| |
| |||||||
Log-Analyse und Auswertung: Problem mit nervigen Pop-Ups von ad.adserverplus.comWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.09.2012, 15:03
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Problem mit nervigen Pop-Ups von ad.adserverplus.com Ja hättest du aber ruhig schon anfangs erwähnen können, es mach immer einen besseren Eindruck wenn man mit offenen Karten spielt  Lade OTL bitte neu runter und ein neues Log. Es gibt nämlich eine etwas neuere Version seit gestern oder heute.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.09.2012, 13:41
| #17 |
 | Problem mit nervigen Pop-Ups von ad.adserverplus.com Hier das erneuerte Logfile:
__________________Code:
ATTFilter OTL logfile created on: 15.09.2012 12:20:29 - Run 2 OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Gian\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.48 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 60.56% Memory free 7.18 Gb Paging File | 5.62 Gb Available in Paging File | 78.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 218.86 Gb Total Space | 97.60 Gb Free Space | 44.60% Space Free | Partition Type: NTFS Drive D: | 12.05 Gb Total Space | 6.46 Gb Free Space | 53.65% Space Free | Partition Type: NTFS Drive E: | 1.97 Gb Total Space | 1.76 Gb Free Space | 89.49% Space Free | Partition Type: NTFS Drive M: | 1863.01 Gb Total Space | 1604.15 Gb Free Space | 86.11% Space Free | Partition Type: NTFS Computer Name: CZC8270Z8F | User Name: Gian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.15 12:15:00 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Gian\Desktop\OTL.exe PRC - [2012.08.08 11:09:03 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.07.12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAware.exe PRC - [2012.05.14 16:40:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.14 16:40:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.14 16:40:37 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.10 19:36:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 14:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.01.04 14:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.04.16 19:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe PRC - [2010.03.23 12:34:36 | 000,102,168 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncappw.exe PRC - [2010.02.08 13:43:48 | 000,184,320 | ---- | M] () -- C:\Users\Gian\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.09.11 21:36:46 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2008.07.09 23:33:34 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.17 14:16:38 | 000,093,320 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.07.09 17:03:00 | 000,221,184 | ---- | M] (SafeBoot International) -- C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2007.06.07 17:38:14 | 002,521,880 | ---- | M] (Intel) -- C:\Programme\Intel\AMT\UNS.exe PRC - [2007.06.07 17:38:10 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\atchksrv.exe PRC - [2007.06.07 17:38:04 | 000,408,344 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\atchk.exe PRC - [2007.06.07 17:38:00 | 000,109,336 | ---- | M] (Intel) -- C:\Programme\Intel\AMT\LMS.exe PRC - [2007.04.18 19:35:38 | 000,181,792 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Hewlett-Packard\Embedded Security Software\PSDrt.exe PRC - [2007.04.18 19:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxPsdSv.exe PRC - [2007.04.18 19:30:00 | 000,550,432 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxUAGUI.exe PRC - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.03.21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.02.07 03:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012.01.10 19:38:40 | 000,423,808 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\ssoengine.dll MOD - [2012.01.10 19:38:38 | 000,058,240 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\securestorage.dll MOD - [2012.01.10 19:38:34 | 000,095,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\qjson.dll MOD - [2012.01.10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\phonon4.dll MOD - [2012.01.10 19:38:00 | 000,384,896 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QxtCore.dll MOD - [2012.01.10 19:38:00 | 000,165,248 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QxtWeb.dll MOD - [2012.01.10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012.01.10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXml4.dll MOD - [2012.01.10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012.01.10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtSql4.dll MOD - [2012.01.10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtScript4.dll MOD - [2012.01.10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012.01.10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012.01.10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012.01.10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtGui4.dll MOD - [2012.01.10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012.01.10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtCore4.dll MOD - [2012.01.10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012.01.10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll MOD - [2012.01.10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll MOD - [2012.01.10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll MOD - [2012.01.10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\OviShareLib.dll MOD - [2012.01.10 19:36:24 | 000,437,632 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\NService.dll MOD - [2012.01.10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Maps Service API.dll MOD - [2012.01.10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012.01.05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2010.03.23 12:34:36 | 000,102,168 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncappw.exe MOD - [2010.03.23 12:18:26 | 006,295,040 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncapp.dll MOD - [2010.02.08 13:43:48 | 000,184,320 | ---- | M] () -- C:\Users\Gian\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe MOD - [2008.07.09 23:33:34 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe MOD - [2008.01.17 14:16:38 | 000,093,320 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.02.15 17:51:28 | 000,096,256 | ---- | M] () -- C:\Windows\SMINST\STNLS.dll MOD - [2007.02.07 14:42:30 | 000,086,016 | ---- | M] () -- C:\Windows\SMINST\STPE.dll MOD - [2007.01.22 10:05:36 | 000,118,784 | ---- | M] () -- C:\Windows\SMINST\STFiles.dll MOD - [2006.10.16 13:06:50 | 000,061,440 | ---- | M] () -- C:\Windows\SMINST\STStringArray.dll MOD - [2006.10.16 13:06:50 | 000,053,248 | ---- | M] () -- C:\Windows\SMINST\STRegistry.dll MOD - [2006.09.26 17:44:40 | 000,081,920 | ---- | M] () -- C:\Windows\SMINST\STString.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.09.07 18:30:05 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.31 09:33:15 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.05.14 16:40:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.14 16:40:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007.07.09 17:03:00 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2007.06.07 17:38:14 | 002,521,880 | ---- | M] (Intel) [Auto | Running] -- C:\Programme\Intel\AMT\UNS.exe -- (UNS) SRV - [2007.06.07 17:38:10 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\atchksrv.exe -- (atchksrv) SRV - [2007.06.07 17:38:00 | 000,109,336 | ---- | M] (Intel) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) SRV - [2007.04.18 19:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.02.07 03:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.06.22 07:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wg111v2.sys -- (RTL8187) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.14 16:40:37 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.14 16:40:37 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.19 12:44:24 | 000,223,864 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw) DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips) DRV - [2011.12.19 12:44:24 | 000,072,312 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbwtis.sys -- (sbwtis) DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs) DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE) DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.08 09:58:08 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2009.02.09 19:54:21 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.11.02 10:43:18 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.01.19 09:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2008.01.14 19:56:30 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.12.20 16:32:12 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL) DRV - [2007.11.17 04:27:00 | 007,580,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.07.16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) DRV - [2007.06.14 16:22:58 | 000,013,184 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2007.06.13 17:53:48 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2007.06.13 17:53:28 | 000,101,167 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2007.05.11 21:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2007.04.18 19:32:14 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive) DRV - [2007.01.18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.10.09 13:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2005.11.24 13:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt73.sys -- (RT73) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://plusnetwork.com/?sp=brw&q={searchTerms} IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\..\SearchScopes\{71D99ED3-49ED-4C9C-B763-ECA906F5096E}: "URL" = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/" FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.06 12:49:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 18:30:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 18:29:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.06 12:49:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 18:30:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 18:29:58 | 000,000,000 | ---D | M] [2009.06.02 10:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gian\AppData\Roaming\mozilla\Extensions [2009.06.02 10:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gian\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.09.11 09:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gian\AppData\Roaming\mozilla\Firefox\Profiles\dzb5m6mh.default\extensions [2010.07.26 16:45:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gian\AppData\Roaming\mozilla\Firefox\Profiles\dzb5m6mh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.09.07 18:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.07 18:30:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.19 20:08:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.01 08:45:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.19 20:08:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.19 20:08:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.19 20:08:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.19 20:08:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.07.29 02:34:41 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 HPSystem # LMS GENERATED LINE O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Programme\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SetRefresh] C:\Programme\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006..\Run: [] File not found O4 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006..\Run: [Allway Sync] C:\Program Files\Allway Sync\Bin\syncappw.exe () O4 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found O4 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006..\Run: [SJelite3Launch] C:\Users\Gian\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe () O4 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D3D757E-CAC7-48C3-8ECE-016A00A35E4A}: DhcpNameServer = 195.186.4.107 195.186.1.107 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B5E34C-A2C9-41ED-8406-AF276E7CE555}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EE18060-3293-4F90-B87D-961589871FFA}: DhcpNameServer = 195.186.1.108 195.186.4.108 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Gian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Gian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.06.23 18:52:22 | 000,000,023 | ---- | M] () - C:\autohook.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O33 - MountPoints2\{8433102b-df1a-11de-af13-001d7e9634f1}\Shell - "" = AutoRun O33 - MountPoints2\{8433102b-df1a-11de-af13-001d7e9634f1}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a O33 - MountPoints2\{8a446c97-2a8c-11df-88d8-001d7e9634f1}\Shell - "" = AutoRun O33 - MountPoints2\{8a446c97-2a8c-11df-88d8-001d7e9634f1}\Shell\AutoRun\command - "" = N:\LaunchU3.exe O33 - MountPoints2\{f3f59cd8-a7f0-11dd-8d19-001d7e9634f1}\Shell - "" = AutoRun O33 - MountPoints2\{f3f59cd8-a7f0-11dd-8d19-001d7e9634f1}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Ad-Aware Service - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SBAMSvc - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Ad-Aware Service - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SBAMSvc - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\System32\rundll32.exe" "C:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3filter - C:\windows\System32\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\windows\System32\ffdshow.ax () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.15 12:14:58 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Gian\Desktop\OTL.exe [2012.09.14 15:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scan2PDF [2012.09.14 15:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Scan2PDF [2012.09.09 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.09.08 15:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.08 15:31:43 | 000,000,000 | ---D | C] -- C:\windows\System32\eu-ES [2012.09.08 15:31:43 | 000,000,000 | ---D | C] -- C:\windows\System32\ca-ES [2012.09.08 15:31:40 | 000,000,000 | ---D | C] -- C:\windows\System32\vi-VN [2012.09.07 18:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.06 16:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.09.06 10:54:54 | 000,000,000 | ---D | C] -- C:\Users\Gian\AppData\Roaming\Malwarebytes [2012.09.06 10:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.06 10:54:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.09.06 10:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.06 10:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.23 13:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\eLohnausweisSSK [2012.08.23 13:00:29 | 000,000,000 | ---D | C] -- C:\Users\Gian\.swt [12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.15 12:15:00 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Gian\Desktop\OTL.exe [2012.09.15 12:05:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.09.15 11:54:00 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.15 11:36:57 | 000,643,022 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.09.15 11:36:56 | 000,685,990 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.09.15 11:36:56 | 000,150,096 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.09.15 11:36:56 | 000,121,910 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.09.15 11:24:38 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.15 11:21:01 | 000,003,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.15 11:21:01 | 000,003,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.15 11:20:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.09.15 11:20:23 | 3740,553,216 | -HS- | M] () -- C:\hiberfil.sys [2012.09.11 14:03:14 | 000,000,680 | ---- | M] () -- C:\Users\Gian\AppData\Local\d3d9caps.dat [2012.09.10 10:27:08 | 000,433,552 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.09.10 09:41:14 | 000,008,798 | ---- | M] () -- C:\windows\System32\icrav03.rat [2012.09.10 09:41:14 | 000,001,988 | ---- | M] () -- C:\windows\System32\ticrf.rat [2012.09.10 09:40:45 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf [2012.09.09 19:37:32 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.09.09 19:36:58 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.09.05 10:11:48 | 000,376,668 | ---- | M] () -- C:\Users\Gian\Desktop\mail_lippuner.pdf [12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.10 09:40:45 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf [2012.09.09 19:37:32 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.09.09 19:36:58 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.09.08 15:41:18 | 000,000,949 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.09.05 10:11:48 | 000,376,668 | ---- | C] () -- C:\Users\Gian\Desktop\mail_lippuner.pdf [2012.02.15 16:40:01 | 000,000,680 | ---- | C] () -- C:\Users\Gian\AppData\Local\d3d9caps.dat [2011.04.27 09:05:28 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat [2011.04.27 09:05:28 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat [2011.02.10 06:03:48 | 000,000,314 | ---- | C] () -- C:\windows\primopdf.ini [2011.01.31 22:11:43 | 000,199,684 | ---- | C] () -- C:\windows\hppins11.dat [2011.01.31 21:49:45 | 000,000,608 | -HS- | C] () -- C:\windows\System32\winzvprt5.sys [2011.01.28 18:34:35 | 000,199,708 | ---- | C] () -- C:\windows\hppins11.dat.temp [2011.01.27 20:11:44 | 000,000,665 | ---- | C] () -- C:\windows\System32\hppapr11.dat [2010.04.15 16:03:14 | 000,666,344 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\NMM-MetaData.db [2010.01.27 19:44:58 | 000,022,245 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR [2009.08.30 11:11:31 | 000,006,293 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\PrimoPDFSet.xml [2008.12.21 15:52:51 | 000,038,406 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2008.11.28 21:29:00 | 000,000,008 | ---- | C] () -- C:\Users\Gian\AppData\Roaming\ZHAW_VPN_Helper.ini [2008.08.06 23:10:54 | 000,055,296 | ---- | C] () -- C:\Users\Gian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.03.15 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\.Kanton GR [2012.08.14 09:50:04 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Ad-Aware Antivirus [2011.05.31 13:38:52 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Azureus [2011.06.01 10:34:24 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Canneverbe Limited [2008.11.18 21:49:15 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\EPSON [2012.06.18 09:15:41 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\FreeBurner [2009.11.12 12:37:32 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\FreeScreenToVideo [2009.03.26 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\ICAClient [2008.08.02 14:03:23 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Infineon [2011.10.08 10:11:14 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\InterVideo [2010.02.15 12:09:40 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\IrfanView [2010.04.13 16:33:50 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Jamail3 [2008.12.24 17:39:28 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Leadertech [2010.04.13 16:14:07 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\NewsLetter Pro [2012.02.06 12:50:54 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Nokia [2011.03.31 14:35:34 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Nokia Ovi Suite [2012.02.06 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Nokia Suite [2010.04.15 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\PC Suite [2012.09.12 18:54:31 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\PrimoPDF [2010.11.28 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\SampleView [2011.02.09 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Scan2PDF [2009.05.16 22:18:50 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\SolidDocuments [2008.08.11 11:42:57 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Sync App Settings [2010.07.29 18:30:25 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Transcend [2010.04.13 16:41:47 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\TurboMailer [2009.05.15 13:21:04 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\uTorrent [2011.06.22 11:38:46 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\XMedia Recode [2008.07.29 08:39:56 | 000,000,000 | ---D | M] -- C:\Users\r.werth\AppData\Roaming\Infineon [2008.07.29 08:39:56 | 000,000,000 | ---D | M] -- C:\Users\r.werth\AppData\Roaming\SampleView [2012.09.14 18:07:06 | 000,032,534 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.15 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\.Kanton GR [2012.08.14 09:50:04 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Ad-Aware Antivirus [2011.02.12 12:36:07 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Adobe [2012.04.12 10:45:19 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Avira [2011.05.31 13:38:52 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Azureus [2011.06.01 10:34:24 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Canneverbe Limited [2008.11.18 21:49:15 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\EPSON [2012.06.18 09:15:41 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\FreeBurner [2009.11.12 12:37:32 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\FreeScreenToVideo [2009.02.09 20:06:01 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Hamachi [2011.01.28 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\HP [2011.04.07 15:13:08 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\HpUpdate [2009.03.26 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\ICAClient [2008.08.02 14:03:29 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Identities [2008.08.02 14:03:23 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Infineon [2011.10.08 10:11:14 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\InterVideo [2010.02.15 12:09:40 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\IrfanView [2010.04.13 16:33:50 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Jamail3 [2008.12.24 17:39:28 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Leadertech [2008.08.02 22:32:29 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Macromedia [2012.09.06 10:54:54 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Malwarebytes [2008.09.11 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Media Player Classic [2011.12.13 11:39:04 | 000,000,000 | --SD | M] -- C:\Users\Gian\AppData\Roaming\Microsoft [2008.08.02 18:52:22 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Mozilla [2010.04.13 16:14:07 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\NewsLetter Pro [2012.02.06 12:50:54 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Nokia [2011.03.31 14:35:34 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Nokia Ovi Suite [2012.02.06 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Nokia Suite [2010.04.15 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\PC Suite [2012.09.12 18:54:31 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\PrimoPDF [2009.12.07 11:57:52 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Real [2010.11.28 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\SampleView [2011.02.09 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Scan2PDF [2008.12.24 17:43:27 | 000,000,000 | RH-D | M] -- C:\Users\Gian\AppData\Roaming\SecuROM [2009.05.16 22:18:50 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\SolidDocuments [2008.08.11 11:42:57 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Sync App Settings [2010.07.29 18:30:25 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Transcend [2010.04.13 16:41:47 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\TurboMailer [2008.09.28 21:19:36 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\TVU networks [2009.12.02 18:06:33 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\U3 [2009.05.15 13:21:04 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\uTorrent [2010.08.13 15:53:28 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\Winamp [2008.08.12 14:38:17 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\WinRAR [2011.06.22 11:38:46 | 000,000,000 | ---D | M] -- C:\Users\Gian\AppData\Roaming\XMedia Recode < %APPDATA%\*.exe /s > [2011.05.31 13:35:43 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Gian\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2010.02.22 10:10:15 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Gian\AppData\Roaming\Real\Update\setup3.09\setup.exe [2010.05.31 09:30:14 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Gian\AppData\Roaming\Real\Update\setup3.10\setup.exe [2010.09.13 11:01:04 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Gian\AppData\Roaming\Real\Update\setup3.12\setup.exe [2012.07.11 11:15:16 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Gian\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe [2007.06.29 13:23:32 | 000,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\Users\Gian\AppData\Roaming\Transcend\SJelite3\IoctlSvc.exe [2010.02.08 13:43:24 | 000,049,152 | ---- | M] () -- C:\Users\Gian\AppData\Roaming\Transcend\SJelite3\PLIoctlInstaller.exe [2010.02.08 13:43:48 | 000,184,320 | ---- | M] () -- C:\Users\Gian\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe [2009.02.01 16:38:13 | 005,241,488 | ---- | M] (TVU networks) -- C:\Users\Gian\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.1.0.exe [2009.05.18 00:23:41 | 004,316,177 | ---- | M] (TVU networks) -- C:\Users\Gian\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe [2006.12.07 11:45:12 | 000,110,592 | ---- | M] () -- C:\Users\Gian\AppData\Roaming\U3\temp\cleanup.exe [2006.12.07 11:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Users\Gian\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.07.29 08:58:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.07.29 08:58:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.07.29 08:58:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.03.21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\swsetup\Drivers\MSD\RAID\Intel\ICH9\IaStor.sys [2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys [2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys [2007.03.21 12:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.07.08 15:30:55 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2008.07.08 15:30:55 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2007.06.13 17:53:28 | 000,101,167 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\SafeBoot.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
16.09.2012, 15:28
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit nervigen Pop-Ups von ad.adserverplus.com Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-2941777305-1265517549-1356088365-1006..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.06.23 18:52:22 | 000,000,023 | ---- | M] () - C:\autohook.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{8433102b-df1a-11de-af13-001d7e9634f1}\Shell - "" = AutoRun
O33 - MountPoints2\{8433102b-df1a-11de-af13-001d7e9634f1}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{8a446c97-2a8c-11df-88d8-001d7e9634f1}\Shell - "" = AutoRun
O33 - MountPoints2\{8a446c97-2a8c-11df-88d8-001d7e9634f1}\Shell\AutoRun\command - "" = N:\LaunchU3.exe
O33 - MountPoints2\{f3f59cd8-a7f0-11dd-8d19-001d7e9634f1}\Shell - "" = AutoRun
O33 - MountPoints2\{f3f59cd8-a7f0-11dd-8d19-001d7e9634f1}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
16.09.2012, 17:01
| #19 |
| | Problem mit nervigen Pop-Ups von ad.adserverplus.com Ich habe den Fix gemacht, nach einer Weile ist das Programm OTL dann aber abgestürzt. Ich habe das System neugestartet. Was soll ich jetzt machen? |
|
17.09.2012, 09:11
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit nervigen Pop-Ups von ad.adserverplus.com Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 12:11
| #21 |
| | Problem mit nervigen Pop-Ups von ad.adserverplus.com So, im abgesicherten Modus hat es geklappt. Hier das Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_USERS\S-1-5-21-2941777305-1265517549-1356088365-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent not found.
File C:\Program Files\Winamp\winampa.exe not found.
Registry value HKEY_USERS\S-1-5-21-2941777305-1265517549-1356088365-1006\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File C:\autohook.bat not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8433102b-df1a-11de-af13-001d7e9634f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8433102b-df1a-11de-af13-001d7e9634f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8433102b-df1a-11de-af13-001d7e9634f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8433102b-df1a-11de-af13-001d7e9634f1}\ not found.
File M:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a446c97-2a8c-11df-88d8-001d7e9634f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a446c97-2a8c-11df-88d8-001d7e9634f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a446c97-2a8c-11df-88d8-001d7e9634f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a446c97-2a8c-11df-88d8-001d7e9634f1}\ not found.
File N:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3f59cd8-a7f0-11dd-8d19-001d7e9634f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f59cd8-a7f0-11dd-8d19-001d7e9634f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3f59cd8-a7f0-11dd-8d19-001d7e9634f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f59cd8-a7f0-11dd-8d19-001d7e9634f1}\ not found.
File M:\LaunchU3.exe -a not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Gian\Desktop\cmd.bat deleted successfully.
