0564 2212 NwlnkFlt - ok
21:00:35.0589 2212 NwlnkFwd - ok
21:00:35.0733 2212 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:00:35.0805 2212 odserv - ok
21:00:35.0866 2212 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:00:35.0941 2212 ohci1394 - ok
21:00:35.0998 2212 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:00:36.0050 2212 ose - ok
21:00:36.0131 2212 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:00:36.0298 2212 p2pimsvc - ok
21:00:36.0322 2212 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:00:36.0391 2212 p2psvc - ok
21:00:36.0406 2212 PalmUSBD - ok
21:00:36.0517 2212 Panda Software Controller (78b7642b0c51f24f0835c0226540d58b) C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrls.exe
21:00:36.0557 2212 Panda Software Controller - ok
21:00:36.0593 2212 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:00:36.0743 2212 Parport - ok
21:00:36.0862 2212 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
21:00:36.0905 2212 partmgr - ok
21:00:36.0931 2212 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:00:37.0076 2212 Parvdm - ok
21:00:37.0130 2212 pavboot (55d654258a9c509b671310c314bd30b4) C:\Windows\system32\Drivers\pavboot.sys
21:00:37.0164 2212 pavboot - ok
21:00:37.0221 2212 PAVFNSVR (ae848c1613c8738bb83adab4f0845e84) C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe
21:00:37.0261 2212 PAVFNSVR - ok
21:00:37.0335 2212 PavProc (a110035fdc4b8f8f0cd5e71d031274e1) C:\Windows\system32\DRIVERS\PavProc.sys
21:00:37.0384 2212 PavProc - ok
21:00:37.0451 2212 PavPrSrv (2ae3f6b23448443bbef5de207159213b) C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
21:00:37.0485 2212 PavPrSrv - ok
21:00:37.0500 2212 PavSRK.sys - ok
21:00:37.0578 2212 PAVSRV (97005413310966001fb6f4a5c503149c) C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe
21:00:37.0622 2212 PAVSRV - ok
21:00:37.0650 2212 PavTPK.sys - ok
21:00:37.0698 2212 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:00:37.0780 2212 PcaSvc - ok
21:00:37.0833 2212 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:00:37.0879 2212 pci - ok
21:00:37.0899 2212 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:00:37.0942 2212 pciide - ok
21:00:37.0991 2212 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:00:38.0044 2212 pcmcia - ok
21:00:38.0158 2212 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:00:38.0395 2212 PEAUTH - ok
21:00:38.0603 2212 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:00:38.0821 2212 pla - ok
21:00:38.0994 2212 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:00:39.0063 2212 PlugPlay - ok
21:00:39.0146 2212 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:00:39.0244 2212 PNRPAutoReg - ok
21:00:39.0271 2212 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:00:39.0378 2212 PNRPsvc - ok
21:00:39.0466 2212 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:00:39.0569 2212 PolicyAgent - ok
21:00:39.0648 2212 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:00:39.0734 2212 PptpMiniport - ok
21:00:39.0772 2212 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:00:39.0904 2212 Processor - ok
21:00:39.0956 2212 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:00:40.0031 2212 ProfSvc - ok
21:00:40.0082 2212 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:00:40.0129 2212 ProtectedStorage - ok
21:00:40.0189 2212 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:00:40.0261 2212 PSched - ok
21:00:40.0430 2212 PSHost (532053e8e3bb8fa7166ab4e7685fddcc) c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE
21:00:40.0469 2212 PSHost - ok
21:00:40.0517 2212 PSIMSVC (196c450f2779d0b462c444da4906ea7f) C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe
21:00:40.0553 2212 PSIMSVC - ok
21:00:40.0584 2212 PskSvcRetail (341457b79b3fc31a80c346c767045879) C:\Program Files\Panda Security\Panda Internet Security 2012\PskSvc.exe
21:00:40.0616 2212 PskSvcRetail - ok
21:00:40.0727 2212 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:00:40.0842 2212 ql2300 - ok
21:00:40.0898 2212 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:00:40.0952 2212 ql40xx - ok
21:00:41.0017 2212 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:00:41.0096 2212 QWAVE - ok
21:00:41.0149 2212 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:00:41.0205 2212 QWAVEdrv - ok
21:00:41.0302 2212 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
21:00:41.0381 2212 RapiMgr - ok
21:00:41.0422 2212 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:00:41.0498 2212 RasAcd - ok
21:00:41.0556 2212 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:00:41.0665 2212 RasAuto - ok
21:00:41.0709 2212 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:00:41.0790 2212 Rasl2tp - ok
21:00:41.0847 2212 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:00:41.0935 2212 RasMan - ok
