| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.07.2012, 15:25
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bundespolizei Virus adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.07.2012, 15:37
| #17 |
 | Bundespolizei VirusCode:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/23/2012 at 16:30:06
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Tini - TINI-PC
# Running from : C:\Users\Tini\Desktop\adwcleaner(2).exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Tini\AppData\Local\Smartbar
Folder Deleted : C:\Users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\nxzgng31.default\Conduit
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\nxzgng31.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v20.0.1132.57
File : C:\Users\Tini\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [44338 octets] - [18/07/2012 16:41:03]
AdwCleaner[R2].txt - [44399 octets] - [18/07/2012 16:42:11]
AdwCleaner[R3].txt - [44463 octets] - [18/07/2012 16:45:01]
AdwCleaner[S1].txt - [45510 octets] - [18/07/2012 22:10:38]
AdwCleaner[R4].txt - [1365 octets] - [23/07/2012 13:16:32]
AdwCleaner[S2].txt - [1300 octets] - [23/07/2012 16:30:06]
########## EOF - C:\AdwCleaner[S2].txt - [1428 octets] ##########
Tini |
|
23.07.2012, 15:39
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus Ok, mach wieder wie o.g. ein neues OTL-Log!
__________________
__________________ |
|
23.07.2012, 18:50
| #19 |
| | Bundespolizei VirusCode:
ATTFilter OTL logfile created on: 7/23/2012 4:43:33 PM - Run 3 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Tini\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.75 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 60.16% Memory free 3.49 Gb Paging File | 2.24 Gb Available in Paging File | 64.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 280.80 Gb Total Space | 62.83 Gb Free Space | 22.38% Space Free | Partition Type: NTFS Drive D: | 931.28 Gb Total Space | 507.72 Gb Free Space | 54.52% Space Free | Partition Type: FAT32 Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.63% Space Free | Partition Type: FAT32 Computer Name: TINI-PC | User Name: Tini | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/13 21:54:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe PRC - [2012/05/15 21:56:22 | 000,320,000 | ---- | M] (Crawler, LLC) -- C:\Program Files\SiteRanker\SiteRankTray.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011/11/16 23:22:44 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2011/11/16 23:22:43 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STacSV.exe PRC - [2011/11/16 23:22:41 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\aestsrv.exe PRC - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/03/29 01:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/08/04 08:52:00 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/08/04 08:51:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/07/30 16:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2009/07/30 16:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009/07/28 00:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009/07/27 17:52:16 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe PRC - [2009/06/18 17:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe ========== Modules (No Company Name) ========== MOD - [2012/06/14 18:29:52 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012/06/14 18:29:29 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012/06/14 18:28:58 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 18:28:45 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/06/14 18:28:39 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012/05/24 20:31:37 | 000,036,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2011/09/27 15:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 15:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/13 02:02:22 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 03:59:41 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/06/29 21:58:32 | 001,732,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.18374__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2010/06/29 21:58:32 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/06/29 21:58:32 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.18350__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/06/29 21:58:32 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/06/29 21:58:32 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.18446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/06/29 21:58:32 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.18360__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:32 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.18419__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/06/29 21:58:32 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.18369__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/06/29 21:58:32 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.18406__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/06/29 21:58:32 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.18360__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/06/29 21:58:31 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:31 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.18427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/06/29 21:58:31 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/06/29 21:58:31 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.18472__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:30 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:30 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.18470__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010/06/29 21:58:29 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.18409__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:29 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.18377__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:29 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.18439__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/06/29 21:58:29 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3503.18363__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:29 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:29 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.18383__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010/06/29 21:58:29 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:29 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:29 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/06/29 21:58:29 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.18382__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/06/29 21:58:29 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/06/29 21:58:28 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:28 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/06/29 21:58:28 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/06/29 21:58:28 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/06/29 21:58:28 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/06/29 21:58:28 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/06/29 21:58:28 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/06/29 21:58:28 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/06/29 21:58:28 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/06/29 21:58:28 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/06/29 21:58:28 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/06/29 21:58:28 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/06/29 21:58:27 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/06/29 21:58:27 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/06/29 21:58:27 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/06/29 21:58:27 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/06/29 21:58:26 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/06/29 21:58:26 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/06/29 21:58:26 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/06/29 21:58:26 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/06/29 21:58:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/06/29 21:58:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/06/29 21:58:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010/06/29 21:58:26 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/06/29 21:58:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/06/29 21:58:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/06/29 21:58:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/06/29 21:58:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/06/29 21:58:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/06/29 21:58:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/06/29 21:58:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/06/29 21:58:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/06/29 21:58:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/06/29 21:58:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/06/29 21:58:25 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/06/29 21:58:24 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.18368__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/06/29 21:58:24 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.18465__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/06/29 21:58:24 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.18463__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/06/29 21:58:24 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.18478__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/06/29 21:58:24 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/06/29 21:58:24 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/06/29 21:58:24 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/06/29 21:58:24 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/06/29 21:58:24 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/06/29 21:58:24 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.18344__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010/06/29 21:58:23 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.18356__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/06/29 21:58:23 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.18348__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/06/29 21:58:23 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.18347__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/06/29 21:58:23 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/06/29 21:58:23 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/06/29 21:58:23 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/06/29 21:58:22 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3503.18346__90ba9c70f846762e\APM.Server.dll MOD - [2010/06/29 21:58:22 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.18345__90ba9c70f846762e\AEM.Server.dll MOD - [2010/06/29 21:58:22 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/06/29 21:58:22 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/06/29 21:58:22 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.18464__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009/09/10 09:55:16 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009/09/10 09:55:16 | 000,110,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009/07/30 16:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll MOD - [2009/07/16 02:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2009/07/16 02:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2009/07/16 02:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2009/07/16 02:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2009/07/16 02:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2009/07/16 02:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2009/07/16 02:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2009/07/16 02:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll MOD - [2009/06/17 20:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2009/06/17 20:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2009/06/17 20:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2008/12/19 00:03:42 | 000,020,480 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008/09/17 04:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2001/01/03 06:13:53 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2001/01/03 05:09:54 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2001/01/03 05:09:17 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2001/01/03 05:09:13 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2001/01/03 05:07:59 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll MOD - [2001/01/03 05:07:34 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2001/01/03 05:07:20 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2001/01/03 05:07:02 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2001/01/03 05:06:57 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2001/01/03 05:06:34 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ========== Win32 Services (SafeList) ========== SRV - [2012/07/13 19:06:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/03 01:53:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/11/16 23:22:43 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV.exe -- (STacSV) SRV - [2011/11/16 23:22:41 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\aestsrv.exe -- (AESTFilters) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/07/04 01:39:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/08/04 08:51:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/27 17:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/06/18 17:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009/06/13 20:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) ========== Driver Services (SafeList) ========== DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/11/16 23:22:44 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/11/05 00:42:16 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/11/05 00:42:08 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/11/05 00:42:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/08/04 09:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/07/27 17:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/20 11:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/02 10:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009/05/16 03:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/05/16 03:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK) DRV - [2009/05/16 03:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/05/16 03:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK) DRV - [2009/05/16 03:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK) DRV - [2009/05/04 20:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009/04/29 17:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=92&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=92&bd=all&pf=cmnb IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=92&bd=all&pf=cmnb IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com.ni/ [binary data] IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=hp&babsrc=lnkry_nt IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\..