C:\Users\Gian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gian
->Temp folder emptied: 241727 bytes
->Temporary Internet Files folder emptied: 410912 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 501247133 bytes
->Flash cache emptied: 48424 bytes
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: r.werth
->Temp folder emptied: 5544295 bytes
->Temporary Internet Files folder emptied: 23460541 bytes
->Java cache emptied: 21994 bytes
->Flash cache emptied: 580 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62284081 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 566.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.4 log created on 09172012_120700
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
17.09.2012, 12:36
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit nervigen Pop-Ups von ad.adserverplus.com Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2012, 13:48
| #23 |
| | Problem mit nervigen Pop-Ups von ad.adserverplus.com So, das hat ein bisschen gedauert, aber hier das Log-File: Code:
ATTFilter 14:39:57.0343 3840 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:39:57.0370 3840 ============================================================
14:39:57.0370 3840 Current date / time: 2012/09/25 14:39:57.0370
14:39:57.0370 3840 SystemInfo:
14:39:57.0370 3840
14:39:57.0370 3840 OS Version: 6.0.6002 ServicePack: 2.0
14:39:57.0370 3840 Product type: Workstation
14:39:57.0370 3840 ComputerName: CZC8270Z8F
14:39:57.0370 3840 UserName: Gian
14:39:57.0370 3840 Windows directory: C:\windows
14:39:57.0370 3840 System windows directory: C:\windows
14:39:57.0370 3840 Processor architecture: Intel x86
14:39:57.0370 3840 Number of processors: 4
14:39:57.0370 3840 Page size: 0x1000
14:39:57.0370 3840 Boot type: Normal boot
14:39:57.0370 3840 ============================================================
14:39:57.0615 3840 !crdlk
14:39:57.0616 3840 Drive \Device\Harddisk0\DR0 - Size: 0x3A38800000 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:39:57.0643 3840 Drive \Device\Harddisk5\DR5 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:39:57.0676 3840 ============================================================
14:39:57.0676 3840 \Device\Harddisk0\DR0:
14:39:57.0680 3840 MBR partitions:
14:39:57.0680 3840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1B5BA5DB
14:39:57.0680 3840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B5BADDB, BlocksNum 0x1819A24
14:39:57.0680 3840 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CDD4800, BlocksNum 0x3EF000
14:39:57.0680 3840 \Device\Harddisk5\DR5:
14:39:57.0681 3840 MBR partitions:
14:39:57.0681 3840 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
14:39:57.0681 3840 ============================================================
14:39:57.0692 3840 C: <-> \Device\Harddisk0\DR0\Partition1
14:39:57.0752 3840 D: <-> \Device\Harddisk0\DR0\Partition2
14:39:57.0788 3840 E: <-> \Device\Harddisk0\DR0\Partition3
14:39:57.0792 3840 M: <-> \Device\Harddisk5\DR5\Partition1
14:39:57.0792 3840 ============================================================
14:39:57.0792 3840 Initialize success
14:39:57.0792 3840 ============================================================
14:40:53.0379 2168 ============================================================
14:40:53.0379 2168 Scan started
14:40:53.0379 2168 Mode: Manual; SigCheck; TDLFS;
14:40:53.0379 2168 ============================================================
14:40:54.0665 2168 ================ Scan system memory ========================
14:40:54.0665 2168 System memory - ok
14:40:54.0666 2168 ================ Scan services =============================
14:40:54.0847 2168 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\windows\system32\drivers\acpi.sys
14:40:54.0993 2168 ACPI - ok
14:40:55.0091 2168 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
14:40:55.0146 2168 Ad-Aware Service - ok
14:40:55.0189 2168 [ 68C688730608F31F68FFF60871787808 ] ADIHdAudAddService C:\windows\system32\drivers\ADIHdAud.sys
14:40:55.0276 2168 ADIHdAudAddService - ok
14:40:55.0399 2168 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:40:55.0411 2168 AdobeARMservice - ok
14:40:55.0505 2168 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:40:55.0517 2168 AdobeFlashPlayerUpdateSvc - ok
14:40:55.0560 2168 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\windows\system32\drivers\adp94xx.sys
14:40:55.0604 2168 adp94xx - ok
14:40:55.0637 2168 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\windows\system32\drivers\adpahci.sys
14:40:55.0656 2168 adpahci - ok
14:40:55.0673 2168 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\windows\system32\drivers\adpu160m.sys
14:40:55.0702 2168 adpu160m - ok
14:40:55.0721 2168 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\windows\system32\drivers\adpu320.sys
14:40:55.0743 2168 adpu320 - ok
14:40:55.0781 2168 [ 12D23758621B00B8D3134095EC3325FD ] AEADIFilters C:\windows\system32\AEADISRV.EXE
14:40:55.0827 2168 AEADIFilters - ok
14:40:55.0849 2168 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\windows\System32\aelupsvc.dll
14:40:55.0946 2168 AeLookupSvc - ok
14:40:56.0007 2168 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\windows\system32\drivers\afd.sys
14:40:56.0063 2168 AFD - ok
14:40:56.0102 2168 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\windows\system32\drivers\agp440.sys
14:40:56.0126 2168 agp440 - ok
14:40:56.0160 2168 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\windows\system32\drivers\djsvs.sys
14:40:56.0205 2168 aic78xx - ok
14:40:56.0241 2168 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\windows\System32\alg.exe
14:40:56.0398 2168 ALG - ok
14:40:56.0415 2168 [ C20F9BCE0956A7E3DEAA6848EE1F1682 ] aliide C:\windows\system32\drivers\aliide.sys
14:40:56.0447 2168 aliide - ok
14:40:56.0487 2168 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\windows\system32\drivers\amdagp.sys
14:40:56.0500 2168 amdagp - ok
14:40:56.0512 2168 [ BEE39C63D6259F795D110FE89FD9F056 ] amdide C:\windows\system32\drivers\amdide.sys
14:40:56.0525 2168 amdide - ok
14:40:56.0543 2168 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\windows\system32\drivers\amdk7.sys
14:40:56.0698 2168 AmdK7 - ok
14:40:56.0720 2168 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\windows\system32\drivers\amdk8.sys
14:40:56.0794 2168 AmdK8 - ok
14:40:56.0874 2168 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:40:56.0885 2168 AntiVirSchedulerService - ok
14:40:56.0933 2168 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:40:56.0944 2168 AntiVirService - ok
14:40:56.0988 2168 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\windows\System32\appinfo.dll
14:40:57.0032 2168 Appinfo - ok
14:40:57.0096 2168 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\windows\System32\appmgmts.dll
14:40:57.0150 2168 AppMgmt - ok
14:40:57.0185 2168 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\windows\system32\drivers\arc.sys
14:40:57.0199 2168 arc - ok
14:40:57.0221 2168 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\windows\system32\drivers\arcsas.sys
14:40:57.0235 2168 arcsas - ok
14:40:57.0313 2168 [ 2EEDA27C19259C2340324EF7180D086B ] ASBroker C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
14:40:57.0332 2168 ASBroker ( UnsignedFile.Multi.Generic ) - warning
14:40:57.0332 2168 ASBroker - detected UnsignedFile.Multi.Generic (1)
14:40:57.0347 2168 [ BB3C0521ECCA4BB17AC55EB640DF0FA5 ] ASChannel C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll
14:40:57.0383 2168 ASChannel ( UnsignedFile.Multi.Generic ) - warning
14:40:57.0383 2168 ASChannel - detected UnsignedFile.Multi.Generic (1)
14:40:57.0424 2168 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
14:40:57.0477 2168 AsyncMac - ok
14:40:57.0510 2168 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\windows\system32\drivers\atapi.sys
14:40:57.0541 2168 atapi - ok
14:40:57.0611 2168 [ EECC1D40AA10F85126708796ABA1E7D5 ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe
14:40:57.0648 2168 atchksrv - ok
14:40:57.0687 2168 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:40:57.0727 2168 AudioEndpointBuilder - ok
14:40:57.0744 2168 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\windows\System32\Audiosrv.dll
14:40:57.0766 2168 Audiosrv - ok
14:40:57.0792 2168 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
14:40:57.0818 2168 avgntflt - ok
14:40:57.0861 2168 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
14:40:57.0894 2168 avipbb - ok
14:40:57.0909 2168 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
14:40:57.0943 2168 avkmgr - ok
14:40:57.0981 2168 [ 8E287EB3A52FD30C999482C576F4A61B ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
14:40:58.0051 2168 b57nd60x - ok
14:40:58.0134 2168 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:40:58.0152 2168 BcmSqlStartupSvc - ok
14:40:58.0197 2168 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\windows\system32\drivers\Beep.sys
14:40:58.0233 2168 Beep - ok
14:40:58.0291 2168 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\windows\System32\bfe.dll
14:40:58.0348 2168 BFE - ok
14:40:58.0405 2168 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\windows\System32\qmgr.dll
14:40:58.0448 2168 BITS - ok
14:40:58.0452 2168 blbdrive - ok
14:40:58.0490 2168 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\windows\system32\DRIVERS\bowser.sys
14:40:58.0532 2168 bowser - ok
14:40:58.0562 2168 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\drivers\brfiltlo.sys
14:40:58.0621 2168 BrFiltLo - ok
14:40:58.0641 2168 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\drivers\brfiltup.sys
14:40:58.0689 2168 BrFiltUp - ok
14:40:58.0725 2168 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\windows\System32\browser.dll
14:40:58.0763 2168 Browser - ok
14:40:58.0789 2168 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\windows\system32\drivers\brserid.sys
14:40:58.0841 2168 Brserid - ok
14:40:58.0854 2168 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\system32\drivers\brserwdm.sys
14:40:58.0912 2168 BrSerWdm - ok
14:40:58.0929 2168 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\system32\drivers\brusbmdm.sys
14:40:58.0978 2168 BrUsbMdm - ok
14:40:59.0002 2168 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\system32\drivers\brusbser.sys
14:40:59.0054 2168 BrUsbSer - ok
14:40:59.0093 2168 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
14:40:59.0143 2168 BTHMODEM - ok
14:40:59.0206 2168 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
14:40:59.0267 2168 cdfs - ok
14:40:59.0322 2168 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
14:40:59.0398 2168 cdrom - ok
14:40:59.0449 2168 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\windows\System32\certprop.dll
14:40:59.0486 2168 CertPropSvc - ok
14:40:59.0519 2168 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\windows\system32\drivers\circlass.sys
14:40:59.0575 2168 circlass - ok
14:40:59.0614 2168 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\windows\system32\CLFS.sys
14:40:59.0654 2168 CLFS - ok
14:40:59.0713 2168 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:40:59.0728 2168 clr_optimization_v2.0.50727_32 - ok
14:40:59.0819 2168 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:40:59.0851 2168 clr_optimization_v4.0.30319_32 - ok
14:40:59.0885 2168 [ 4FDF23B1124B36C2CFD0F675F950AE1B ] cmdide C:\windows\system32\drivers\cmdide.sys
14:40:59.0899 2168 cmdide - ok
14:40:59.0914 2168 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\windows\system32\drivers\compbatt.sys
14:40:59.0949 2168 Compbatt - ok
14:40:59.0953 2168 COMSysApp - ok
14:40:59.0965 2168 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\windows\system32\drivers\crcdisk.sys
14:40:59.0998 2168 crcdisk - ok
14:41:00.0023 2168 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\windows\system32\drivers\crusoe.sys
14:41:00.0083 2168 Crusoe - ok
14:41:00.0151 2168 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\windows\system32\cryptsvc.dll
14:41:00.0198 2168 CryptSvc - ok
14:41:00.0239 2168 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\windows\system32\drivers\csc.sys
14:41:00.0305 2168 CSC - ok
14:41:00.0360 2168 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\windows\System32\cscsvc.dll
14:41:00.0409 2168 CscService - ok