21:00:41.0992 2212 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:00:42.0055 2212 RasPppoe - ok
21:00:42.0091 2212 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:00:42.0153 2212 RasSstp - ok
21:00:42.0216 2212 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:00:42.0298 2212 rdbss - ok
21:00:42.0342 2212 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:00:42.0416 2212 RDPCDD - ok
21:00:42.0475 2212 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:00:42.0627 2212 rdpdr - ok
21:00:42.0662 2212 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:00:42.0784 2212 RDPENCDD - ok
21:00:42.0851 2212 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
21:00:42.0915 2212 RDPWD - ok
21:00:42.0967 2212 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:00:43.0059 2212 RemoteAccess - ok
21:00:43.0109 2212 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:00:43.0184 2212 RemoteRegistry - ok
21:00:43.0335 2212 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:00:43.0379 2212 RichVideo - ok
21:00:43.0431 2212 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:00:43.0495 2212 rimmptsk - ok
21:00:43.0560 2212 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:00:43.0615 2212 rimsptsk - ok
21:00:43.0633 2212 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:00:43.0680 2212 rismxdp - ok
21:00:43.0714 2212 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:00:43.0768 2212 RpcLocator - ok
21:00:43.0862 2212 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:00:43.0944 2212 RpcSs - ok
21:00:43.0990 2212 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:00:44.0069 2212 rspndr - ok
21:00:44.0121 2212 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:00:44.0163 2212 SamSs - ok
21:00:44.0195 2212 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:00:44.0237 2212 sbp2port - ok
21:00:44.0310 2212 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:00:44.0401 2212 SCardSvr - ok
21:00:44.0497 2212 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:00:44.0671 2212 Schedule - ok
21:00:44.0738 2212 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:00:44.0796 2212 SCPolicySvc - ok
21:00:44.0849 2212 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:00:44.0911 2212 sdbus - ok
21:00:44.0961 2212 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:00:45.0037 2212 SDRSVC - ok
21:00:45.0072 2212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:00:45.0203 2212 secdrv - ok
21:00:45.0317 2212 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:00:45.0410 2212 seclogon - ok
21:00:45.0452 2212 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
21:00:45.0544 2212 SENS - ok
21:00:45.0572 2212 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:00:45.0705 2212 Serenum - ok
21:00:45.0737 2212 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:00:45.0879 2212 Serial - ok
21:00:45.0933 2212 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:00:46.0010 2212 sermouse - ok
21:00:46.0096 2212 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:00:46.0195 2212 SessionEnv - ok
21:00:46.0228 2212 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:00:46.0289 2212 sffdisk - ok
21:00:46.0317 2212 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:00:46.0463 2212 sffp_mmc - ok
21:00:46.0514 2212 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:00:46.0579 2212 sffp_sd - ok
21:00:46.0602 2212 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:00:46.0751 2212 sfloppy - ok
21:00:46.0819 2212 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:00:46.0930 2212 SharedAccess - ok
21:00:46.0994 2212 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:00:47.0079 2212 ShellHWDetection - ok
21:00:47.0132 2212 ShldDrv (32d6f7632234f0354c79e915ca4613d4) C:\Windows\system32\DRIVERS\ShlDrv51.sys
21:00:47.0166 2212 ShldDrv - ok
21:00:47.0197 2212 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:00:47.0236 2212 sisagp - ok
21:00:47.0260 2212 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:00:47.0303 2212 SiSRaid2 - ok
21:00:47.0334 2212 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:00:47.0387 2212 SiSRaid4 - ok
21:00:47.0701 2212 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:00:47.0945 2212 slsvc - ok
21:00:48.0107 2212 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:00:48.0197 2212 SLUINotify - ok
21:00:48.0260 2212 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:00:48.0340 2212 Smb - ok
21:00:48.0396 2212 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:00:48.0439 2212 SNMPTRAP - ok
21:00:48.0486 2212 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:00:48.0527 2212 spldr - ok
21:00:48.0582 2212 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:00:48.0653 2212 Spooler - ok