\SearchScopes\{D4DC3EF6-A266-46A0-8CB8-CBBFE4DA0ADF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: " " FF - prefs.js..browser.startup.homepage: "hxxp://www.gmail.com/" FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: {6b9c3e37-fcbd-4834-a71a-fa45c106a001}:3.6.0.10 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {48405d3d-2674-4cd8-b1ef-9a719443bd3f}:3.6.0.10 FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.7.0.6 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tini\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Tini\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tini\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tini\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\ [2012/06/08 20:50:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/03 01:54:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/31 10:57:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/03 01:54:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/31 10:57:05 | 000,000,000 | ---D | M] [2010/06/30 00:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Extensions [2010/06/30 00:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012/07/18 22:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions [2012/07/15 18:32:02 | 000,000,000 | ---D | M] (Discover USA Community Toolbar) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{48405d3d-2674-4cd8-b1ef-9a719443bd3f} [2012/07/08 13:27:29 | 000,000,000 | ---D | M] (ST-de Community Toolbar) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001} [2012/07/17 18:33:01 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2012/07/14 10:36:29 | 000,002,474 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\nxzgng31.default\searchplugins\Web Search.xml [2012/07/03 01:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/11/22 22:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/06/16 16:10:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/07/03 12:37:01 | 000,013,610 | ---- | M] () (No name found) -- C:\USERS\TINI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXZGNG31.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI [2012/07/03 01:54:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/05/31 09:42:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/05/31 09:42:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/05/31 09:42:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/05/31 09:42:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/05/31 09:42:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/05/31 09:42:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Tini\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tini\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tini\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Tini\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Tini\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\windows\system32\npdeployJava1.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Tini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\Tini\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Tini\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Tini\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Cuevana Stream = C:\Users\Tini\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_0\ CHR - Extension: Cuevana Stream = C:\Users\Tini\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_0\.svn\props\.svn-work O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll (Crawler, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-859142104-4023275205-1143686444-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-859142104-4023275205-1143686444-1001..\Run: [Browser Infrastructure Helper] C:\Users\Tini\AppData\Local\Smartbar\Application\Linkury.exe startup File not found O4 - HKU\S-1-5-21-859142104-4023275205-1143686444-1001..\Run: [Facebook Update] C:\Users\Tini\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB9BB77-985E-462E-B5DC-46E5D0D304E8}: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB9BB77-985E-462E-B5DC-46E5D0D304E8}: NameServer = 200.62.64.1,200.62.64.65 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DF42C5E-109E-4EDF-B988-C04F1DB87F03}: NameServer = 200.62.64.1 200.62.64.65 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F61C1870-0527-40F5-A807-AE1C12E3FAFF}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/07/17 17:58:05 | 000,000,000 | ---D | C] -- C:\Users\Tini\Desktop\fb [2012/07/17 15:00:41 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\Avira [2012/07/17 14:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/07/17 14:54:29 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012/07/17 14:54:29 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2012/07/17 14:54:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2012/07/17 14:54:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012/07/17 14:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/07/16 16:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/07/16 16:02:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Tini\Desktop\esetsmartinstaller_enu.exe [2012/07/16 15:03:18 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/07/16 13:37:09 | 000,000,000 | ---D | C] -- C:\Users\Tini\Documents\books [2012/07/13 22:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW [2012/07/13 22:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\SIW [2012/07/13 22:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012/07/13 22:28:02 | 000,000,000 | ---D | C] -- C:\Users\Tini\Desktop\ZIP [2012/07/13 21:53:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe [2012/07/13 18:52:39 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\Malwarebytes [2012/07/13 18:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/13 18:51:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/07/13 18:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/13 18:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/07/13 17:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/07/02 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\Tini\Documents\gescannte Dokumente [2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [1 C:\Users\Tini\Desktop\*.tmp files -> C:\Users\Tini\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/23 16:42:01 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/23 16:42:01 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/23 16:42:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-859142104-4023275205-1143686444-1001UA.job [2012/07/23 16:34:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/23 16:34:03 | 1406,820,352 | -HS- | M] () -- C:\hiberfil.sys [2012/07/23 16:06:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/07/23 15:01:02 | 000,001,134 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-859142104-4023275205-1143686444-1001UA.job [2012/07/23 13:15:52 | 000,632,049 | ---- | M] () -- C:\Users\Tini\Desktop\adwcleaner(2).exe [2012/07/22 23:42:00 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-859142104-4023275205-1143686444-1001Core.job [2012/07/22 21:01:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-859142104-4023275205-1143686444-1001Core.job [2012/07/17 14:55:01 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/07/16 21:01:20 | 000,097,505 | ---- | M] () -- C:\Users\Tini\.recently-used.xbel [2012/07/16 16:02:09 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Tini\Desktop\esetsmartinstaller_enu.exe [2012/07/16 15:03:29 | 000,002,269 | ---- | M] () -- C:\Users\Tini\Desktop\Google Chrome.lnk [2012/07/16 01:18:07 | 000,081,398 | ---- | M] () -- C:\Users\Tini\Desktop\Befund Mukoviszidose.pdf [2012/07/15 19:11:15 | 000,654,194 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/07/15 19:11:15 | 000,616,036 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/07/15 19:11:15 | 000,130,034 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/07/15 19:11:15 | 000,106,416 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/07/15 18:24:46 | 000,456,272 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/07/13 22:57:20 | 000,000,893 | ---- | M] () -- C:\Users\Tini\Desktop\SIW.lnk [2012/07/13 22:18:05 | 000,302,592 | ---- | M] () -- C:\Users\Tini\Desktop\rz446sys.exe [2012/07/13 21:54:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe [2012/07/13 21:53:05 | 000,000,000 | ---- | M] () -- C:\Users\Tini\defogger_reenable [2012/07/13 18:51:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/13 17:29:30 | 004,503,728 | ---- | M] () -- C:\ProgramData\7882338soc4029566.pad [2012/07/13 14:46:35 | 000,187,308 | ---- | M] () -- C:\Users\Tini\Documents\Erledigung BMWF-53.007_0109-III_7_2012_12.07.2012_Ramón Nicolás GUADAMUZ CUENDIS.PDF [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [1 C:\Users\Tini\Desktop\*.tmp files -> C:\Users\Tini\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/23 13:15:41 | 000,632,049 | ---- | C] () -- C:\Users\Tini\Desktop\adwcleaner(2).exe [2012/07/17 14:55:01 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/07/16 21:01:19 | 000,097,505 | ---- | C] () -- C:\Users\Tini\.recently-used.xbel [2012/07/16 15:03:29 | 000,002,269 | ---- | C] () -- C:\Users\Tini\Desktop\Google Chrome.lnk [2012/07/16 01:18:07 | 000,081,398 | ---- | C] () -- C:\Users\Tini\Desktop\Befund Mukoviszidose.pdf [2012/07/13 22:57:20 | 000,000,893 | ---- | C] () -- C:\Users\Tini\Desktop\SIW.lnk [2012/07/13 22:18:02 | 000,302,592 | ---- | C] () -- C:\Users\Tini\Desktop\rz446sys.exe [2012/07/13 21:53:05 | 000,000,000 | ---- | C] () -- C:\Users\Tini\defogger_reenable [2012/07/13 18:51:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/13 17:14:40 | 004,503,728 | ---- | C] () -- C:\ProgramData\7882338soc4029566.pad [2012/07/13 14:46:31 | 000,187,308 | ---- | C] () -- C:\Users\Tini\Documents\Erledigung BMWF-53.007_0109-III_7_2012_12.07.2012_Ramón Nicolás GUADAMUZ CUENDIS.PDF [2012/04/03 05:25:58 | 000,004,096 | -H-- | C] () -- C:\Users\Tini\AppData\Local\keyfile3.drm [2012/02/17 20:12:58 | 000,003,584 | ---- | C] () -- C:\Users\Tini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/29 22:05:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2010/11/22 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\BitTorrent [2011/04/03 07:45:06 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\DVDVideoSoftIEHelpers [2010/11/22 21:02:10 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\GetRightToGo [2012/07/16 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\gtk-2.0 [2010/11/22 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Kazaa Lite [2012/07/22 21:01:00 | 000,001,112 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-859142104-4023275205-1143686444-1001Core.job [2012/07/23 15:01:02 | 000,001,134 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-859142104-4023275205-1143686444-1001UA.job [2012/04/27 00:31:56 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/07/21 13:52:53 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Adobe [2011/04/15 00:27:56 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Ahead [2011/11/24 23:41:10 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Apple Computer [2010/06/29 21:58:58 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\ATI [2012/07/17 15:00:41 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Avira [2010/11/22 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\BitTorrent [2010/07/04 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\DivX [2011/04/03 07:45:06 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\DVDVideoSoftIEHelpers [2010/11/22 21:02:10 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\GetRightToGo [2012/07/16 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\gtk-2.0 [2012/04/02 07:37:12 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\hewlett-packard [2010/06/29 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\HP TCS [2010/06/29 15:23:01 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\hpqLog [2010/06/29 15:38:46 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Identities [2010/06/29 15:31:22 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\InstallShield [2010/11/22 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Kazaa Lite [2010/06/29 21:28:15 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Macromedia [2012/07/13 18:52:39 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Malwarebytes [2012/07/14 10:36:06 | 000,000,000 | --SD | M] -- C:\Users\Tini\AppData\Roaming\Microsoft [2012/07/19 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Mozilla [2011/03/03 23:54:08 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Roxio [2012/07/23 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Skype [2011/08/14 01:22:00 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\skypePM [2010/08/04 23:07:24 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/08/04 08:52:00 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\windows\system32\ATIDEMGX.dll [2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < > < End of report > Tini |
|
24.07.2012, 13:47
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=92&bd=all&pf=cmnb
IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=hp&babsrc=lnkry_nt
IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-859142104-4023275205-1143686444-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q="
FF - user.js - File not found
[2012/07/08 13:27:29 | 000,000,000 | ---D | M] (ST-de Community Toolbar) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}
[2012/07/17 18:33:01 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/07/14 10:36:29 | 000,002,474 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\nxzgng31.default\searchplugins\Web Search.xml
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll (Crawler, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKU\S-1-5-21-859142104-4023275205-1143686444-1001..\Run: [Browser Infrastructure Helper] C:\Users\Tini\AppData\Local\Smartbar\Application\Linkury.exe startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2012, 12:09
| #21 |
| | Bundespolizei VirusCode:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-859142104-4023275205-1143686444-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-859142104-4023275205-1143686444-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: helperbar@helperbar.com:1.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AT&userid=e14e8fc2-8e39-4189-a795-5512122d29a5&affid=110774&searchtype=ds&babsrc=lnkry&q=" removed from keyword.URL
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}\searchplugin folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}\Plugins folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}\modules folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}\META-INF folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}\defaults folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}\components folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}\chrome folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001} folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\Plugins folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\nxzgng31.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
C:\Users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\nxzgng31.default\searchplugins\Web Search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ deleted successfully.