14:41:00.0454 2168 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\windows\system32\DRIVERS\CVirtA.sys
14:41:00.0507 2168 CVirtA - ok
14:41:00.0594 2168 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\windows\system32\rpcss.dll
14:41:00.0673 2168 DcomLaunch - ok
14:41:00.0714 2168 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\windows\system32\Drivers\dfsc.sys
14:41:00.0757 2168 DfsC - ok
14:41:00.0843 2168 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\windows\system32\DFSR.exe
14:41:00.0987 2168 DFSR - ok
14:41:01.0052 2168 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\windows\System32\dhcpcsvc.dll
14:41:01.0092 2168 Dhcp - ok
14:41:01.0132 2168 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\windows\system32\drivers\disk.sys
14:41:01.0145 2168 disk - ok
14:41:01.0189 2168 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\windows\System32\dnsrslvr.dll
14:41:01.0223 2168 Dnscache - ok
14:41:01.0271 2168 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\windows\System32\dot3svc.dll
14:41:01.0306 2168 dot3svc - ok
14:41:01.0355 2168 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\windows\system32\dps.dll
14:41:01.0395 2168 DPS - ok
14:41:01.0427 2168 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
14:41:01.0500 2168 drmkaud - ok
14:41:01.0549 2168 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
14:41:01.0588 2168 DXGKrnl - ok
14:41:01.0623 2168 [ 88B16142B40CC080A2D86AE769A30396 ] e1express C:\windows\system32\DRIVERS\e1e6032.sys
14:41:01.0656 2168 e1express - ok
14:41:01.0686 2168 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\windows\system32\DRIVERS\E1G60I32.sys
14:41:01.0755 2168 E1G60 - ok
14:41:01.0794 2168 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\windows\System32\eapsvc.dll
14:41:01.0823 2168 EapHost - ok
14:41:01.0864 2168 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\windows\system32\drivers\ecache.sys
14:41:01.0881 2168 Ecache - ok
14:41:01.0909 2168 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\windows\system32\drivers\elxstor.sys
14:41:01.0929 2168 elxstor - ok
14:41:01.0981 2168 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\windows\system32\emdmgmt.dll
14:41:02.0038 2168 EMDMgmt - ok
14:41:02.0098 2168 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\windows\system32\es.dll
14:41:02.0148 2168 EventSystem - ok
14:41:02.0191 2168 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\windows\system32\drivers\exfat.sys
14:41:02.0243 2168 exfat - ok
14:41:02.0260 2168 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\windows\system32\drivers\fastfat.sys
14:41:02.0285 2168 fastfat - ok
14:41:02.0319 2168 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\windows\system32\fxssvc.exe
14:41:02.0360 2168 Fax - ok
14:41:02.0407 2168 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\windows\system32\DRIVERS\fdc.sys
14:41:02.0432 2168 fdc - ok
14:41:02.0451 2168 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\windows\system32\fdPHost.dll
14:41:02.0478 2168 fdPHost - ok
14:41:02.0500 2168 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\windows\system32\fdrespub.dll
14:41:02.0543 2168 FDResPub - ok
14:41:02.0593 2168 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\windows\system32\drivers\fileinfo.sys
14:41:02.0608 2168 FileInfo - ok
14:41:02.0643 2168 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\windows\system32\drivers\filetrace.sys
14:41:02.0720 2168 Filetrace - ok
14:41:02.0741 2168 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
14:41:02.0809 2168 flpydisk - ok
14:41:02.0847 2168 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
14:41:02.0869 2168 FltMgr - ok
14:41:02.0945 2168 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\windows\system32\FntCache.dll
14:41:03.0028 2168 FontCache - ok
14:41:03.0094 2168 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:41:03.0107 2168 FontCache3.0.0.0 - ok
14:41:03.0145 2168 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
14:41:03.0172 2168 Fs_Rec - ok
14:41:03.0199 2168 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
14:41:03.0226 2168 gagp30kx - ok
14:41:03.0271 2168 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\windows\System32\gpsvc.dll
14:41:03.0335 2168 gpsvc - ok
14:41:03.0407 2168 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:41:03.0419 2168 gupdate - ok
14:41:03.0432 2168 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:41:03.0443 2168 gupdatem - ok
14:41:03.0486 2168 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\windows\system32\DRIVERS\hamachi.sys
14:41:03.0548 2168 hamachi - ok
14:41:03.0581 2168 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:41:03.0626 2168 HdAudAddService - ok
14:41:03.0676 2168 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
14:41:03.0748 2168 HDAudBus - ok
14:41:03.0799 2168 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\windows\system32\DRIVERS\HECI.sys
14:41:03.0835 2168 HECI - ok
14:41:03.0858 2168 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\windows\system32\drivers\hidbth.sys
14:41:03.0925 2168 HidBth - ok
14:41:03.0946 2168 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\windows\system32\drivers\hidir.sys
14:41:04.0012 2168 HidIr - ok
14:41:04.0051 2168 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\windows\system32\hidserv.dll
14:41:04.0081 2168 hidserv - ok
14:41:04.0122 2168 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
14:41:04.0187 2168 HidUsb - ok
14:41:04.0230 2168 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\windows\system32\kmsvc.dll
14:41:04.0255 2168 hkmsvc - ok
14:41:04.0269 2168 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\windows\system32\drivers\hpcisss.sys
14:41:04.0282 2168 HpCISSs - ok
14:41:04.0324 2168 [ 58ED131AA616E4EF5F645A655BA9DA9E ] HpFkCryptService C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
14:41:04.0339 2168 HpFkCryptService ( UnsignedFile.Multi.Generic ) - warning
14:41:04.0339 2168 HpFkCryptService - detected UnsignedFile.Multi.Generic (1)
14:41:04.0387 2168 [ 299683D4C8AAA3F6F5D5D226A1782A6E ] HPFXBULK C:\windows\system32\drivers\hpfxbulk.sys
14:41:04.0425 2168 HPFXBULK - ok
14:41:04.0594 2168 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:41:04.0616 2168 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:41:04.0616 2168 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:41:04.0632 2168 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:41:04.0650 2168 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:41:04.0650 2168 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:41:04.0698 2168 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:41:04.0704 2168 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
14:41:04.0704 2168 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
14:41:04.0748 2168 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\windows\system32\drivers\HTTP.sys
14:41:04.0813 2168 HTTP - ok
14:41:04.0834 2168 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\windows\system32\drivers\i2omp.sys
14:41:04.0847 2168 i2omp - ok
14:41:04.0893 2168 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
14:41:04.0943 2168 i8042prt - ok
14:41:05.0004 2168 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
14:41:05.0043 2168 IAANTMON - ok
14:41:05.0086 2168 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\windows\system32\drivers\iastor.sys
14:41:05.0134 2168 iaStor - ok
14:41:05.0168 2168 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\windows\system32\drivers\iastorv.sys
14:41:05.0198 2168 iaStorV - ok
14:41:05.0286 2168 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:41:05.0318 2168 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:41:05.0318 2168 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:41:05.0385 2168 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:41:05.0471 2168 idsvc - ok
14:41:05.0540 2168 [ D4B018A81FF3B145FA3022380971545C ] IFXSpMgtSrv C:\Windows\system32\ifxspmgt.exe
14:41:05.0576 2168 IFXSpMgtSrv - ok
14:41:05.0612 2168 [ B46ED1763468A380931BAA84D1E3CE96 ] IFXTCS C:\Windows\system32\ifxtcs.exe
14:41:05.0659 2168 IFXTCS - ok
14:41:05.0692 2168 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\windows\system32\drivers\iirsp.sys
14:41:05.0705 2168 iirsp - ok
14:41:05.0754 2168 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\windows\System32\ikeext.dll
14:41:05.0797 2168 IKEEXT - ok
14:41:05.0824 2168 [ C87B3428607EF44068DF98A8D1904785 ] intelide C:\windows\system32\drivers\intelide.sys
14:41:05.0837 2168 intelide - ok
14:41:05.0882 2168 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
14:41:05.0956 2168 intelppm - ok
14:41:05.0997 2168 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\windows\system32\ipbusenum.dll
14:41:06.0034 2168 IPBusEnum - ok
14:41:06.0066 2168 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
14:41:06.0110 2168 IpFilterDriver - ok
14:41:06.0149 2168 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
14:41:06.0186 2168 iphlpsvc - ok
14:41:06.0189 2168 IpInIp - ok
14:41:06.0219 2168 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\windows\system32\drivers\ipmidrv.sys
14:41:06.0269 2168 IPMIDRV - ok
14:41:06.0307 2168 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\windows\system32\DRIVERS\ipnat.sys
14:41:06.0348 2168 IPNAT - ok
14:41:06.0387 2168 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\windows\system32\drivers\irenum.sys
14:41:06.0412 2168 IRENUM - ok
14:41:06.0441 2168 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\windows\system32\drivers\isapnp.sys
14:41:06.0456 2168 isapnp - ok
14:41:06.0507 2168 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
14:41:06.0521 2168 iScsiPrt - ok
14:41:06.0541 2168 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\windows\system32\drivers\iteatapi.sys
14:41:06.0568 2168 iteatapi - ok
14:41:06.0589 2168 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\windows\system32\drivers\iteraid.sys
14:41:06.0602 2168 iteraid - ok
14:41:06.0652 2168 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:41:06.0662 2168 IviRegMgr - ok
14:41:06.0694 2168 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
14:41:06.0708 2168 kbdclass - ok
14:41:06.0735 2168 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
14:41:06.0788 2168 kbdhid - ok
14:41:06.0823 2168 [ A3E186B4B935905B829219502557314E ] KeyIso C:\windows\system32\lsass.exe
14:41:06.0883 2168 KeyIso - ok
14:41:06.0925 2168 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
14:41:06.0952 2168 KSecDD - ok
14:41:07.0006 2168 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\windows\system32\msdtckrm.dll
14:41:07.0064 2168 KtmRm - ok
14:41:07.0108 2168 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\windows\system32\srvsvc.dll
14:41:07.0131 2168 LanmanServer - ok
14:41:07.0169 2168 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:41:07.0199 2168 LanmanWorkstation - ok
14:41:07.0214 2168 Lbd - ok
14:41:07.0250 2168 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
14:41:07.0301 2168 lltdio - ok
14:41:07.0337 2168 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\windows\System32\lltdsvc.dll
14:41:07.0400 2168 lltdsvc - ok
14:41:07.0413 2168 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\windows\System32\lmhsvc.dll
14:41:07.0471 2168 lmhosts - ok
14:41:07.0474 2168 LMIInfo - ok
14:41:07.0509 2168 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\windows\system32\DRIVERS\lmimirr.sys
14:41:07.0567 2168 lmimirr - ok
14:41:07.0588 2168 LMIRfsClientNP - ok
14:41:07.0622 2168 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\windows\system32\drivers\LMIRfsDriver.sys
14:41:07.0653 2168 LMIRfsDriver - ok
14:41:07.0660 2168 [ C518D248041C259FCFA7175C866915C3 ] LMS C:\Program Files\Intel\AMT\LMS.exe
14:41:07.0683 2168 LMS - ok
14:41:07.0707 2168 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
14:41:07.0736 2168 LSI_FC - ok
14:41:07.0754 2168 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
14:41:07.0768 2168 LSI_SAS - ok
14:41:07.0797 2168 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
14:41:07.0811 2168 LSI_SCSI - ok
14:41:07.0852 2168 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\windows\system32\drivers\luafv.sys
14:41:07.0913 2168 luafv - ok