21:00:48.0723 2212 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:00:48.0804 2212 srv - ok
21:00:48.0858 2212 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:00:48.0948 2212 srv2 - ok
21:00:48.0995 2212 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:00:49.0040 2212 srvnet - ok
21:00:49.0082 2212 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:00:49.0167 2212 SSDPSRV - ok
21:00:49.0233 2212 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:00:49.0307 2212 SstpSvc - ok
21:00:49.0390 2212 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:00:49.0455 2212 stisvc - ok
21:00:49.0502 2212 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:00:49.0544 2212 swenum - ok
21:00:49.0619 2212 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:00:49.0694 2212 swprv - ok
21:00:49.0729 2212 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:00:49.0768 2212 Symc8xx - ok
21:00:49.0784 2212 SymIMMP - ok
21:00:49.0825 2212 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:00:49.0864 2212 Sym_hi - ok
21:00:49.0894 2212 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:00:49.0933 2212 Sym_u3 - ok
21:00:50.0013 2212 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
21:00:50.0063 2212 SynTP - ok
21:00:50.0156 2212 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:00:50.0259 2212 SysMain - ok
21:00:50.0306 2212 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:00:50.0359 2212 TabletInputService - ok
21:00:50.0425 2212 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:00:50.0509 2212 TapiSrv - ok
21:00:50.0567 2212 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:00:50.0649 2212 TBS - ok
21:00:50.0784 2212 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
21:00:50.0899 2212 Tcpip - ok
21:00:50.0936 2212 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
21:00:51.0065 2212 Tcpip6 - ok
21:00:51.0118 2212 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:00:51.0190 2212 tcpipreg - ok
21:00:51.0244 2212 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:00:51.0319 2212 TDPIPE - ok
21:00:51.0344 2212 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:00:51.0434 2212 TDTCP - ok
21:00:51.0476 2212 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:00:51.0538 2212 tdx - ok
21:00:51.0596 2212 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:00:51.0641 2212 TermDD - ok
21:00:51.0726 2212 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:00:51.0816 2212 TermService - ok
21:00:51.0879 2212 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:00:51.0930 2212 Themes - ok
21:00:51.0978 2212 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:00:52.0058 2212 THREADORDER - ok
21:00:52.0212 2212 TPSrv (eacbb8e02114329dddece593aedc61fe) C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe
21:00:52.0247 2212 TPSrv - ok
21:00:52.0282 2212 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:00:52.0386 2212 TrkWks - ok
21:00:52.0436 2212 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:00:52.0513 2212 TrustedInstaller - ok
21:00:52.0591 2212 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:00:52.0683 2212 tssecsrv - ok
21:00:52.0731 2212 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:00:52.0789 2212 tunmp - ok
21:00:52.0839 2212 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:00:52.0888 2212 tunnel - ok
21:00:52.0934 2212 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:00:52.0973 2212 uagp35 - ok
21:00:53.0034 2212 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:00:53.0106 2212 udfs - ok
21:00:53.0173 2212 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:00:53.0263 2212 UI0Detect - ok
21:00:53.0295 2212 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:00:53.0336 2212 uliagpkx - ok
21:00:53.0380 2212 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:00:53.0433 2212 uliahci - ok
21:00:53.0472 2212 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:00:53.0528 2212 UlSata - ok
21:00:53.0566 2212 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:00:53.0611 2212 ulsata2 - ok
21:00:53.0668 2212 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:00:53.0759 2212 umbus - ok
21:00:53.0834 2212 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:00:53.0926 2212 upnphost - ok
21:00:54.0012 2212 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:00:54.0080 2212 USBAAPL - ok
21:00:54.0134 2212 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:00:54.0197 2212 usbccgp - ok
21:00:54.0250 2212 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
21:00:54.0328 2212 USBCCID - ok
21:00:54.0372 2212 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:00:54.0506 2212 usbcir - ok
21:00:54.0576 2212 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:00:54.0675 2212 usbehci - ok