C:\PROGRA~1\SITERA~1\SiteRank.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_USERS\S-1-5-21-859142104-4023275205-1143686444-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Tini
->Temp folder emptied: 53283052 bytes
->Temporary Internet Files folder emptied: 276654540 bytes
->Java cache emptied: 53000 bytes
->FireFox cache emptied: 86435076 bytes
->Google Chrome cache emptied: 375317789 bytes
->Flash cache emptied: 74886 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 976896 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174369827 bytes
RecycleBin emptied: 16811593435 bytes
Total Files Cleaned = 16,955.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Tini
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07252012_130117
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Liebste Grüße Tini |
|
25.07.2012, 13:05
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2012, 14:08
| #23 |
| | Bundespolizei VirusCode:
ATTFilter 15:02:59.0299 2656 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:02:59.0374 2656 ============================================================
15:02:59.0374 2656 Current date / time: 2012/07/25 15:02:59.0374
15:02:59.0374 2656 SystemInfo:
15:02:59.0374 2656
15:02:59.0374 2656 OS Version: 6.1.7601 ServicePack: 1.0
15:02:59.0374 2656 Product type: Workstation
15:02:59.0374 2656 ComputerName: TINI-PC
15:02:59.0374 2656 UserName: Tini
15:02:59.0374 2656 Windows directory: C:\windows
15:02:59.0374 2656 System windows directory: C:\windows
15:02:59.0374 2656 Processor architecture: Intel x86
15:02:59.0374 2656 Number of processors: 2
15:02:59.0374 2656 Page size: 0x1000
15:02:59.0374 2656 Boot type: Normal boot
15:02:59.0374 2656 ============================================================
15:03:02.0309 2656 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:03:02.0659 2656 Drive \Device\Harddisk1\DR2 - Size: 0x2537397000 (148.86 Gb), SectorSize: 0x1000, Cylinders: 0x97D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:03:02.0694 2656 ============================================================
15:03:02.0694 2656 \Device\Harddisk0\DR0:
15:03:02.0694 2656 MBR partitions:
15:03:02.0694 2656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
15:03:02.0694 2656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197800
15:03:02.0694 2656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2322E000, BlocksNum 0x1E00000
15:03:02.0694 2656 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502E000, BlocksNum 0x3FD800
15:03:02.0694 2656 \Device\Harddisk1\DR2:
15:03:02.0694 2656 MBR partitions:
15:03:02.0694 2656 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x2537357
15:03:02.0694 2656 ============================================================
15:03:02.0729 2656 C: <-> \Device\Harddisk0\DR0\Partition1
15:03:02.0764 2656 E: <-> \Device\Harddisk0\DR0\Partition3
15:03:02.0854 2656 ============================================================
15:03:02.0854 2656 Initialize success
15:03:02.0854 2656 ============================================================
15:03:21.0953 0344 ============================================================
15:03:21.0958 0344 Scan started
15:03:21.0958 0344 Mode: Manual; SigCheck; TDLFS;
15:03:21.0958 0344 ============================================================
15:03:22.0613 0344 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
15:03:22.0798 0344 1394ohci - ok
15:03:22.0863 0344 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
15:03:22.0908 0344 ACPI - ok
15:03:22.0938 0344 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
15:03:23.0013 0344 AcpiPmi - ok
15:03:23.0153 0344 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:23.0183 0344 AdobeFlashPlayerUpdateSvc - ok
15:03:23.0278 0344 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:03:23.0333 0344 adp94xx - ok
15:03:23.0368 0344 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:03:23.0413 0344 adpahci - ok
15:03:23.0443 0344 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:03:23.0478 0344 adpu320 - ok
15:03:23.0523 0344 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
15:03:23.0598 0344 AeLookupSvc - ok
15:03:23.0723 0344 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe
15:03:23.0803 0344 AESTFilters - ok
15:03:23.0888 0344 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
15:03:23.0978 0344 AFD - ok
15:03:24.0043 0344 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
15:03:24.0103 0344 AgereModemAudio - ok
15:03:24.0208 0344 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\windows\system32\DRIVERS\AGRSM.sys
15:03:24.0308 0344 AgereSoftModem - ok
15:03:24.0348 0344 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
15:03:24.0378 0344 agp440 - ok
15:03:24.0438 0344 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:03:24.0468 0344 aic78xx - ok
15:03:24.0523 0344 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
15:03:24.0598 0344 ALG - ok
15:03:24.0648 0344 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
15:03:24.0673 0344 aliide - ok
15:03:24.0743 0344 AMD External Events Utility (a236cee2bf90381e981ebb870429fa9b) C:\windows\system32\atiesrxx.exe
15:03:24.0828 0344 AMD External Events Utility - ok
15:03:24.0863 0344 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
15:03:24.0888 0344 amdagp - ok
15:03:24.0918 0344 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
15:03:24.0948 0344 amdide - ok
15:03:25.0008 0344 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:03:25.0068 0344 AmdK8 - ok
15:03:25.0093 0344 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:03:25.0138 0344 AmdPPM - ok
15:03:25.0183 0344 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
15:03:25.0208 0344 amdsata - ok
15:03:25.0238 0344 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:03:25.0283 0344 amdsbs - ok
15:03:25.0303 0344 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
15:03:25.0328 0344 amdxata - ok
15:03:25.0383 0344 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
15:03:25.0458 0344 AppID - ok
15:03:25.0508 0344 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
15:03:25.0589 0344 AppIDSvc - ok
15:03:25.0644 0344 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
15:03:25.0719 0344 Appinfo - ok
15:03:25.0859 0344 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:03:25.0879 0344 Apple Mobile Device - ok
15:03:25.0939 0344 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:03:25.0969 0344 arc - ok
15:03:25.0989 0344 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:03:26.0019 0344 arcsas - ok
15:03:26.0069 0344 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:03:26.0199 0344 AsyncMac - ok
15:03:26.0234 0344 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
15:03:26.0259 0344 atapi - ok
15:03:26.0644 0344 atikmdag (a4252328d2b1520571102992ef0b0e5c) C:\windows\system32\DRIVERS\atikmdag.sys
15:03:26.0819 0344 atikmdag - ok
15:03:26.0949 0344 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
15:03:26.0984 0344 AtiPcie - ok
15:03:27.0069 0344 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:03:27.0159 0344 AudioEndpointBuilder - ok
15:03:27.0174 0344 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:03:27.0239 0344 Audiosrv - ok
15:03:27.0279 0344 avkmgr - ok
15:03:27.0339 0344 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
15:03:27.0434 0344 AxInstSV - ok
15:03:27.0504 0344 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:03:27.0589 0344 b06bdrv - ok
15:03:27.0669 0344 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:03:27.0724 0344 b57nd60x - ok
15:03:27.0964 0344 BCM43XX (b9e94d37fc08525d893b632a0ca2e18c) C:\windows\system32\DRIVERS\bcmwl6.sys
15:03:28.0104 0344 BCM43XX - ok
15:03:28.0214 0344 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
15:03:28.0259 0344 BDESVC - ok
15:03:28.0284 0344 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:03:28.0359 0344 Beep - ok
15:03:28.0444 0344 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
15:03:28.0534 0344 BFE - ok
15:03:28.0600 0344 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
15:03:28.0700 0344 BITS - ok
15:03:28.0730 0344 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:03:28.0750 0344 blbdrive - ok
15:03:28.0890 0344 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:03:28.0930 0344 Bonjour Service - ok
15:03:28.0955 0344 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
15:03:29.0025 0344 bowser - ok
15:03:29.0055 0344 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:03:29.0130 0344 BrFiltLo - ok
15:03:29.0145 0344 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:03:29.0210 0344 BrFiltUp - ok
15:03:29.0280 0344 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
15:03:29.0340 0344 Browser - ok
15:03:29.0385 0344 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:03:29.0480 0344 Brserid - ok
15:03:29.0500 0344 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:03:29.0530 0344 BrSerWdm - ok
15:03:29.0555 0344 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:03:29.0605 0344 BrUsbMdm - ok
15:03:29.0630 0344 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:03:29.0685 0344 BrUsbSer - ok
15:03:29.0765 0344 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
15:03:29.0835 0344 BthEnum - ok
15:03:29.0880 0344 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:03:29.0920 0344 BTHMODEM - ok
15:03:29.0965 0344 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
15:03:30.0000 0344 BthPan - ok
15:03:30.0090 0344 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
15:03:30.0170 0344 BTHPORT - ok
15:03:30.0230 0344 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
15:03:30.0300 0344 bthserv - ok
15:03:30.0340 0344 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
15:03:30.0385 0344 BTHUSB - ok
15:03:30.0435 0344 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
15:03:30.0460 0344 btwaudio - ok
15:03:30.0505 0344 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
15:03:30.0530 0344 btwavdt - ok
15:03:30.0655 0344 btwdins (7d2dd14e60ce4ff3308d66fda7990546) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:03:30.0710 0344 btwdins - ok
15:03:30.0745 0344 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
15:03:30.0765 0344 btwl2cap - ok
15:03:30.0810 0344 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