14:41:07.0944 2168 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\windows\system32\drivers\megasas.sys
14:41:07.0957 2168 megasas - ok
14:41:07.0989 2168 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\windows\system32\mmcss.dll
14:41:08.0026 2168 MMCSS - ok
14:41:08.0061 2168 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\windows\system32\drivers\modem.sys
14:41:08.0084 2168 Modem - ok
14:41:08.0129 2168 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\windows\system32\DRIVERS\monitor.sys
14:41:08.0164 2168 monitor - ok
14:41:08.0182 2168 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
14:41:08.0196 2168 mouclass - ok
14:41:08.0234 2168 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
14:41:08.0287 2168 mouhid - ok
14:41:08.0323 2168 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\windows\system32\drivers\mountmgr.sys
14:41:08.0359 2168 MountMgr - ok
14:41:08.0420 2168 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:41:08.0465 2168 MozillaMaintenance - ok
14:41:08.0491 2168 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\windows\system32\drivers\mpio.sys
14:41:08.0505 2168 mpio - ok
14:41:08.0537 2168 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
14:41:08.0573 2168 mpsdrv - ok
14:41:08.0617 2168 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\windows\system32\mpssvc.dll
14:41:08.0653 2168 MpsSvc - ok
14:41:08.0674 2168 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\windows\system32\drivers\mraid35x.sys
14:41:08.0687 2168 Mraid35x - ok
14:41:08.0720 2168 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
14:41:08.0751 2168 MRxDAV - ok
14:41:08.0785 2168 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
14:41:08.0832 2168 mrxsmb - ok
14:41:08.0879 2168 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
14:41:08.0912 2168 mrxsmb10 - ok
14:41:08.0925 2168 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
14:41:08.0955 2168 mrxsmb20 - ok
14:41:08.0985 2168 [ A7DF0C3ADB40919F91B2917FBE07A370 ] msahci C:\windows\system32\drivers\msahci.sys
14:41:08.0999 2168 msahci - ok
14:41:09.0013 2168 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\windows\system32\drivers\msdsm.sys
14:41:09.0027 2168 msdsm - ok
14:41:09.0057 2168 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\windows\System32\msdtc.exe
14:41:09.0095 2168 MSDTC - ok
14:41:09.0139 2168 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\windows\system32\drivers\Msfs.sys
14:41:09.0192 2168 Msfs - ok
14:41:09.0243 2168 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
14:41:09.0277 2168 msisadrv - ok
14:41:09.0314 2168 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\windows\system32\iscsiexe.dll
14:41:09.0361 2168 MSiSCSI - ok
14:41:09.0364 2168 msiserver - ok
14:41:09.0404 2168 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
14:41:09.0429 2168 MSKSSRV - ok
14:41:09.0482 2168 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
14:41:09.0541 2168 MSPCLOCK - ok
14:41:09.0559 2168 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\windows\system32\drivers\MSPQM.sys
14:41:09.0597 2168 MSPQM - ok
14:41:09.0644 2168 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\windows\system32\drivers\MsRPC.sys
14:41:09.0661 2168 MsRPC - ok
14:41:09.0686 2168 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
14:41:09.0747 2168 mssmbios - ok
14:41:09.0817 2168 MSSQL$MSSMLBIZ - ok
14:41:09.0885 2168 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:41:09.0939 2168 MSSQLServerADHelper - ok
14:41:09.0967 2168 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\windows\system32\drivers\MSTEE.sys
14:41:10.0002 2168 MSTEE - ok
14:41:10.0041 2168 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\windows\system32\Drivers\mup.sys
14:41:10.0074 2168 Mup - ok
14:41:10.0118 2168 [ D20F1A578BF5334348E9CAC730829A22 ] NAL C:\windows\system32\Drivers\iqvw32.sys
14:41:10.0197 2168 NAL - ok
14:41:10.0237 2168 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\windows\system32\qagentRT.dll
14:41:10.0260 2168 napagent - ok
14:41:10.0300 2168 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
14:41:10.0340 2168 NativeWifiP - ok
14:41:10.0393 2168 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\windows\system32\drivers\ndis.sys
14:41:10.0433 2168 NDIS - ok
14:41:10.0466 2168 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
14:41:10.0500 2168 NdisTapi - ok
14:41:10.0534 2168 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
14:41:10.0577 2168 Ndisuio - ok
14:41:10.0609 2168 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
14:41:10.0632 2168 NdisWan - ok
14:41:10.0644 2168 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
14:41:10.0671 2168 NDProxy - ok
14:41:10.0712 2168 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
14:41:10.0748 2168 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:41:10.0748 2168 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:41:10.0785 2168 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
14:41:10.0845 2168 NetBIOS - ok
14:41:10.0889 2168 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\windows\system32\DRIVERS\netbt.sys
14:41:10.0922 2168 netbt - ok
14:41:10.0927 2168 [ A3E186B4B935905B829219502557314E ] Netlogon C:\windows\system32\lsass.exe
14:41:10.0941 2168 Netlogon - ok
14:41:10.0989 2168 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\windows\System32\netman.dll
14:41:11.0037 2168 Netman - ok
14:41:11.0071 2168 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\windows\System32\netprofm.dll
14:41:11.0103 2168 netprofm - ok
14:41:11.0142 2168 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:41:11.0156 2168 NetTcpPortSharing - ok
14:41:11.0184 2168 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
14:41:11.0214 2168 nfrd960 - ok
14:41:11.0254 2168 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\windows\System32\nlasvc.dll
14:41:11.0298 2168 NlaSvc - ok
14:41:11.0338 2168 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\windows\system32\drivers\ccdcmb.sys
14:41:11.0412 2168 nmwcd - ok
14:41:11.0464 2168 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\windows\system32\drivers\ccdcmbo.sys
14:41:11.0509 2168 nmwcdc - ok
14:41:11.0540 2168 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\windows\system32\drivers\nmwcdnsu.sys
14:41:11.0576 2168 nmwcdnsu - ok
14:41:11.0623 2168 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\windows\system32\drivers\nmwcdnsuc.sys
14:41:11.0659 2168 nmwcdnsuc - ok
14:41:11.0698 2168 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\windows\system32\drivers\Npfs.sys
14:41:11.0735 2168 Npfs - ok
14:41:11.0773 2168 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\windows\system32\nsisvc.dll
14:41:11.0806 2168 nsi - ok
14:41:11.0842 2168 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
14:41:11.0876 2168 nsiproxy - ok
14:41:11.0937 2168 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
14:41:11.0998 2168 Ntfs - ok
14:41:12.0052 2168 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\windows\system32\drivers\ntrigdigi.sys
14:41:12.0120 2168 ntrigdigi - ok
14:41:12.0162 2168 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\windows\system32\drivers\Null.sys
14:41:12.0205 2168 Null - ok
14:41:12.0353 2168 [ E58EBC2E6B750E80C1648A3E37F47E6B ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
14:41:12.0658 2168 nvlddmkm - ok
14:41:12.0684 2168 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\windows\system32\drivers\nvraid.sys
14:41:12.0698 2168 nvraid - ok
14:41:12.0711 2168 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\windows\system32\drivers\nvstor.sys
14:41:12.0725 2168 nvstor - ok
14:41:12.0742 2168 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
14:41:12.0757 2168 nv_agp - ok
14:41:12.0760 2168 NwlnkFlt - ok
14:41:12.0764 2168 NwlnkFwd - ok
14:41:12.0835 2168 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:41:12.0878 2168 odserv - ok
14:41:12.0925 2168 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
14:41:12.0980 2168 ohci1394 - ok
14:41:13.0019 2168 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:41:13.0039 2168 ose - ok
14:41:13.0092 2168 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\windows\system32\p2psvc.dll
14:41:13.0145 2168 p2pimsvc - ok
14:41:13.0178 2168 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\windows\system32\p2psvc.dll
14:41:13.0204 2168 p2psvc - ok
14:41:13.0249 2168 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\windows\system32\DRIVERS\parport.sys
14:41:13.0276 2168 Parport - ok
14:41:13.0314 2168 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\windows\system32\drivers\partmgr.sys
14:41:13.0327 2168 partmgr - ok
14:41:13.0338 2168 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
14:41:13.0371 2168 Parvdm - ok
14:41:13.0402 2168 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\windows\System32\pcasvc.dll
14:41:13.0450 2168 PcaSvc - ok
14:41:13.0491 2168 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfd.sys
14:41:13.0509 2168 pccsmcfd - ok
14:41:13.0549 2168 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\windows\system32\drivers\pci.sys
14:41:13.0563 2168 pci - ok
14:41:13.0572 2168 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\windows\system32\drivers\pciide.sys
14:41:13.0586 2168 pciide - ok
14:41:13.0620 2168 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
14:41:13.0641 2168 pcmcia - ok
14:41:13.0699 2168 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\windows\system32\drivers\peauth.sys
14:41:13.0803 2168 PEAUTH - ok
14:41:13.0836 2168 [ C7D5CF6C7DBE6D96DE252457721BD0E8 ] PersonalSecureDrive C:\windows\System32\drivers\psd.sys
14:41:13.0879 2168 PersonalSecureDrive - ok
14:41:13.0919 2168 [ 7E5044241347DA7AB89137572A4E461D ] PersonalSecureDriveService C:\Windows\system32\IfxPsdSv.exe
14:41:13.0930 2168 PersonalSecureDriveService - ok
14:41:13.0990 2168 [ B1689DF169143F57053F795390C99DB3 ] pla C:\windows\system32\pla.dll
14:41:14.0108 2168 pla - ok
14:41:14.0155 2168 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\windows\system32\umpnpmgr.dll
14:41:14.0189 2168 PlugPlay - ok
14:41:14.0235 2168 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
14:41:14.0261 2168 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:41:14.0261 2168 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:41:14.0291 2168 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\windows\system32\p2psvc.dll
14:41:14.0328 2168 PNRPAutoReg - ok
14:41:14.0372 2168 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\windows\system32\p2psvc.dll
14:41:14.0398 2168 PNRPsvc - ok
14:41:14.0440 2168 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
14:41:14.0476 2168 PolicyAgent - ok
14:41:14.0523 2168 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
14:41:14.0592 2168 PptpMiniport - ok
14:41:14.0608 2168 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\windows\system32\drivers\processr.sys
14:41:14.0650 2168 Processor - ok
14:41:14.0683 2168 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\windows\system32\profsvc.dll
14:41:14.0705 2168 ProfSvc - ok
14:41:14.0717 2168 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\windows\system32\lsass.exe
14:41:14.0732 2168 ProtectedStorage - ok
14:41:14.0759 2168 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\windows\system32\DRIVERS\pacer.sys
14:41:14.0795 2168 PSched - ok
14:41:14.0843 2168 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\windows\system32\drivers\ql2300.sys
14:41:14.0886 2168 ql2300 - ok
14:41:14.0926 2168 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\windows\system32\drivers\ql40xx.sys
14:41:14.0963 2168 ql40xx - ok
14:41:15.0016 2168 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\windows\system32\qwave.dll
14:41:15.0076 2168 QWAVE - ok
14:41:15.0108 2168 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
14:41:15.0156 2168 QWAVEdrv - ok
14:41:15.0192 2168 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
14:41:15.0226 2168 RasAcd - ok
14:41:15.0269 2168 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\windows\System32\rasauto.dll
14:41:15.0323 2168 RasAuto - ok
14:41:15.0361 2168 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
14:41:15.0425 2168 Rasl2tp - ok
14:41:15.0469 2168 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\windows\System32\rasmans.dll