21:00:54.0744 2212 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:00:54.0833 2212 usbhub - ok
21:00:54.0868 2212 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:00:54.0929 2212 usbohci - ok
21:00:54.0958 2212 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:00:55.0093 2212 usbprint - ok
21:00:55.0211 2212 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:00:55.0297 2212 USBSTOR - ok
21:00:55.0336 2212 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
21:00:55.0475 2212 usbuhci - ok
21:00:55.0531 2212 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:00:55.0625 2212 usbvideo - ok
21:00:55.0705 2212 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
21:00:55.0776 2212 usb_rndisx - ok
21:00:55.0817 2212 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:00:55.0895 2212 UxSms - ok
21:00:55.0975 2212 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:00:56.0089 2212 vds - ok
21:00:56.0135 2212 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:00:56.0280 2212 vga - ok
21:00:56.0345 2212 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:00:56.0420 2212 VgaSave - ok
21:00:56.0455 2212 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:00:56.0494 2212 viaagp - ok
21:00:56.0526 2212 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:00:56.0666 2212 ViaC7 - ok
21:00:56.0698 2212 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:00:56.0736 2212 viaide - ok
21:00:56.0790 2212 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:00:56.0832 2212 volmgr - ok
21:00:56.0906 2212 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:00:56.0973 2212 volmgrx - ok
21:00:57.0040 2212 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:00:57.0096 2212 volsnap - ok
21:00:57.0119 2212 vsdatant - ok
21:00:57.0167 2212 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:00:57.0222 2212 vsmraid - ok
21:00:57.0352 2212 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:00:57.0496 2212 VSS - ok
21:00:57.0567 2212 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:00:57.0661 2212 W32Time - ok
21:00:57.0724 2212 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:00:57.0860 2212 WacomPen - ok
21:00:57.0905 2212 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:00:57.0967 2212 Wanarp - ok
21:00:57.0981 2212 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:00:58.0043 2212 Wanarpv6 - ok
21:00:58.0152 2212 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
21:00:58.0275 2212 WcesComm - ok
21:00:58.0339 2212 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:00:58.0422 2212 wcncsvc - ok
21:00:58.0483 2212 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:00:58.0558 2212 WcsPlugInService - ok
21:00:58.0598 2212 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:00:58.0636 2212 Wd - ok
21:00:58.0719 2212 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:00:58.0813 2212 Wdf01000 - ok
21:00:58.0875 2212 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:00:58.0956 2212 WdiServiceHost - ok
21:00:58.0971 2212 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:00:59.0053 2212 WdiSystemHost - ok
21:00:59.0117 2212 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:00:59.0198 2212 WebClient - ok
21:00:59.0264 2212 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:00:59.0353 2212 Wecsvc - ok
21:00:59.0430 2212 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:00:59.0515 2212 wercplsupport - ok
21:00:59.0597 2212 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:00:59.0677 2212 WerSvc - ok
21:00:59.0777 2212 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:00:59.0935 2212 winachsf - ok
21:01:00.0046 2212 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:01:00.0097 2212 WinDefend - ok
21:01:00.0128 2212 WinHttpAutoProxySvc - ok
21:01:00.0218 2212 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:01:00.0281 2212 Winmgmt - ok
21:01:00.0418 2212 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:01:00.0693 2212 WinRM - ok
21:01:00.0826 2212 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
21:01:00.0886 2212 winusb - ok
21:01:00.0972 2212 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:01:01.0117 2212 Wlansvc - ok
21:01:01.0229 2212 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:01:01.0267 2212 wlcrasvc - ok
21:01:01.0517 2212 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:01:01.0708 2212 wlidsvc - ok
21:01:01.0961 2212 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:01:02.0029 2212 WmiAcpi - ok
21:01:02.0154 2212 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:01:02.0227 2212 wmiApSrv - ok
21:01:02.0412 2212 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:01:02.0533 2212 WMPNetworkSvc - ok
21:01:02.0586 2212 WNMFLT (0411d0433e8c48ad24b2ef32d7c97ae0) C:\Windows\system32\Drivers\WNMFLT.SYS