15:03:30.0835 0344 btwrchid - ok
15:03:30.0900 0344 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:03:30.0980 0344 cdfs - ok
15:03:31.0025 0344 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
15:03:31.0070 0344 cdrom - ok
15:03:31.0130 0344 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:03:31.0185 0344 CertPropSvc - ok
15:03:31.0240 0344 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:03:31.0300 0344 circlass - ok
15:03:31.0515 0344 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:03:31.0550 0344 CLFS - ok
15:03:31.0610 0344 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:31.0640 0344 clr_optimization_v2.0.50727_32 - ok
15:03:31.0760 0344 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:31.0790 0344 clr_optimization_v4.0.30319_32 - ok
15:03:31.0810 0344 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:03:31.0860 0344 CmBatt - ok
15:03:31.0890 0344 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
15:03:31.0920 0344 cmdide - ok
15:03:32.0005 0344 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys
15:03:32.0100 0344 CNG - ok
15:03:32.0220 0344 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:03:32.0255 0344 Com4QLBEx - ok
15:03:32.0290 0344 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:03:32.0315 0344 Compbatt - ok
15:03:32.0355 0344 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
15:03:32.0400 0344 CompositeBus - ok
15:03:32.0420 0344 COMSysApp - ok
15:03:32.0460 0344 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:03:32.0485 0344 crcdisk - ok
15:03:32.0555 0344 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
15:03:32.0621 0344 CryptSvc - ok
15:03:32.0686 0344 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:03:32.0781 0344 DcomLaunch - ok
15:03:32.0826 0344 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
15:03:32.0916 0344 defragsvc - ok
15:03:32.0956 0344 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
15:03:33.0026 0344 DfsC - ok
15:03:33.0096 0344 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
15:03:33.0186 0344 Dhcp - ok
15:03:33.0226 0344 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:03:33.0301 0344 discache - ok
15:03:33.0356 0344 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:03:33.0381 0344 Disk - ok
15:03:33.0606 0344 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
15:03:33.0681 0344 Dnscache - ok
15:03:33.0756 0344 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
15:03:33.0841 0344 dot3svc - ok
15:03:33.0886 0344 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
15:03:33.0966 0344 DPS - ok
15:03:34.0011 0344 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:03:34.0061 0344 drmkaud - ok
15:03:34.0146 0344 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
15:03:34.0201 0344 DXGKrnl - ok
15:03:34.0271 0344 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
15:03:34.0351 0344 EapHost - ok
15:03:34.0606 0344 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:03:34.0736 0344 ebdrv - ok
15:03:34.0856 0344 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
15:03:34.0921 0344 EFS - ok
15:03:35.0011 0344 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
15:03:35.0106 0344 ehRecvr - ok
15:03:35.0136 0344 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
15:03:35.0181 0344 ehSched - ok
15:03:35.0286 0344 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:03:35.0336 0344 elxstor - ok
15:03:35.0361 0344 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
15:03:35.0401 0344 ErrDev - ok
15:03:35.0471 0344 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
15:03:35.0571 0344 EventSystem - ok
15:03:35.0631 0344 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:03:35.0726 0344 exfat - ok
15:03:35.0761 0344 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:03:35.0841 0344 fastfat - ok
15:03:35.0926 0344 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
15:03:36.0016 0344 Fax - ok
15:03:36.0046 0344 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:03:36.0091 0344 fdc - ok
15:03:36.0141 0344 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
15:03:36.0216 0344 fdPHost - ok
15:03:36.0251 0344 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
15:03:36.0316 0344 FDResPub - ok
15:03:36.0351 0344 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:03:36.0381 0344 FileInfo - ok
15:03:36.0396 0344 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:03:36.0476 0344 Filetrace - ok
15:03:36.0516 0344 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:03:36.0556 0344 flpydisk - ok
15:03:36.0601 0344 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:03:36.0641 0344 FltMgr - ok
15:03:36.0731 0344 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
15:03:36.0831 0344 FontCache - ok
15:03:36.0891 0344 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:03:36.0911 0344 FontCache3.0.0.0 - ok
15:03:36.0931 0344 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:03:36.0956 0344 FsDepends - ok
15:03:36.0986 0344 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
15:03:37.0011 0344 Fs_Rec - ok
15:03:37.0081 0344 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
15:03:37.0131 0344 fvevol - ok
15:03:37.0196 0344 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:03:37.0226 0344 gagp30kx - ok
15:03:37.0291 0344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:03:37.0311 0344 GEARAspiWDM - ok
15:03:37.0386 0344 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
15:03:37.0486 0344 gpsvc - ok
15:03:37.0571 0344 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:03:37.0611 0344 gusvc - ok
15:03:37.0641 0344 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:03:37.0701 0344 hcw85cir - ok
15:03:37.0786 0344 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
15:03:37.0846 0344 HdAudAddService - ok
15:03:37.0896 0344 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
15:03:37.0946 0344 HDAudBus - ok
15:03:37.0991 0344 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:03:38.0041 0344 HidBatt - ok
15:03:38.0081 0344 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:03:38.0116 0344 HidBth - ok
15:03:38.0151 0344 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:03:38.0171 0344 HidIr - ok
15:03:38.0201 0344 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
15:03:38.0271 0344 hidserv - ok
15:03:38.0311 0344 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
15:03:38.0351 0344 HidUsb - ok
15:03:38.0386 0344 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
15:03:38.0461 0344 hkmsvc - ok
15:03:38.0496 0344 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
15:03:38.0571 0344 HomeGroupListener - ok
15:03:38.0651 0344 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
15:03:38.0716 0344 HomeGroupProvider - ok
15:03:38.0851 0344 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:03:38.0861 0344 HP Support Assistant Service - ok
15:03:38.0956 0344 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:03:38.0976 0344 HPDrvMntSvc.exe - ok
15:03:39.0041 0344 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
15:03:39.0101 0344 HpqKbFiltr - ok
15:03:39.0200 0344 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
15:03:39.0240 0344 hpqwmiex - ok
15:03:39.0306 0344 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
15:03:39.0322 0344 HpSAMD - ok
15:03:39.0450 0344 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
15:03:39.0509 0344 HTTP - ok
15:03:39.0555 0344 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
15:03:39.0568 0344 hwpolicy - ok
15:03:39.0682 0344 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
15:03:39.0741 0344 i8042prt - ok
15:03:39.0815 0344 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
15:03:39.0852 0344 iaStorV - ok
15:03:39.0981 0344 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:03:40.0068 0344 idsvc - ok
15:03:40.0406 0344 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
15:03:40.0611 0344 igfx - ok
15:03:40.0771 0344 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:03:40.0796 0344 iirsp - ok
15:03:40.0921 0344 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
15:03:41.0016 0344 IKEEXT - ok
15:03:41.0051 0344 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
15:03:41.0076 0344 intelide - ok
15:03:41.0096 0344 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:03:41.0116 0344 intelppm - ok
15:03:41.0146 0344 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
15:03:41.0226 0344 IPBusEnum - ok
15:03:41.0266 0344 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:03:41.0341 0344 IpFilterDriver - ok
15:03:41.0406 0344 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
15:03:41.0511 0344 iphlpsvc - ok
15:03:41.0752 0344 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
15:03:41.0782 0344 IPMIDRV - ok
15:03:41.0812 0344 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:03:41.0882 0344 IPNAT - ok
15:03:42.0022 0344 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
15:03:42.0082 0344 iPod Service - ok
15:03:42.0127 0344 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:03:42.0217 0344 IRENUM - ok
15:03:42.0242 0344 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
15:03:42.0267 0344 isapnp - ok
15:03:42.0312 0344 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
15:03:42.0352 0344 iScsiPrt - ok
15:03:42.0552 0344 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
15:03:42.0572 0344 kbdclass - ok
15:03:42.0742 0344 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
15:03:42.0847 0344 kbdhid - ok
15:03:42.0932 0344 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:03:42.0962 0344 KeyIso - ok
15:03:43.0142 0344 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys
15:03:43.0192 0344 KSecDD - ok
15:03:43.0312 0344 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys
15:03:43.0352 0344 KSecPkg - ok
15:03:43.0482 0344 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
15:03:43.0614 0344 KtmRm - ok
15:03:43.0969 0344 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
15:03:44.0079 0344 LanmanServer - ok
15:03:44.0299 0344 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
15:03:44.0429 0344 LanmanWorkstation - ok
15:03:44.0647 0344 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:03:44.0717 0344 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:03:44.0717 0344 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:03:44.0922 0344 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:03:45.0025 0344 lltdio - ok