14:41:15.0505 2168 RasMan - ok
14:41:15.0537 2168 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
14:41:15.0591 2168 RasPppoe - ok
14:41:15.0614 2168 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
14:41:15.0664 2168 RasSstp - ok
14:41:15.0706 2168 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
14:41:15.0740 2168 rdbss - ok
14:41:15.0770 2168 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
14:41:15.0811 2168 RDPCDD - ok
14:41:15.0834 2168 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys
14:41:15.0879 2168 rdpdr - ok
14:41:15.0889 2168 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
14:41:15.0928 2168 RDPENCDD - ok
14:41:15.0972 2168 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
14:41:16.0020 2168 RDPWD - ok
14:41:16.0067 2168 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\windows\System32\mprdim.dll
14:41:16.0110 2168 RemoteAccess - ok
14:41:16.0153 2168 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\windows\system32\regsvc.dll
14:41:16.0184 2168 RemoteRegistry - ok
14:41:16.0208 2168 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\windows\system32\locator.exe
14:41:16.0245 2168 RpcLocator - ok
14:41:16.0269 2168 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\windows\system32\rpcss.dll
14:41:16.0296 2168 RpcSs - ok
14:41:16.0341 2168 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
14:41:16.0374 2168 rspndr - ok
14:41:16.0406 2168 [ 02FF0FBD2945B7DD67DB3FB0248AE61E ] RsvLock C:\windows\system32\drivers\RsvLock.sys
14:41:16.0423 2168 RsvLock ( UnsignedFile.Multi.Generic ) - warning
14:41:16.0423 2168 RsvLock - detected UnsignedFile.Multi.Generic (1)
14:41:16.0487 2168 [ 7436BFD3A542CF6FF55097200031B293 ] RT73 C:\windows\system32\DRIVERS\rt73.sys
14:41:16.0741 2168 RT73 - ok
14:41:16.0755 2168 RTL8187 - ok
14:41:16.0769 2168 [ 0E448C0306BA36CFD5C2388046E4ACE0 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
14:41:16.0793 2168 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 0E448C0306BA36CFD5C2388046E4ACE0
14:41:16.0793 2168 SafeBoot ( LockedFile.Multi.Generic ) - warning
14:41:16.0793 2168 SafeBoot - detected LockedFile.Multi.Generic (1)
14:41:16.0809 2168 [ A3E186B4B935905B829219502557314E ] SamSs C:\windows\system32\lsass.exe
14:41:16.0824 2168 SamSs - ok
14:41:16.0850 2168 [ F6367FB350F8E5D3F6DD8040E4C0E33B ] SbAlg C:\windows\system32\drivers\SbAlg.sys
14:41:16.0892 2168 SbAlg ( UnsignedFile.Multi.Generic ) - warning
14:41:16.0892 2168 SbAlg - detected UnsignedFile.Multi.Generic (1)
14:41:17.0020 2168 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
14:41:17.0155 2168 SBAMSvc - ok
14:41:17.0198 2168 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\windows\system32\DRIVERS\sbapifs.sys
14:41:17.0226 2168 sbapifs - ok
14:41:17.0249 2168 [ D48F49EF1CFD73D7371B96839529BC89 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys
14:41:17.0274 2168 SbFsLock - ok
14:41:17.0325 2168 [ BCF3BA30C1CFA2942CF26C31384B37C7 ] SbFw C:\windows\system32\drivers\SbFw.sys
14:41:17.0356 2168 SbFw - ok
14:41:17.0390 2168 [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCL C:\windows\system32\DRIVERS\sbfwim.sys
14:41:17.0417 2168 SBFWIMCL - ok
14:41:17.0424 2168 [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCLMP C:\windows\system32\DRIVERS\SBFWIM.sys
14:41:17.0448 2168 SBFWIMCLMP - ok
14:41:17.0499 2168 [ 1AFD7178AB9C4FCE2D332DA7AA474FA6 ] sbhips C:\windows\system32\drivers\sbhips.sys
14:41:17.0526 2168 sbhips - ok
14:41:17.0551 2168 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
14:41:17.0565 2168 sbp2port - ok
14:41:17.0603 2168 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\windows\system32\drivers\SBREdrv.sys
14:41:17.0644 2168 SBRE - ok
14:41:17.0728 2168 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
14:41:17.0806 2168 SBSDWSCService - ok
14:41:17.0860 2168 [ 9BDF801A6C78E3F1E6FA1C5CA90BAA8A ] sbwtis C:\windows\system32\DRIVERS\sbwtis.sys
14:41:17.0886 2168 sbwtis - ok
14:41:17.0922 2168 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\windows\System32\SCardSvr.dll
14:41:17.0953 2168 SCardSvr - ok
14:41:18.0003 2168 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\windows\system32\schedsvc.dll
14:41:18.0074 2168 Schedule - ok
14:41:18.0125 2168 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\windows\System32\certprop.dll
14:41:18.0145 2168 SCPolicySvc - ok
14:41:18.0189 2168 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\windows\System32\SDRSVC.dll
14:41:18.0229 2168 SDRSVC - ok
14:41:18.0241 2168 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
14:41:18.0293 2168 secdrv - ok
14:41:18.0321 2168 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\windows\system32\seclogon.dll
14:41:18.0346 2168 seclogon - ok
14:41:18.0392 2168 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\windows\System32\sens.dll
14:41:18.0425 2168 SENS - ok
14:41:18.0456 2168 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
14:41:18.0497 2168 Serenum - ok
14:41:18.0526 2168 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\windows\system32\DRIVERS\serial.sys
14:41:18.0566 2168 Serial - ok
14:41:18.0577 2168 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\windows\system32\drivers\sermouse.sys
14:41:18.0602 2168 sermouse - ok
14:41:18.0700 2168 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
14:41:18.0724 2168 ServiceLayer - ok
14:41:18.0765 2168 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\windows\system32\sessenv.dll
14:41:18.0793 2168 SessionEnv - ok
14:41:18.0818 2168 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
14:41:18.0866 2168 sffdisk - ok
14:41:18.0876 2168 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
14:41:18.0891 2168 sffp_mmc - ok
14:41:18.0896 2168 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
14:41:18.0923 2168 sffp_sd - ok
14:41:18.0942 2168 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
14:41:18.0992 2168 sfloppy - ok
14:41:19.0032 2168 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\windows\System32\ipnathlp.dll
14:41:19.0075 2168 SharedAccess - ok
14:41:19.0116 2168 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:41:19.0153 2168 ShellHWDetection - ok
14:41:19.0166 2168 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\windows\system32\drivers\sisagp.sys
14:41:19.0187 2168 sisagp - ok
14:41:19.0215 2168 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\windows\system32\drivers\sisraid2.sys
14:41:19.0246 2168 SiSRaid2 - ok
14:41:19.0264 2168 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
14:41:19.0278 2168 SiSRaid4 - ok
14:41:19.0374 2168 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\windows\system32\SLsvc.exe
14:41:19.0559 2168 slsvc - ok
14:41:19.0595 2168 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\windows\system32\SLUINotify.dll
14:41:19.0628 2168 SLUINotify - ok
14:41:19.0670 2168 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\windows\system32\DRIVERS\smb.sys
14:41:19.0697 2168 Smb - ok
14:41:19.0716 2168 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\windows\System32\snmptrap.exe
14:41:19.0732 2168 SNMPTRAP - ok
14:41:19.0769 2168 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\windows\system32\drivers\spldr.sys
14:41:19.0783 2168 spldr - ok
14:41:19.0829 2168 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\windows\System32\spoolsv.exe
14:41:19.0868 2168 Spooler - ok
14:41:19.0905 2168 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:41:19.0917 2168 SQLBrowser - ok
14:41:19.0943 2168 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:41:19.0953 2168 SQLWriter - ok
14:41:20.0002 2168 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\windows\system32\DRIVERS\srv.sys
14:41:20.0039 2168 srv - ok
14:41:20.0064 2168 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\windows\system32\DRIVERS\srv2.sys
14:41:20.0103 2168 srv2 - ok
14:41:20.0123 2168 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
14:41:20.0156 2168 srvnet - ok
14:41:20.0193 2168 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
14:41:20.0228 2168 SSDPSRV - ok
14:41:20.0261 2168 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
14:41:20.0272 2168 ssmdrv - ok
14:41:20.0311 2168 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\windows\system32\sstpsvc.dll
14:41:20.0347 2168 SstpSvc - ok
14:41:20.0396 2168 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\windows\System32\wiaservc.dll
14:41:20.0445 2168 stisvc - ok
14:41:20.0460 2168 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\windows\system32\DRIVERS\swenum.sys
14:41:20.0473 2168 swenum - ok
14:41:20.0522 2168 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\windows\System32\swprv.dll
14:41:20.0568 2168 swprv - ok
14:41:20.0584 2168 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\windows\system32\drivers\symc8xx.sys
14:41:20.0597 2168 Symc8xx - ok
14:41:20.0608 2168 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\windows\system32\drivers\sym_hi.sys
14:41:20.0621 2168 Sym_hi - ok
14:41:20.0636 2168 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\windows\system32\drivers\sym_u3.sys
14:41:20.0649 2168 Sym_u3 - ok
14:41:20.0697 2168 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\windows\system32\sysmain.dll
14:41:20.0745 2168 SysMain - ok
14:41:20.0771 2168 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\windows\System32\TabSvc.dll
14:41:20.0788 2168 TabletInputService - ok
14:41:20.0828 2168 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\windows\System32\tapisrv.dll
14:41:20.0891 2168 TapiSrv - ok
14:41:20.0923 2168 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\windows\System32\tbssvc.dll
14:41:20.0950 2168 TBS - ok
14:41:21.0002 2168 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\windows\system32\drivers\tcpip.sys
14:41:21.0079 2168 Tcpip - ok
14:41:21.0120 2168 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\windows\system32\DRIVERS\tcpip.sys
14:41:21.0148 2168 Tcpip6 - ok
14:41:21.0178 2168 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
14:41:21.0285 2168 tcpipreg - ok
14:41:21.0321 2168 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
14:41:21.0346 2168 TDPIPE - ok
14:41:21.0388 2168 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
14:41:21.0425 2168 TDTCP - ok
14:41:21.0464 2168 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\windows\system32\DRIVERS\tdx.sys
14:41:21.0497 2168 tdx - ok
14:41:21.0537 2168 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
14:41:21.0565 2168 TermDD - ok
14:41:21.0605 2168 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\windows\System32\termsrv.dll
14:41:21.0647 2168 TermService - ok
14:41:21.0681 2168 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\windows\system32\shsvcs.dll
14:41:21.0698 2168 Themes - ok
14:41:21.0707 2168 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\windows\system32\mmcss.dll
14:41:21.0732 2168 THREADORDER - ok
14:41:21.0770 2168 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\windows\system32\drivers\tpm.sys
14:41:21.0831 2168 TPM - ok
14:41:21.0864 2168 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\windows\System32\trkwks.dll
14:41:21.0891 2168 TrkWks - ok
14:41:21.0942 2168 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:41:21.0960 2168 TrustedInstaller - ok
14:41:22.0004 2168 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
14:41:22.0039 2168 tssecsrv - ok
14:41:22.0075 2168 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\windows\system32\DRIVERS\tunmp.sys
14:41:22.0103 2168 tunmp - ok
14:41:22.0136 2168 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
14:41:22.0203 2168 tunnel - ok
14:41:22.0237 2168 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\windows\system32\drivers\uagp35.sys
14:41:22.0251 2168 uagp35 - ok
14:41:22.0296 2168 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\windows\system32\DRIVERS\udfs.sys
14:41:22.0340 2168 udfs - ok
14:41:22.0375 2168 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\windows\system32\UI0Detect.exe
14:41:22.0410 2168 UI0Detect - ok
14:41:22.0429 2168 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
14:41:22.0462 2168 uliagpkx - ok
14:41:22.0485 2168 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\windows\system32\drivers\uliahci.sys
14:41:22.0504 2168 uliahci - ok