21:01:02.0634 2212 WNMFLT - ok
21:01:02.0693 2212 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:01:02.0780 2212 WPCSvc - ok
21:01:02.0855 2212 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:01:02.0945 2212 WPDBusEnum - ok
21:01:03.0018 2212 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:01:03.0078 2212 WpdUsb - ok
21:01:03.0280 2212 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:01:03.0379 2212 WPFFontCache_v0400 - ok
21:01:03.0442 2212 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:01:03.0523 2212 ws2ifsl - ok
21:01:03.0588 2212 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
21:01:03.0657 2212 wscsvc - ok
21:01:03.0693 2212 WSearch - ok
21:01:03.0953 2212 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:01:04.0138 2212 wuauserv - ok
21:01:04.0329 2212 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:01:04.0418 2212 WUDFRd - ok
21:01:04.0468 2212 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:01:04.0561 2212 wudfsvc - ok
21:01:04.0612 2212 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
21:01:04.0660 2212 XAudio - ok
21:01:04.0722 2212 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
21:01:04.0850 2212 XAudioService - ok
21:01:05.0009 2212 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:01:05.0091 2212 YahooAUService - ok
21:01:05.0226 2212 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
21:01:05.0362 2212 \Device\Harddisk0\DR0 - ok
21:01:05.0373 2212 Boot (0x1200) (b5bdcc4256508bbc7d778d1e6075a772) \Device\Harddisk0\DR0\Partition0
21:01:05.0376 2212 \Device\Harddisk0\DR0\Partition0 - ok
21:01:05.0391 2212 Boot (0x1200) (f0615bff7cac49df0506237f25a1473d) \Device\Harddisk0\DR0\Partition1
21:01:05.0394 2212 \Device\Harddisk0\DR0\Partition1 - ok
21:01:05.0400 2212 ============================================================
21:01:05.0400 2212 Scan finished
21:01:05.0400 2212 ============================================================
21:01:05.0435 5480 Detected object count: 4
21:01:05.0435 5480 Actual detected object count: 4
21:02:02.0739 5480 Com4Qlb ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:02.0739 5480 Com4Qlb ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:02.0740 5480 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:02.0740 5480 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:02.0741 5480 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:02.0741 5480 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:02.0741 5480 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:02.0742 5480 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.06.2012, 00:26
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2012, 19:42
| #11 |
| | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Hi Arne hier ist die log vom combofix Code:
ATTFilter Combofix Logfile: Geändert von sil_booksi (10.06.2012 um 19:50 Uhr) |
|
10.06.2012, 20:40
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
C:\user.js
Folder::
c:\program files\BabylonToolbar
c:\program files\Uncompressor
c:\users\Owner\AppData\Roaming\Babylon
c:\programdata\Babylon
Firefox::
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\taztryfv.default\
FF - prefs.js: browser.startup.homepage - http://search.babylon.com/?affID=109986&tt=060612_8_&babsrc=HP_ss&mntrId=187a8701000000000000001f3a10de6c
FF - prefs.js: keyword.URL - http://search.babylon.com/?affID=109986&tt=060612_8_&babsrc=KW_ss&mntrId=187a8701000000000000001f3a10de6c&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109986&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 187a8701000000000000001f3a10de6c
FF - user.js: extensions.BabylonToolbar_i.hardId - 187a8701000000000000001f3a10de6c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15500
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:53
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.06.2012, 05:51
| #13 |
| | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Hi Arne, also ich habe das genau so gemacht, wurde aber nicht nach einem Neustart gefragt? Anbei das log., hoffe das es richtig ist. Combofix Logfile: Code:
ATTFilter ComboFix 12-06-10.01 - Owner 06/11/2012 5:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1004 [GMT 2:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Panda Internet Security 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2012 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Internet Security 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\user.js"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BabylonToolbar
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
c:\program files\Uncompressor
c:\program files\Uncompressor\7z.dll
c:\program files\Uncompressor\uncompressor.exe
c:\program files\Uncompressor\Uninstall\uninst.dat