15:03:45.0244 0344 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
15:03:45.0354 0344 lltdsvc - ok
15:03:45.0389 0344 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
15:03:45.0469 0344 lmhosts - ok
15:03:45.0669 0344 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:03:45.0699 0344 LSI_FC - ok
15:03:45.0864 0344 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:03:45.0894 0344 LSI_SAS - ok
15:03:45.0989 0344 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:03:46.0029 0344 LSI_SAS2 - ok
15:03:46.0224 0344 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:03:46.0244 0344 LSI_SCSI - ok
15:03:46.0299 0344 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:03:46.0359 0344 luafv - ok
15:03:46.0429 0344 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
15:03:46.0494 0344 Mcx2Svc - ok
15:03:46.0509 0344 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:03:46.0539 0344 megasas - ok
15:03:46.0635 0344 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:03:46.0665 0344 MegaSR - ok
15:03:46.0815 0344 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys
15:03:46.0855 0344 MfeAVFK - ok
15:03:46.0900 0344 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys
15:03:46.0915 0344 MfeBOPK - ok
15:03:47.0380 0344 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys
15:03:47.0420 0344 mfehidk - ok
15:03:47.0450 0344 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys
15:03:47.0465 0344 MfeRKDK - ok
15:03:47.0495 0344 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys
15:03:47.0525 0344 mfetdik - ok
15:03:47.0550 0344 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:03:47.0590 0344 MMCSS - ok
15:03:47.0615 0344 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:03:47.0665 0344 Modem - ok
15:03:47.0710 0344 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:03:47.0755 0344 monitor - ok
15:03:47.0818 0344 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
15:03:47.0843 0344 mouclass - ok
15:03:47.0900 0344 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:03:47.0936 0344 mouhid - ok
15:03:47.0985 0344 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
15:03:48.0004 0344 mountmgr - ok
15:03:48.0160 0344 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:03:48.0212 0344 MozillaMaintenance - ok
15:03:48.0242 0344 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
15:03:48.0272 0344 mpio - ok
15:03:48.0299 0344 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:03:48.0350 0344 mpsdrv - ok
15:03:48.0427 0344 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
15:03:48.0492 0344 MpsSvc - ok
15:03:48.0546 0344 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
15:03:48.0587 0344 MRxDAV - ok
15:03:48.0660 0344 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
15:03:48.0747 0344 mrxsmb - ok
15:03:48.0973 0344 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:03:49.0044 0344 mrxsmb10 - ok
15:03:49.0139 0344 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:03:49.0192 0344 mrxsmb20 - ok
15:03:49.0266 0344 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
15:03:49.0294 0344 msahci - ok
15:03:49.0332 0344 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
15:03:49.0350 0344 msdsm - ok
15:03:49.0379 0344 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
15:03:49.0408 0344 MSDTC - ok
15:03:49.0469 0344 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:03:49.0506 0344 Msfs - ok
15:03:49.0518 0344 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:03:49.0563 0344 mshidkmdf - ok
15:03:49.0581 0344 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
15:03:49.0604 0344 msisadrv - ok
15:03:49.0667 0344 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
15:03:49.0705 0344 MSiSCSI - ok
15:03:49.0713 0344 msiserver - ok
15:03:49.0762 0344 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:03:49.0853 0344 MSKSSRV - ok
15:03:50.0054 0344 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:03:50.0176 0344 MSPCLOCK - ok
15:03:50.0296 0344 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:03:50.0358 0344 MSPQM - ok
15:03:50.0394 0344 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:03:50.0436 0344 MsRPC - ok
15:03:50.0460 0344 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
15:03:50.0488 0344 mssmbios - ok
15:03:50.0497 0344 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:03:50.0571 0344 MSTEE - ok
15:03:50.0605 0344 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:03:50.0629 0344 MTConfig - ok
15:03:50.0666 0344 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:03:50.0683 0344 Mup - ok
15:03:50.0776 0344 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
15:03:50.0831 0344 napagent - ok
15:03:50.0895 0344 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:03:50.0950 0344 NativeWifiP - ok
15:03:51.0120 0344 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
15:03:51.0185 0344 NBService - ok
15:03:51.0265 0344 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
15:03:51.0310 0344 NDIS - ok
15:03:51.0335 0344 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:03:51.0370 0344 NdisCap - ok
15:03:51.0420 0344 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:03:51.0495 0344 NdisTapi - ok
15:03:51.0555 0344 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
15:03:51.0610 0344 Ndisuio - ok
15:03:51.0650 0344 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
15:03:51.0720 0344 NdisWan - ok
15:03:51.0775 0344 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
15:03:51.0850 0344 NDProxy - ok
15:03:52.0125 0344 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:03:52.0235 0344 NetBIOS - ok
15:03:52.0285 0344 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
15:03:52.0365 0344 NetBT - ok
15:03:52.0405 0344 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:03:52.0425 0344 Netlogon - ok
15:03:52.0490 0344 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
15:03:52.0585 0344 Netman - ok
15:03:52.0636 0344 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
15:03:52.0741 0344 netprofm - ok
15:03:52.0821 0344 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:03:52.0856 0344 NetTcpPortSharing - ok
15:03:52.0911 0344 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:03:52.0941 0344 nfrd960 - ok
15:03:52.0996 0344 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
15:03:53.0076 0344 NlaSvc - ok
15:03:53.0206 0344 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
15:03:53.0251 0344 NMIndexingService - ok
15:03:53.0281 0344 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:03:53.0361 0344 Npfs - ok
15:03:53.0391 0344 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
15:03:53.0461 0344 nsi - ok
15:03:53.0491 0344 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:03:53.0566 0344 nsiproxy - ok
15:03:53.0701 0344 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
15:03:53.0771 0344 Ntfs - ok
15:03:53.0801 0344 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:03:53.0916 0344 Null - ok
15:03:53.0966 0344 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
15:03:53.0996 0344 nvraid - ok
15:03:54.0026 0344 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
15:03:54.0071 0344 nvstor - ok
15:03:54.0101 0344 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
15:03:54.0116 0344 nv_agp - ok
15:03:54.0311 0344 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:03:54.0366 0344 odserv - ok
15:03:54.0391 0344 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
15:03:54.0436 0344 ohci1394 - ok
15:03:54.0476 0344 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:03:54.0511 0344 ose - ok
15:03:54.0556 0344 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:03:54.0636 0344 p2pimsvc - ok
15:03:54.0676 0344 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
15:03:54.0726 0344 p2psvc - ok
15:03:54.0761 0344 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
15:03:54.0816 0344 Parport - ok
15:03:54.0856 0344 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
15:03:54.0886 0344 partmgr - ok
15:03:54.0906 0344 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
15:03:54.0946 0344 Parvdm - ok
15:03:54.0986 0344 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
15:03:55.0031 0344 PcaSvc - ok
15:03:55.0066 0344 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
15:03:55.0101 0344 pci - ok
15:03:55.0116 0344 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
15:03:55.0136 0344 pciide - ok
15:03:55.0171 0344 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
15:03:55.0216 0344 pcmcia - ok
15:03:55.0246 0344 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
15:03:55.0271 0344 pcw - ok
15:03:55.0351 0344 pdfcDispatcher - ok
15:03:55.0421 0344 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
15:03:55.0516 0344 PEAUTH - ok
15:03:55.0666 0344 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
15:03:55.0781 0344 pla - ok
15:03:55.0926 0344 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
15:03:56.0006 0344 PlugPlay - ok
15:03:56.0041 0344 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
15:03:56.0086 0344 PNRPAutoReg - ok
15:03:56.0141 0344 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:03:56.0181 0344 PNRPsvc - ok
15:03:56.0241 0344 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
15:03:56.0316 0344 PolicyAgent - ok
15:03:56.0346 0344 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
15:03:56.0391 0344 Power - ok
15:03:56.0461 0344 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
15:03:56.0528 0344 PptpMiniport - ok
15:03:56.0550 0344 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
15:03:56.0602 0344 Processor - ok
15:03:56.0659 0344 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
15:03:56.0738 0344 ProfSvc - ok
15:03:56.0786 0344 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:03:56.0814 0344 ProtectedStorage - ok
15:03:56.0931 0344 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
15:03:56.0999 0344 Psched - ok
15:03:57.0261 0344 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
15:03:57.0285 0344 PxHelp20 - ok
15:03:58.0411 0344 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
15:03:58.0486 0344 ql2300 - ok