c:\program files\Uncompressor\Uninstall\Uninstall.exe
c:\programdata\Babylon
C:\user.js
c:\users\Owner\AppData\Roaming\Babylon
c:\users\Owner\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 04:11 . 2012-06-11 04:11 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-06-11 04:11 . 2012-06-11 04:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-11 04:11 . 2012-06-11 04:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 18:23 . 2012-06-08 18:23 -------- d-----w- C:\_OTL
2012-06-08 15:04 . 2012-06-08 15:04 -------- d-----w- c:\users\Owner\AppData\Local\Panda Security
2012-06-08 14:58 . 2012-06-08 14:58 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2012-06-08 14:57 . 2012-06-10 16:33 196212 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2012-06-08 14:57 . 2010-09-09 14:23 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys
2012-06-08 14:57 . 2009-09-25 12:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2012-06-08 14:57 . 2009-09-25 12:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2012-06-08 14:56 . 2011-01-31 14:41 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2012-06-08 14:56 . 2009-09-25 12:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2012-06-08 14:56 . 2009-09-25 12:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2012-06-08 14:56 . 2010-06-22 16:13 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-06-08 14:54 . 2007-03-15 17:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2012-06-08 14:54 . 2003-10-22 16:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2012-06-08 14:54 . 2010-06-21 15:02 193344 ----a-w- c:\windows\system32\TpUtil.dll
2012-06-08 14:54 . 2010-06-21 15:01 520000 ----a-w- c:\windows\system32\PavSHook.dll
2012-06-08 14:54 . 2010-06-21 15:01 87360 ----a-w- c:\windows\system32\PavLspHook.dll
2012-06-08 14:54 . 2010-06-21 15:01 55616 ----a-w- c:\windows\system32\pavipc.dll
2012-06-08 14:54 . 2007-02-08 08:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2012-06-08 14:54 . 2010-09-01 09:09 201032 ----a-w- c:\windows\system32\drivers\neti1644.sys
2012-06-08 14:54 . 2012-06-08 14:54 -------- d-----w- c:\windows\system32\PAV
2012-06-08 14:54 . 2010-05-21 11:50 54344 ----a-w- c:\windows\system32\drivers\amm8660.sys
2012-06-08 14:54 . 2010-03-24 10:55 55552 ----a-w- c:\windows\system32\avldr.dll
2012-06-08 14:54 . 2012-06-08 14:54 -------- d-----w- c:\users\Owner\AppData\Roaming\Panda Security
2012-06-08 14:53 . 2012-06-08 14:53 -------- d-----w- c:\program files\Common Files\Panda Security
2012-06-08 14:53 . 2011-02-21 12:38 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2012-06-08 14:53 . 2010-05-06 15:11 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys
2012-06-08 07:39 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E174FF1-57E3-45DB-9E0E-F8A12E194A84}\mpengine.dll
2012-06-06 07:57 . 2012-06-06 07:57 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-06 07:57 . 2012-06-06 07:57 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-05 14:01 . 2012-06-05 14:01 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-06-05 14:01 . 2012-06-05 14:01 -------- d-----w- c:\programdata\Malwarebytes
2012-06-05 14:01 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 14:01 . 2012-06-05 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-04 20:37 . 2012-06-04 20:37 -------- d-----w- c:\windows\Sun
2012-05-28 08:24 . 2012-05-28 08:24 -------- d-----w- c:\program files\iPod
2012-05-28 08:24 . 2012-05-28 08:27 -------- d-----w- c:\program files\iTunes
2012-05-28 08:08 . 2012-05-28 08:08 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 23:31 . 2012-04-12 07:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 23:31 . 2011-06-28 08:35 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-03 08:16 . 2012-05-09 13:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-09 13:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-09 13:01 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-09 13:01 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-09 13:01 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-06 07:57 . 2012-02-23 05:15 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 10:55 55552 ----a-w- c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-24 01:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2011-05-13 14:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-27 20:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2725313977-2452428163-366678771-1000]
"EnableNotificationsRef"=dword:00000002
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 257696]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 01:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 23:31]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-17 23:04]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-17 23:04]
.