15:03:58.0601 0344 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
15:03:58.0636 0344 ql40xx - ok
15:03:58.0671 0344 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
15:03:58.0726 0344 QWAVE - ok
15:03:58.0751 0344 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
15:03:58.0771 0344 QWAVEdrv - ok
15:03:58.0811 0344 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
15:03:58.0856 0344 RasAcd - ok
15:03:58.0906 0344 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
15:03:58.0956 0344 RasAgileVpn - ok
15:03:58.0991 0344 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
15:03:59.0036 0344 RasAuto - ok
15:03:59.0056 0344 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
15:03:59.0096 0344 Rasl2tp - ok
15:03:59.0171 0344 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
15:03:59.0246 0344 RasMan - ok
15:03:59.0281 0344 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
15:03:59.0356 0344 RasPppoe - ok
15:03:59.0451 0344 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
15:03:59.0511 0344 RasSstp - ok
15:03:59.0546 0344 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
15:03:59.0591 0344 rdbss - ok
15:03:59.0611 0344 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
15:03:59.0631 0344 rdpbus - ok
15:03:59.0656 0344 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
15:03:59.0706 0344 RDPCDD - ok
15:03:59.0751 0344 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
15:03:59.0786 0344 RDPENCDD - ok
15:03:59.0811 0344 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
15:03:59.0851 0344 RDPREFMP - ok
15:03:59.0896 0344 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
15:03:59.0986 0344 RDPWD - ok
15:04:00.0056 0344 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
15:04:00.0101 0344 rdyboost - ok
15:04:00.0141 0344 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
15:04:00.0191 0344 RemoteAccess - ok
15:04:00.0236 0344 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
15:04:00.0326 0344 RemoteRegistry - ok
15:04:00.0381 0344 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
15:04:00.0416 0344 RFCOMM - ok
15:04:00.0571 0344 RoxMediaDB10 (85f9924fb26d924c4a10dc620ae2c350) c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
15:04:00.0672 0344 RoxMediaDB10 - ok
15:04:00.0752 0344 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
15:04:00.0832 0344 RpcEptMapper - ok
15:04:00.0867 0344 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
15:04:00.0897 0344 RpcLocator - ok
15:04:00.0967 0344 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:04:01.0012 0344 RpcSs - ok
15:04:01.0097 0344 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
15:04:01.0167 0344 rspndr - ok
15:04:01.0207 0344 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:04:01.0232 0344 SamSs - ok
15:04:01.0287 0344 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
15:04:01.0317 0344 sbp2port - ok
15:04:01.0352 0344 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
15:04:01.0447 0344 SCardSvr - ok
15:04:01.0487 0344 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
15:04:01.0542 0344 scfilter - ok
15:04:01.0632 0344 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
15:04:01.0722 0344 Schedule - ok
15:04:01.0762 0344 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:04:01.0812 0344 SCPolicySvc - ok
15:04:01.0837 0344 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
15:04:01.0907 0344 SDRSVC - ok
15:04:02.0037 0344 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
15:04:02.0142 0344 secdrv - ok
15:04:02.0167 0344 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
15:04:02.0247 0344 seclogon - ok
15:04:02.0402 0344 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
15:04:02.0567 0344 SENS - ok
15:04:02.0597 0344 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
15:04:02.0662 0344 SensrSvc - ok
15:04:02.0692 0344 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
15:04:02.0732 0344 Serenum - ok
15:04:02.0762 0344 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
15:04:02.0802 0344 Serial - ok
15:04:02.0842 0344 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
15:04:02.0887 0344 sermouse - ok
15:04:02.0942 0344 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
15:04:02.0992 0344 SessionEnv - ok
15:04:03.0012 0344 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
15:04:03.0052 0344 sffdisk - ok
15:04:03.0077 0344 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
15:04:03.0102 0344 sffp_mmc - ok
15:04:03.0117 0344 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
15:04:03.0167 0344 sffp_sd - ok
15:04:03.0177 0344 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
15:04:03.0202 0344 sfloppy - ok
15:04:03.0277 0344 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
15:04:03.0357 0344 SharedAccess - ok
15:04:03.0412 0344 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
15:04:03.0502 0344 ShellHWDetection - ok
15:04:03.0557 0344 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
15:04:03.0587 0344 sisagp - ok
15:04:03.0672 0344 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:04:03.0687 0344 SiSRaid2 - ok
15:04:03.0712 0344 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
15:04:03.0737 0344 SiSRaid4 - ok
15:04:03.0792 0344 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
15:04:03.0837 0344 Smb - ok
15:04:03.0917 0344 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
15:04:03.0957 0344 SNMPTRAP - ok
15:04:04.0207 0344 SNP2UVC (d8aba1293b82e7af2f78b67ca46fcb3d) C:\windows\system32\DRIVERS\snp2uvc.sys
15:04:04.0292 0344 SNP2UVC - ok
15:04:04.0387 0344 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
15:04:04.0412 0344 spldr - ok
15:04:04.0467 0344 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
15:04:04.0557 0344 Spooler - ok
15:04:04.0792 0344 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
15:04:04.0942 0344 sppsvc - ok
15:04:05.0072 0344 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
15:04:05.0157 0344 sppuinotify - ok
15:04:05.0207 0344 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
15:04:05.0292 0344 srv - ok
15:04:05.0327 0344 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
15:04:05.0392 0344 srv2 - ok
15:04:05.0432 0344 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
15:04:05.0477 0344 srvnet - ok
15:04:05.0522 0344 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
15:04:05.0597 0344 SSDPSRV - ok
15:04:05.0622 0344 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
15:04:05.0668 0344 SstpSvc - ok
15:04:05.0848 0344 STacSV (03f6cf42a1db74290448cde668578c87) C:\Program Files\IDT\WDM\STacSV.exe
15:04:05.0908 0344 STacSV - ok
15:04:05.0943 0344 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
15:04:05.0973 0344 stexstor - ok
15:04:06.0113 0344 STHDA (8a8246f40792956e957f3e8d0c188963) C:\windows\system32\DRIVERS\stwrt.sys
15:04:06.0193 0344 STHDA - ok
15:04:06.0263 0344 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
15:04:06.0323 0344 StiSvc - ok
15:04:06.0393 0344 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:04:06.0408 0344 stllssvr - ok
15:04:06.0443 0344 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
15:04:06.0458 0344 swenum - ok
15:04:06.0498 0344 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
15:04:06.0553 0344 swprv - ok
15:04:06.0628 0344 SynTP (1de40024679cde0e573465253519730e) C:\windows\system32\DRIVERS\SynTP.sys
15:04:06.0668 0344 SynTP - ok
15:04:06.0773 0344 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
15:04:06.0863 0344 SysMain - ok
15:04:06.0918 0344 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
15:04:06.0968 0344 TabletInputService - ok
15:04:07.0263 0344 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
15:04:07.0323 0344 TapiSrv - ok
15:04:07.0348 0344 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
15:04:07.0383 0344 TBS - ok
15:04:07.0693 0344 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
15:04:07.0778 0344 Tcpip - ok
15:04:07.0828 0344 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
15:04:07.0893 0344 TCPIP6 - ok
15:04:08.0138 0344 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
15:04:08.0203 0344 tcpipreg - ok
15:04:08.0268 0344 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
15:04:08.0308 0344 TDPIPE - ok
15:04:08.0358 0344 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
15:04:08.0403 0344 TDTCP - ok
15:04:08.0443 0344 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
15:04:08.0513 0344 tdx - ok
15:04:08.0553 0344 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
15:04:08.0578 0344 TermDD - ok
15:04:08.0683 0344 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
15:04:08.0803 0344 TermService - ok
15:04:08.0853 0344 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
15:04:08.0913 0344 Themes - ok
15:04:08.0963 0344 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:04:09.0023 0344 THREADORDER - ok
15:04:09.0098 0344 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
15:04:09.0163 0344 TPM - ok
15:04:09.0448 0344 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
15:04:09.0553 0344 TrkWks - ok
15:04:09.0689 0344 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
15:04:09.0764 0344 TrustedInstaller - ok
15:04:09.0849 0344 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
15:04:09.0919 0344 tssecsrv - ok
15:04:10.0134 0344 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
15:04:10.0229 0344 TsUsbFlt - ok
15:04:10.0384 0344 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
15:04:10.0439 0344 tunnel - ok
15:04:10.0489 0344 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
15:04:10.0509 0344 uagp35 - ok
15:04:10.0559 0344 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
15:04:10.0644 0344 udfs - ok
15:04:10.0779 0344 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
15:04:10.0834 0344 UI0Detect - ok
15:04:10.0884 0344 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
15:04:10.0899 0344 uliagpkx - ok
15:04:10.0979 0344 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
15:04:11.0029 0344 umbus - ok
15:04:11.0059 0344 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
15:04:11.0089 0344 UmPass - ok
15:04:11.0129 0344 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
15:04:11.0224 0344 upnphost - ok
15:04:11.0284 0344 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\windows\system32\Drivers\usbaapl.sys
15:04:11.0314 0344 USBAAPL - ok
15:04:11.0394 0344 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
15:04:11.0429 0344 usbaudio - ok
15:04:11.0474 0344 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
15:04:11.0539 0344 usbccgp - ok
15:04:11.0574 0344 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
15:04:11.0634 0344 usbcir - ok
15:04:11.0704 0344 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
15:04:11.0754 0344 usbehci - ok
15:04:11.0824 0344 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
15:04:11.0869 0344 usbhub - ok
15:04:11.0884 0344 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
15:04:11.0914 0344 usbohci - ok
15:04:11.0979 0344 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
15:04:12.0029 0344 usbprint - ok
15:04:12.0069 0344 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
15:04:12.0119 0344 usbscan - ok
15:04:12.0169 0344 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:04:12.0219 0344 USBSTOR - ok
15:04:12.0239 0344 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
15:04:12.0264 0344 usbuhci - ok
15:04:12.0334 0344 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
15:04:12.0394 0344 usbvideo - ok
15:04:12.0424 0344 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
15:04:12.0484 0344 UxSms - ok
15:04:12.0594 0344 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:04:12.0624 0344 VaultSvc - ok
15:04:12.0955 0344 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
15:04:12.0980 0344 vdrvroot - ok
15:04:13.0050 0344 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
15:04:13.0160 0344 vds - ok
15:04:13.0215 0344 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
15:04:13.0245 0344 vga - ok
15:04:13.0310 0344 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
15:04:13.0365 0344 VgaSave - ok
15:04:13.0550 0344 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
15:04:13.0600 0344 vhdmp - ok
15:04:13.0885 0344 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
15:04:13.0945 0344 viaagp - ok
15:04:14.0175 0344 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
15:04:14.0205 0344 ViaC7 - ok
15:04:14.0260 0344 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
15:04:14.0295 0344 viaide - ok
15:04:14.0315 0344 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
15:04:14.0335 0344 volmgr - ok
15:04:14.0375 0344 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
15:04:14.0405 0344 volmgrx - ok
15:04:14.0660 0344 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
15:04:14.0700 0344 volsnap - ok
15:04:14.0775 0344 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
15:04:14.0805 0344 vsmraid - ok
15:04:15.0010 0344 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
15:04:15.0095 0344 VSS - ok
15:04:15.0125 0344 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
15:04:15.0175 0344 vwifibus - ok
15:04:15.0225 0344 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
15:04:15.0250 0344 vwififlt - ok
15:04:15.0315 0344 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
15:04:15.0340 0344 vwifimp - ok
15:04:15.0445 0344 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
15:04:15.0500 0344 W32Time - ok
15:04:15.0545 0344 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
15:04:15.0590 0344 WacomPen - ok
15:04:15.0670 0344 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
15:04:15.0775 0344 WANARP - ok
15:04:15.0780 0344 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
15:04:15.0820 0344 Wanarpv6 - ok
15:04:16.0050 0344 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
15:04:16.0115 0344 WatAdminSvc - ok
15:04:16.0380 0344 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
15:04:16.0540 0344 wbengine - ok
15:04:16.0600 0344 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
15:04:16.0670 0344 WbioSrvc - ok
15:04:16.0720 0344 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
15:04:16.0770 0344 wcncsvc - ok
15:04:16.0790 0344 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
15:04:16.0855 0344 WcsPlugInService - ok
15:04:16.0910 0344 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
15:04:16.0935 0344 Wd - ok
15:04:16.0990 0344 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
15:04:17.0050 0344 Wdf01000 - ok
15:04:17.0185 0344 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:04:17.0245 0344 WdiServiceHost - ok
15:04:17.0255 0344 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:04:17.0290 0344 WdiSystemHost - ok
15:04:17.0375 0344 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
15:04:17.0410 0344 WebClient - ok
15:04:17.0445 0344 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
15:04:17.0490 0344 Wecsvc - ok
15:04:17.0535 0344 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
15:04:17.0610 0344 wercplsupport - ok
15:04:17.0670 0344 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
15:04:17.0731 0344 WerSvc - ok
15:04:17.0761 0344 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
15:04:17.0801 0344 WfpLwf - ok
15:04:17.0826 0344 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
15:04:17.0846 0344 WIMMount - ok
15:04:18.0056 0344 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:04:18.0116 0344 WinDefend - ok
15:04:18.0126 0344 WinHttpAutoProxySvc - ok
15:04:18.0226 0344 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
15:04:18.0286 0344 Winmgmt - ok
15:04:18.0611 0344 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
15:04:18.0686 0344 WinRM - ok
15:04:18.0796 0344 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
15:04:18.0831 0344 WinUsb - ok
15:04:19.0166 0344 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
15:04:19.0246 0344 Wlansvc - ok
15:04:19.0291 0344 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
15:04:19.0341 0344 WmiAcpi - ok
15:04:19.0461 0344 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
15:04:19.0516 0344 wmiApSrv - ok
15:04:20.0081 0344 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:04:20.0161 0344 WMPNetworkSvc - ok
15:04:20.0206 0344 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
15:04:20.0251 0344 WPCSvc - ok
15:04:20.0446 0344 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
15:04:20.0546 0344 WPDBusEnum - ok
15:04:20.0641 0344 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
15:04:20.0721 0344 ws2ifsl - ok
15:04:20.0751 0344 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
15:04:20.0806 0344 wscsvc - ok
15:04:20.0816 0344 WSearch - ok
15:04:22.0491 0344 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
15:04:22.0626 0344 wuauserv - ok
15:04:22.0906 0344 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
15:04:22.0976 0344 WudfPf - ok
15:04:23.0166 0344 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
15:04:23.0236 0344 WUDFRd - ok
15:04:23.0501 0344 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
15:04:23.0581 0344 wudfsvc - ok
15:04:23.0621 0344 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
15:04:23.0671 0344 WwanSvc - ok
15:04:23.0756 0344 yukonw7 (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys
15:04:23.0851 0344 yukonw7 - ok
15:04:23.0916 0344 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:04:23.0946 0344 ZTEusbmdm6k - ok
15:04:24.0006 0344 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbnmea.sys
15:04:24.0036 0344 ZTEusbnmea - ok
15:04:24.0056 0344 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbser6k.sys
15:04:24.0086 0344 ZTEusbser6k - ok
15:04:24.0126 0344 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:04:26.0121 0344 \Device\Harddisk0\DR0 - ok
15:04:26.0416 0344 MBR (0x1B8) (349669bfe21c6f7d96616dfaf8497813) \Device\Harddisk1\DR2
15:04:45.0001 0344 \Device\Harddisk1\DR2 - ok
15:04:45.0101 0344 Boot (0x1200) (a4ec0105ed2aa4aafa4d206b7354f157) \Device\Harddisk0\DR0\Partition0
15:04:45.0151 0344 \Device\Harddisk0\DR0\Partition0 - ok
15:04:45.0216 0344 Boot (0x1200) (a81016ca6fc0a55fde9f34b13d734abd) \Device\Harddisk0\DR0\Partition1
15:04:45.0261 0344 \Device\Harddisk0\DR0\Partition1 - ok
15:04:45.0366 0344 Boot (0x1200) (346c80b040119649cff24bd8d2d4e9b1) \Device\Harddisk0\DR0\Partition2
15:04:45.0371 0344 \Device\Harddisk0\DR0\Partition2 - ok
15:04:45.0446 0344 Boot (0x1200) (aa8471d70c35f4150528a590203ea342) \Device\Harddisk0\DR0\Partition3
15:04:45.0576 0344 \Device\Harddisk0\DR0\Partition3 - ok
15:04:45.0591 0344 Boot (0x1200) (b5bcde68e605a259540d2b3f2098cbfd) \Device\Harddisk1\DR2\Partition0
15:04:45.0596 0344 \Device\Harddisk1\DR2\Partition0 - ok
15:04:45.0601 0344 ============================================================
15:04:45.0601 0344 Scan finished
15:04:45.0601 0344 ============================================================
15:04:45.0636 1012 Detected object count: 1
15:04:45.0636 1012 Actual detected object count: 1
15:05:28.0491 1012 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:28.0491 1012 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Tini |
|
25.07.2012, 14:37
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.07.2012, 15:44
| #25 |
| | Bundespolizei Virus GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-26 16:28:20
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0006HPM1
Running: 8v660xkq.exe; Driver: C:\Users\Tini\AppData\Local\Temp\kxldipod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 832933C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832CCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC26000, 0x2D51CE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713613d07