2012-05-23 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-10-23 18:58]
.
2012-06-10 c:\windows\Tasks\User_Feed_Synchronization-{DD707F92-E982-4E85-8D70-10F1713EB1FD}.job
- c:\windows\system32\msfeedssync.exe [2012-04-11 08:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=109986&tt=060612_8_&babsrc=HP_ss&mntrId=187a8701000000000000001f3a10de6c
mStart Page =
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\taztryfv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-11 06:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-06-11 06:46:35
ComboFix-quarantined-files.txt 2012-06-11 04:46
ComboFix2.txt 2012-06-10 18:02
.
Pre-Run: 160,454,631,424 bytes free
Post-Run: 160,416,309,248 bytes free
.
- - End Of File - - F4BAEDBF8592CD7EB74EF376B852D517
|
|
11.06.2012, 11:53
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.06.2012, 19:28
| #15 |
| | Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet Hi Also GMER habe ich nicht gemacht aber den Rest hier ist das aswMBR.log Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 19:15:23
-----------------------------
19:15:23.616 OS Version: Windows 6.0.6002 Service Pack 2
19:15:23.617 Number of processors: 2 586 0x6802
19:15:23.623 ComputerName: OWNER-PC UserName: Owner
19:15:24.842 Initialize success
19:15:43.893 AVAST engine defs: 12061100
19:15:50.550 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
19:15:50.555 Disk 0 Vendor: WDC_WD2500BEVS-60UST0 01.01A01 Size: 238475MB BusType: 3
19:15:50.580 Disk 0 MBR read successfully
19:15:50.586 Disk 0 MBR scan
19:15:50.618 Disk 0 unknown MBR code
19:15:50.624 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226282 MB offset 63
19:15:50.667 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12189 MB offset 463427055
19:15:50.681 Disk 0 scanning sectors +488392065
19:15:50.755 Disk 0 scanning C:\Windows\system32\drivers
19:16:18.324 Service scanning
19:17:02.413 Modules scanning
19:17:10.285 Disk 0 trace - called modules:
19:17:10.305
19:17:13.355 AVAST engine scan C:\Windows
19:17:18.407 AVAST engine scan C:\Windows\system32
19:24:08.768 AVAST engine scan C:\Windows\system32\drivers
19:24:44.042 AVAST engine scan C:\Users\Owner
19:38:32.946 AVAST engine scan C:\ProgramData
19:44:41.638 Scan finished successfully
20:24:54.229 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
20:24:54.239 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
MFG Sarah |
|
| Themen zu Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet |
| bingbar, bytes, compu, computer, dateisystem, fehlermeldung, firewall, gefunde, heuristiks/extra, heuristiks/shuriken, hijack, laptops, launch, malware, malware bytes, malwarebytes, nochmals, panda, plug-in, probleme, pup.mywebsearch, restart, rojaner gefunden, safer networking, scan, super, tagen, troja, trojaner, trojaner gefunden, versuch, versucht, windows internet |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