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713613d07@567706ab2124 0x36 0xA7 0x2E 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713613d07@001d2864e3c3 0x8C 0x46 0xBC 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713613d07@c038f94df1b7 0x7E 0xC6 0x1F 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713613d07 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713613d07@567706ab2124 0x36 0xA7 0x2E 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713613d07@001d2864e3c3 0x8C 0x46 0xBC 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713613d07@c038f94df1b7 0x7E 0xC6 0x1F 0x16 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:42:10 on 26.07.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks "FacebookUpdateTaskUserS-1-5-21-859142104-4023275205-1143686444-1001Core.job" "Facebook Inc." C:\Users\Tini\AppData\Local\Facebook\Update\FacebookUpdate.exe File exists "FacebookUpdateTaskUserS-1-5-21-859142104-4023275205-1143686444-1001UA.job" "Facebook Inc." C:\Users\Tini\AppData\Local\Facebook\Update\FacebookUpdate.exe File exists "GoogleUpdateTaskUserS-1-5-21-859142104-4023275205-1143686444-1001Core.job" "Google Inc." C:\Users\Tini\AppData\Local\Google\Update\GoogleUpdate.exe File exists "GoogleUpdateTaskUserS-1-5-21-859142104-4023275205-1143686444-1001UA.job" "Google Inc." C:\Users\Tini\AppData\Local\Google\Update\GoogleUpdate.exe File exists "Adobe Flash Player Updater.job" "Adobe Systems Incorporated" C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File exists Control Panel Objects %SystemRoot%\system32 "FlashPlayerCPLApp.cpl" "Adobe Systems Incorporated" C:\windows\system32\FlashPlayerCPLApp.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls "Avira AntiVir Personal" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File not found "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl File exists "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services "kxldipod" (kxldipod) C:\Users\Tini\AppData\Local\Temp\kxldipod.sys Hidden registry entry, rootkit activity | File not found "PxHelp20" (PxHelp20) "Sonic Solutions" C:\windows\System32\Drivers\PxHelp20.sys File exists Explorer HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" "Hewlett-Packard Company" "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" File exists HKLM\Software\Classes\Folder\shellex\ColumnHandlers {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File exists {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Users\Tini\Desktop\ZIP\7-Zip\7-zip.dll File exists {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll File exists {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" "Broadcom Corporation." C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll File exists {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll File exists {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll File exists {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" File not found | COM-object registry key not found {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" File not found | COM-object registry key not found {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" File not found | COM-object registry key not found Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser ITBar7Height "ITBar7Height" File not found | COM-object registry key not found "ITBar7Layout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_32" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_32.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File exists {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\ssv.dll File exists {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup "desktop.ini" C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists "Bluetooth.lnk" "Broadcom Corporation." C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Shortcut exists | File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "Nero AG" "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File exists "Facebook Update" "Facebook Inc." "C:\Users\Tini\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File exists "Google Update" "Google Inc." "C:\Users\Tini\AppData\Local\Google\Update\GoogleUpdate.exe" /c File exists "HPADVISOR" "Hewlett-Packard" C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File exists "LightScribe Control Panel" "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File exists "Skype" "Skype Technologies S.A." "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists "AppleSyncNotifier" "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe File exists "APSDaemon" "Apple Inc." "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File exists "iTunesHelper" "Apple Inc." "C:\Program Files\iTunes\iTunesHelper.exe" File exists "NeroFilterCheck" "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File exists "PDF Complete" "PDF Complete Inc" C:\Program Files\PDF Complete\pdfsty.exe File exists "QlbCtrl.exe" " Hewlett-Packard Development Company, L.P." C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start File exists "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists "SiteRanker" "Crawler, LLC" "C:\Program Files\SiteRanker\SiteRankTray.exe" File exists "StartCCC" "Advanced Micro Devices, Inc." "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File exists "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists "WirelessAssistant" "Hewlett-Packard" C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe File exists HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx "ContentMerger" "Sonic Solutions" c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors "HP Discovery Port Monitor (HP Deskjet 3050 J610 series)" "Hewlett-Packard Co." C:\windows\system32\HPDiscoPM9311.dll File exists "PDFC" "PDF Complete, Inc." C:\windows\system32\pdfc_port.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) "Adobe Systems Incorporated" C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File exists "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists "Bluetooth Service" (btwdins) "Broadcom Corporation." C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe File exists "Com4QLBEx" (Com4QLBEx) "Hewlett-Packard Development Company, L.P." C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe File exists "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists "Google Updater Service" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists "HP Quick Synchronization Service" (HPDrvMntSvc.exe) "Hewlett-Packard Company" C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe File exists "HP Software Framework Service" (hpqwmiex) "Hewlett-Packard Company" C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe File exists "HP Support Assistant Service" (HP Support Assistant Service) "Hewlett-Packard Company" C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe File exists "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists "LightScribeService Direct Disc Labeling Service" (LightScribeService) "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LSSrvc.exe File exists "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists "Mozilla Maintenance Service" (MozillaMaintenance) "Mozilla Foundation" C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe File exists "NBService" (NBService) "Nero AG" C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe File exists "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File exists "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists "PDF Document Manager" (pdfcDispatcher) "PDF Complete Inc" C:\Program Files\PDF Complete\pdfsvc.exe File exists "RoxMediaDB10" (RoxMediaDB10) "Sonic Solutions" c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe File exists "stllssvr" (stllssvr) "MicroVision Development, Inc." c:\Program Files\Common Files\SureThing Shared\stllssvr.exe File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Werde jetzt den Scan von Avast machen. glg tini |
|
26.07.2012, 22:00
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus Ja das ist so ok. Poste noch das aswMBR Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2012, 06:38
| #27 |
| | Bundespolizei Virus Hallo.. Habe den Scan über Nacht durchrennen lassen weil es ewigst gedauert hat. Jetzt in der Früh habe ich gesehen, dass der Comp ausgeschalten war. Beim Einschalten ist ein blaues Fenster erschienen. Laut diesem wurde der Comp ausgeschalten weil ein schädliches Prozess stattgefunden hat... wollte mir den genauen Text aufschreiben aber es war dann sehr schnell weg und der Comp ist normal hochgefahren. Hat aber ewig gedauert. Was soll ich jetzt machen? Glg Tini |
|
27.07.2012, 11:43
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus Ich hab zu aswMBR unten extra noch einen Hinweis gepostet! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.07.2012, 07:02
| #29 |
| | Bundespolizei VirusCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 07:56:02
-----------------------------
07:56:02.422 OS Version: Windows 6.1.7601 Service Pack 1
07:56:02.437 Number of processors: 2 586 0x301
07:56:02.437 ComputerName: TINI-PC UserName: Tini
07:56:06.025 Initialize success
07:56:18.861 AVAST engine defs: 12072901
07:56:25.647 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:56:25.662 Disk 0 Vendor: ST9320423AS 0006HPM1 Size: 305245MB BusType: 11
07:56:25.694 Disk 0 MBR read successfully
07:56:25.694 Disk 0 MBR scan
07:56:25.725 Disk 0 Windows VISTA default MBR code
07:56:25.740 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
07:56:25.772 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287535 MB offset 616448
07:56:25.803 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 589488128
07:56:25.865 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 620945408
07:56:25.881 Disk 0 scanning sectors +625129472
07:56:26.037 Disk 0 scanning C:\windows\system32\drivers
07:56:58.251 Service scanning
07:57:37.360 Modules scanning
07:57:55.551 Disk 0 trace - called modules:
07:57:55.582 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
07:57:55.598 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86515030]
07:57:55.613 3 CLASSPNP.SYS[88f7559e] -> nt!IofCallDriver -> [0x864e7f08]
07:57:55.613 5 ACPI.sys[88d9b3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x864e6880]
07:57:55.629 Scan finished successfully
07:59:57.965 Disk 0 MBR has been saved successfully to "C:\Users\Tini\Downloads\MBR.dat"
07:59:57.981 The log file has been saved successfully to "C:\Users\Tini\Downloads\aswMBR.txt"
08:01:28.641 Disk 0 MBR has been saved successfully to "C:\Users\Tini\Desktop\MBR.dat"
08:01:28.655 The log file has been saved successfully to "C:\Users\Tini\Desktop\aswMBR.txt"
Tini |
|
30.07.2012, 09:28
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Virus Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei Virus |
| ausgeführt, bildschirm, bundespolizei-trojaner, computer, dateien, durchgeführt, erschienen, fehlermeldung, forum, gesperrt, interne, internet, leicht, liebe, malwarebytes, nicht mehr, plötzlich, polizei, programm, schicke, systemwiederherstellung, unternehmen, virus, windows, wirklich, wissen |
Linear-Darstellung