14:41:22.0522 2168 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\windows\system32\drivers\ulsata.sys
14:41:22.0537 2168 UlSata - ok
14:41:22.0551 2168 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\windows\system32\drivers\ulsata2.sys
14:41:22.0567 2168 ulsata2 - ok
14:41:22.0598 2168 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\windows\system32\DRIVERS\umbus.sys
14:41:22.0633 2168 umbus - ok
14:41:22.0676 2168 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\windows\System32\umrdp.dll
14:41:22.0725 2168 UmRdpService - ok
14:41:22.0790 2168 [ 0558985BD646203DF5F36BF0FBD241A3 ] UNS C:\Program Files\Intel\AMT\UNS.exe
14:41:22.0938 2168 UNS - ok
14:41:22.0981 2168 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\windows\System32\upnphost.dll
14:41:23.0013 2168 upnphost - ok
14:41:23.0051 2168 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\windows\system32\DRIVERS\usbser_lowerflt.sys
14:41:23.0076 2168 upperdev - ok
14:41:23.0121 2168 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
14:41:23.0143 2168 usbccgp - ok
14:41:23.0163 2168 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\windows\system32\drivers\usbcir.sys
14:41:23.0212 2168 usbcir - ok
14:41:23.0258 2168 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
14:41:23.0332 2168 usbehci - ok
14:41:23.0357 2168 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
14:41:23.0398 2168 usbhub - ok
14:41:23.0427 2168 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\windows\system32\drivers\usbohci.sys
14:41:23.0477 2168 usbohci - ok
14:41:23.0488 2168 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
14:41:23.0513 2168 usbprint - ok
14:41:23.0528 2168 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
14:41:23.0564 2168 usbscan - ok
14:41:23.0607 2168 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\windows\system32\drivers\usbser.sys
14:41:23.0638 2168 usbser - ok
14:41:23.0680 2168 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
14:41:23.0718 2168 UsbserFilt - ok
14:41:23.0754 2168 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
14:41:23.0797 2168 USBSTOR - ok
14:41:23.0835 2168 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
14:41:23.0874 2168 usbuhci - ok
14:41:23.0913 2168 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\windows\System32\uxsms.dll
14:41:23.0952 2168 UxSms - ok
14:41:23.0993 2168 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\windows\System32\vds.exe
14:41:24.0025 2168 vds - ok
14:41:24.0043 2168 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\windows\system32\DRIVERS\vgapnp.sys
14:41:24.0111 2168 vga - ok
14:41:24.0142 2168 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\windows\System32\drivers\vga.sys
14:41:24.0197 2168 VgaSave - ok
14:41:24.0223 2168 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\windows\system32\drivers\viaagp.sys
14:41:24.0246 2168 viaagp - ok
14:41:24.0260 2168 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\windows\system32\drivers\viac7.sys
14:41:24.0326 2168 ViaC7 - ok
14:41:24.0352 2168 [ 99F3E24F50B4E9282CA5EDC684D012ED ] viaide C:\windows\system32\drivers\viaide.sys
14:41:24.0389 2168 viaide - ok
14:41:24.0428 2168 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\windows\system32\drivers\volmgr.sys
14:41:24.0462 2168 volmgr - ok
14:41:24.0505 2168 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
14:41:24.0532 2168 volmgrx - ok
14:41:24.0576 2168 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\windows\system32\drivers\volsnap.sys
14:41:24.0625 2168 volsnap - ok
14:41:24.0649 2168 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
14:41:24.0663 2168 vsmraid - ok
14:41:24.0713 2168 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\windows\system32\vssvc.exe
14:41:24.0813 2168 VSS - ok
14:41:24.0830 2168 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\windows\system32\w32time.dll
14:41:24.0865 2168 W32Time - ok
14:41:24.0880 2168 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\windows\system32\drivers\wacompen.sys
14:41:24.0951 2168 WacomPen - ok
14:41:24.0977 2168 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
14:41:25.0020 2168 Wanarp - ok
14:41:25.0027 2168 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
14:41:25.0047 2168 Wanarpv6 - ok
14:41:25.0101 2168 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\windows\system32\wbengine.exe
14:41:25.0213 2168 wbengine - ok
14:41:25.0266 2168 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\windows\System32\wcncsvc.dll
14:41:25.0329 2168 wcncsvc - ok
14:41:25.0343 2168 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:41:25.0366 2168 WcsPlugInService - ok
14:41:25.0385 2168 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\windows\system32\drivers\wd.sys
14:41:25.0398 2168 Wd - ok
14:41:25.0446 2168 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
14:41:25.0500 2168 Wdf01000 - ok
14:41:25.0540 2168 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\windows\system32\wdi.dll
14:41:25.0567 2168 WdiServiceHost - ok
14:41:25.0588 2168 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\windows\system32\wdi.dll
14:41:25.0614 2168 WdiSystemHost - ok
14:41:25.0659 2168 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\windows\System32\webclnt.dll
14:41:25.0686 2168 WebClient - ok
14:41:25.0732 2168 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\windows\system32\wecsvc.dll
14:41:25.0795 2168 Wecsvc - ok
14:41:25.0832 2168 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\windows\System32\wercplsupport.dll
14:41:25.0854 2168 wercplsupport - ok
14:41:25.0890 2168 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\windows\System32\WerSvc.dll
14:41:25.0923 2168 WerSvc - ok
14:41:25.0946 2168 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
14:41:25.0973 2168 WimFltr - ok
14:41:26.0040 2168 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:41:26.0058 2168 WinDefend - ok
14:41:26.0062 2168 WinHttpAutoProxySvc - ok
14:41:26.0114 2168 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
14:41:26.0135 2168 Winmgmt - ok
14:41:26.0193 2168 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\windows\system32\WsmSvc.dll
14:41:26.0268 2168 WinRM - ok
14:41:26.0321 2168 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\windows\System32\wlansvc.dll
14:41:26.0390 2168 Wlansvc - ok
14:41:26.0440 2168 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
14:41:26.0513 2168 WmiAcpi - ok
14:41:26.0557 2168 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
14:41:26.0580 2168 wmiApSrv - ok
14:41:26.0639 2168 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:41:26.0742 2168 WMPNetworkSvc - ok
14:41:26.0790 2168 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
14:41:26.0824 2168 WPDBusEnum - ok
14:41:26.0864 2168 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\windows\system32\DRIVERS\wpdusb.sys
14:41:26.0885 2168 WpdUsb - ok
14:41:27.0015 2168 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:41:27.0050 2168 WPFFontCache_v0400 - ok
14:41:27.0083 2168 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
14:41:27.0121 2168 ws2ifsl - ok
14:41:27.0160 2168 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\windows\System32\wscsvc.dll
14:41:27.0188 2168 wscsvc - ok
14:41:27.0191 2168 WSearch - ok
14:41:27.0271 2168 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
14:41:27.0391 2168 wuauserv - ok
14:41:27.0454 2168 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
14:41:27.0515 2168 WudfPf - ok
14:41:27.0572 2168 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
14:41:27.0606 2168 WUDFRd - ok
14:41:27.0631 2168 [ 2C0206FF8D2C75AC027D1096FA2FAFDA ] wudfsvc C:\windows\System32\WUDFSvc.dll
14:41:27.0670 2168 wudfsvc - ok
14:41:27.0692 2168 ================ Scan global ===============================
14:41:27.0730 2168 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\windows\system32\basesrv.dll
14:41:27.0776 2168 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\windows\system32\winsrv.dll
14:41:27.0798 2168 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\windows\system32\winsrv.dll
14:41:27.0840 2168 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\windows\system32\services.exe
14:41:27.0846 2168 [Global] - ok
14:41:27.0846 2168 ================ Scan MBR ==================================
14:41:27.0858 2168 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:41:28.0289 2168 \Device\Harddisk0\DR0 - ok
14:41:28.0292 2168 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
14:41:28.0416 2168 \Device\Harddisk5\DR5 - ok
14:41:28.0416 2168 ================ Scan VBR ==================================
14:41:28.0442 2168 [ 3B75232F894A7A97C06E71DB35DD9BE0 ] \Device\Harddisk0\DR0\Partition1
14:41:28.0443 2168 \Device\Harddisk0\DR0\Partition1 - ok
14:41:28.0470 2168 [ 39E1DB2B951A38D996E3858272FAE47B ] \Device\Harddisk0\DR0\Partition2
14:41:28.0472 2168 \Device\Harddisk0\DR0\Partition2 - ok
14:41:28.0481 2168 [ 0E0D07717B8D043D47D531F2AE44A099 ] \Device\Harddisk0\DR0\Partition3
14:41:28.0483 2168 \Device\Harddisk0\DR0\Partition3 - ok
14:41:28.0486 2168 [ 9AEBC3D5DCE373C163712E3AE6E959E1 ] \Device\Harddisk5\DR5\Partition1
14:41:28.0488 2168 \Device\Harddisk5\DR5\Partition1 - ok
14:41:28.0488 2168 ============================================================
14:41:28.0488 2168 Scan finished
14:41:28.0488 2168 ============================================================
14:41:28.0498 5244 Detected object count: 12
14:41:28.0498 5244 Actual detected object count: 12
14:41:49.0060 5244 ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0060 5244 ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:49.0061 5244 ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0061 5244 ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:49.0062 5244 HpFkCryptService ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0062 5244 HpFkCryptService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:49.0063 5244 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0063 5244 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:49.0064 5244 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0064 5244 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:49.0066 5244 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0066 5244 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:49.0067 5244 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0067 5244 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:49.0068 5244 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0068 5244 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:49.0069 5244 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0069 5244 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:49.0070 5244 RsvLock ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0070 5244 RsvLock ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:49.0071 5244 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
14:41:49.0071 5244 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
14:41:49.0073 5244 SbAlg ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:49.0073 5244 SbAlg ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:42:40.0873 5340 Deinitialize success
|
|
25.09.2012, 15:05
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit nervigen Pop-Ups von ad.adserverplus.com Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2012, 16:18
| #25 |
| | Problem mit nervigen Pop-Ups von ad.adserverplus.com Hier der Log von Combofix nach der Ausführung (bei mir kam die erwähnte Fehlermeldung beim Starten von Programmen, dann habe ich manuell neu gestartet, und jetzt klappt's wieder): Code:
ATTFilter ComboFix 12-09-24.03 - Gian 25.09.2012 16:50:48.1.4 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.41.1031.18.3566.2108 [GMT 2:00]
ausgeführt von:: c:\users\Gian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\tmp1DCE.tmp
c:\programdata\tmp2141.tmp
c:\programdata\tmp2AAC.tmp
c:\programdata\tmp367C.tmp
c:\programdata\tmp46DA.tmp
c:\programdata\tmpA06E.tmp
c:\programdata\tmpA333.tmp
c:\programdata\tmpA650.tmp
c:\programdata\tmpBC9B.tmp
c:\programdata\tmpC340.tmp
c:\programdata\tmpF161.tmp
c:\programdata\tmpF597.tmp
c:\users\Gian\AppData\Local\assembly\tmp
D:\Autorun.inf
M:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-25 bis 2012-09-25 ))))))))))))))))))))))))))))))
.
.
2012-09-16 15:14 . 2012-09-16 15:14 -------- d-----w- C:\_OTL
2012-09-14 13:03 . 2012-09-14 13:03 -------- d-----w- c:\program files\Scan2PDF
2012-09-10 16:18 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-09-10 16:16 . 2009-07-14 17:48 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-09-10 16:16 . 2009-07-14 17:45 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-09-10 16:16 . 2009-07-14 17:48 64512 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-09-10 16:16 . 2009-07-14 17:48 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-09-10 16:16 . 2009-07-14 17:45 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-09-10 16:16 . 2009-07-14 17:48 567808 ----a-w- c:\windows\system32\WUDFx.dll
2012-09-10 16:16 . 2009-07-14 17:45 195584 ----a-w- c:\windows\system32\WUDFHost.exe
2012-09-10 07:51 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-09-10 07:51 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-09-10 07:51 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-09-10 07:51 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-09-10 07:51 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-09-10 07:37 . 2012-09-10 07:37 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-09-09 17:38 . 2012-09-09 17:38 -------- d-----w- c:\program files\Windows Portable Devices
2012-09-09 17:33 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-09-09 17:33 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-09-09 17:33 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-09-09 17:33 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-09-09 17:33 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-09-09 17:33 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-09-09 17:33 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-09-09 17:33 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-09-09 17:33 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-09-09 17:33 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-09-09 17:25 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-09 17:25 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-09-09 17:25 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-09 17:25 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-09 17:22 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-09-09 17:22 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-09 17:22 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-09 17:22 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-09-09 17:22 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-09-09 17:22 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-09-09 17:22 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-09-09 17:22 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-09-09 17:22 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-09-09 17:22 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-09-09 17:21 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-09-09 17:20 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-09 17:20 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-09-09 17:19 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-09 17:19 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-09 17:19 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-09-09 17:19 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-09-09 17:19 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-09-09 17:19 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-09-09 17:19 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-09-09 17:19 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-09-09 17:19 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-09-09 17:19 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-09-09 17:18 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-09-09 17:18 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-09-09 17:18 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-09-09 17:14 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-09-09 17:14 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-09-09 17:14 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-09-09 17:14 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-09-09 17:14 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-09-09 17:13 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-09 17:11 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-09-09 17:11 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-09-09 17:11 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-09-09 17:11 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-09-09 17:11 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-09-09 17:09 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-09-09 17:09 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-09-09 17:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-09 17:09 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-09 17:09 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-09 17:08 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-09-09 17:05 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-09-09 17:05 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-09-09 17:05 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-09-09 17:05 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-09-09 17:05 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-09-09 17:05 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-09-09 17:03 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-09-09 15:40 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-09-09 15:17 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-09 15:17 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-09-09 15:17 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-09 15:17 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-09-09 15:16 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-09-09 15:16 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-09-09 15:16 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-09-09 15:16 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-09 15:16 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-09-08 13:51 . 2012-09-08 13:51 -------- d-----w- c:\program files\ESET
2012-09-08 13:31 . 2012-09-08 13:32 -------- d-----w- c:\windows\system32\ca-ES
2012-09-08 13:31 . 2012-09-08 13:32 -------- d-----w- c:\windows\system32\eu-ES
2012-09-08 13:31 . 2012-09-08 13:32 -------- d-----w- c:\windows\system32\vi-VN
2012-09-06 08:54 . 2012-09-06 08:54 -------- d-----w- c:\users\Gian\AppData\Roaming\Malwarebytes
2012-09-06 08:54 . 2012-09-06 08:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-06 08:54 . 2012-09-06 08:54 -------- d-----w- c:\programdata\Malwarebytes
2012-09-06 08:54 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 14:43 . 2012-09-02 14:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 14:43 . 2012-05-31 14:42 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 14:43 . 2010-09-14 07:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 07:33 . 2012-04-05 11:30 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 07:33 . 2011-05-21 07:23 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 00:41 . 2012-08-14 08:10 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF1F214B-9795-4AF0-AD8F-95CCA3A4CDFE}\mpengine.dll
2012-09-07 16:30 . 2012-09-07 16:29 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2010-03-23 102168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SJelite3Launch"="c:\users\Gian\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe" [2010-02-08 184320]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-07 408344]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-11 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1261568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-17 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:33]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 12:49]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 12:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=74&bd=smb&pf=desktop
uSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gian\AppData\Roaming\Mozilla\Firefox\Profiles\dzb5m6mh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Combined Community Codec Pack_is1 - c:\program files\Combined Community Codec Pack\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-25 17:01
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2941777305-1265517549-1356088365-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%{*%]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2941777305-1265517549-1356088365-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%{*%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2941777305-1265517549-1356088365-1006\Software\SecuROM\License information*]
"datasecu"=hex:59,77,2c,f2,c8,f9,5e,78,7b,43,e2,80,9d,26,11,12,fb,b6,9b,44,e3,
bc,4b,15,a8,ff,70,bf,82,52,01,c0,f3,6c,47,44,f3,aa,4b,ed,94,93,ca,da,9d,fb,\
"rkeysecu"=hex:76,ba,b3,eb,84,e7,63,72,6d,f7,1b,db,c4,7a,33,ea
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(652)
c:\windows\SbHpNp.dll
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
- - - - - - - > 'Explorer.exe'(5272)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\AMT\UNS.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\conime.exe
c:\windows\SMINST\scheduler.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\AD-AWA~1\AdAware.exe
c:\program files\Ad-Aware Antivirus\SBAMSvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-25 17:06:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-25 15:06
.
Vor Suchlauf: 20 Verzeichnis(se), 94'305'914'880 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 94'285'385'728 Bytes frei
.
- - End Of File - - 097AC2C76D2AD1E1A81D6459A7346FB2
|
|
25.09.2012, 19:22
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit nervigen Pop-Ups von ad.adserverplus.com Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2012, 10:08
| #27 |
| | Problem mit nervigen Pop-Ups von ad.adserverplus.com Hier das Log von OSAM (GMER hat leider nicht funktioniert): Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:06:52 on 27.09.2012 OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Bioscrypt Inc." - C:\windows\system32\APSHook.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "ReclaimerUpdateFiles_Gian.job" - "RealNetworks, Inc." - C:\Users\Gian\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe "ReclaimerUpdateXML_Gian.job" - "RealNetworks, Inc." - C:\Users\Gian\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe "RNUpgradeHelperLogonPrompt_Gian.job" - "RealNetworks, Inc." - C:\Users\Gian\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "CognizanceWS" - "Cognizance Corporation" - C:\PROGRA~1\HEWLET~1\IAM\Bin\Settings.dll "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\windows\System32\DRIVERS\hamachi.sys "HPFXBULK" (HPFXBULK) - "Hewlett Packard" - C:\windows\System32\drivers\hpfxbulk.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lbd" (Lbd) - ? - C:\windows\System32\DRIVERS\Lbd.sys (File not found) "lmimirr" (lmimirr) - "LogMeIn, Inc." - C:\windows\System32\DRIVERS\lmimirr.sys "LogMeIn Kernel Information Provider" (LMIInfo) - ? - C:\Program Files\LogMeIn\x86\RaInfo.sys (File not found) "LogMeIn Remote File System Driver" (LMIRfsDriver) - "LogMeIn, Inc." - C:\windows\system32\drivers\LMIRfsDriver.sys "Nal Service " (NAL) - "Intel Corporation " - C:\windows\system32\Drivers\iqvw32.sys "NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver" (RTL8187) - ? - C:\windows\System32\DRIVERS\wg111v2.sys (File not found) "RsvLock" (RsvLock) - "SafeBoot International" - C:\windows\system32\drivers\RsvLock.sys "SafeBoot" (SafeBoot) - "SafeBoot International" - C:\windows\system32\drivers\SafeBoot.sys (File is exclusively opened, access blocked) "SbAlg" (SbAlg) - "SafeBoot N.V." - C:\windows\system32\drivers\SbAlg.sys "sbapifs" (sbapifs) - "GFI Software" - C:\windows\System32\DRIVERS\sbapifs.sys "SbFsLock" (SbFsLock) - "SafeBoot International" - C:\windows\system32\drivers\SbFsLock.sys "SbFw" (SbFw) - "GFI Software" - C:\windows\System32\drivers\SbFw.sys "sbhips" (sbhips) - "GFI Software" - C:\windows\System32\drivers\sbhips.sys "SBRE" (SBRE) - "GFI Software" - C:\windows\system32\drivers\SBREdrv.sys "sbwtis" (sbwtis) - "GFI Software" - C:\windows\System32\DRIVERS\sbwtis.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Expression\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL {E08BF9C5-191E-4B15-8F67-2622B4DB5580} "PSDShCtrl Class" - "Infineon Technologies AG" - C:\Windows\system32\PSDShExt.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "SampleView" - "XSS" - C:\Windows\System32\ShellvRTF.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL {AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544} "Web Sites" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\12\BIN\FPNSE.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} "Performance Viewer Activex Control" - "LogMeIn, Inc." - C:\Windows\Downloaded Program Files\RACtrl.dll / https://secure.logmein.com/activex/ractrl.cab?lmi=100 {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\windows\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DF21F1DB-80C6-11D3-9483-B03D0EC10000} "Credential Manager for HP ProtectTools" - "Bioscrypt Inc." - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll {00AF1458-D967-4C0E-B736-D6D010521EF5} "Snapform Viewer PlugIn for IE" - "Ringler Informatik AG" - C:\Program Files\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "SafeBoot International" - C:\windows\SbHpNp.dll "Notification packages" - "Cognizance Corporation" - C:\Program Files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Gian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Allway Sync" - ? - "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m (File found, but it contains no detailed information) "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "NokiaSuite.exe" - "Nokia" - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray "SJelite3Launch" - ? - C:\Users\Gian\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe (File found, but it contains no detailed information) "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Ad-Aware Antivirus" - "Lavasoft Limited" - "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run "Ad-Aware Browsing Protection" - "Lavasoft" - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "atchk" - "Intel Corporation" - "C:\Program Files\Intel\AMT\atchk.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CognizanceTS" - "Cognizance Corporation" - rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule "HPUsageTracking" - "Hewlett-Packard Company" - "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "IFXSPMGT" - "Infineon Technologies AG" - C:\Windows\system32\ifxspmgt.exe /NotifyLogon "PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SetRefresh" - "Hewlett-Packard Company" - C:\Program Files\HP\SetRefresh\SetRefresh.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "ST Recovery Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Credential Manager" - "Cognizance Corporation" - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "HP FVE Network Provider" - "SafeBoot International" - C:\Windows\SbHpNp.DLL "LogMeIn Virtual Disk Network" - "LogMeIn, Inc." - C:\windows\system32\LMIRfsClientNP.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "doPDF 6 Monitor" - "Softland" - C:\windows\system32\dopdfmn6.dll "EPSON Stylus CX4080 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\windows\system32\E_FLBBFE.DLL "LogMeIn Printer Port Monitor" - "LogMeIn, Inc." - C:\windows\system32\LMIport.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\windows\system32\mdimon.dll "PrimoMon" - ? - C:\windows\system32\Primomonnt.dll (File found, but it contains no detailed information) "Redmon" - ? - C:\windows\system32\redmonnt.dll (File found, but it contains no detailed information) "Solid PDF Port Monitor" - ? - C:\windows\system32\solidlocalmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Ad-Aware" (SBAMSvc) - "GFI Software" - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe "Ad-Aware Service" (Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Anmeldesitzungsbroker" (ASBroker) - "Cognizance Corporation" - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Drive Encryption Service" (HpFkCryptService) - "SafeBoot International" - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Active Management Technology Local Management Service" (LMS) - "Intel" - C:\Program Files\Intel\AMT\LMS.exe "Intel(R) Active Management Technology System Status Service" (atchksrv) - "Intel Corporation" - C:\Program Files\Intel\AMT\atchksrv.exe "Intel(R) Active Management Technology User Notification Service" (UNS) - "Intel" - C:\Program Files\Intel\AMT\UNS.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Lokaler Verbindungskanal" (ASChannel) - "Cognizance Corporation" - C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Personal Secure Drive service for encrypted drives" (PersonalSecureDriveService) - "Infineon Technologies AG" - C:\Windows\system32\IfxPsdSv.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "Security Platform Management Service" (IFXSpMgtSrv) - "Infineon Technologies AG" - C:\Windows\system32\ifxspmgt.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "Trusted Platform Core Service" (IFXTCS) - "Infineon Technologies AG" - C:\Windows\system32\ifxtcs.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - C:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 11:11:25
-----------------------------
11:11:25.930 OS Version: Windows 6.0.6002 Service Pack 2
11:11:25.930 Number of processors: 4 586 0x1707
11:11:25.932 ComputerName: CZC8270Z8F UserName: Gian
11:11:54.998 Initialze error 0
11:25:44.332 AVAST engine defs: 12092700
11:27:19.702 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:27:19.704 Disk 0 Vendor: Intel___ 1.0. Size: 238472MB BusType: 8
11:27:19.729 Disk 0 MBR read successfully
11:27:19.731 Disk 0 MBR scan
11:27:19.746 Disk 0 Windows VISTA default MBR code
11:27:19.755 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 224116 MB offset 2048
11:27:19.783 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12339 MB offset 458993115
11:27:19.805 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 2014 MB offset 484263936
11:27:19.834 Disk 0 scanning sectors +488388608
11:27:19.875 Disk 0 scanning C:\windows\system32\drivers
11:27:19.879 Service scanning
11:27:20.628 Modules scanning
11:27:21.403 Disk 0 trace - called modules:
11:27:21.744 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
11:27:21.748 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8778bac8]
11:27:21.752 3 CLASSPNP.SYS[8bfb68b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86740030]
11:27:21.959 AVAST engine scan C:\windows
11:27:22.030 AVAST engine scan C:\windows\system32
11:27:22.112 AVAST engine scan C:\windows\system32\drivers
11:27:22.147 AVAST engine scan C:\Users\Gian
11:27:22.159 AVAST engine scan C:\ProgramData
11:27:22.163 Scan finished successfully
11:27:54.287 Disk 0 MBR has been saved successfully to "C:\Users\Gian\Desktop\MBR.dat"
11:27:54.292 The log file has been saved successfully to "C:\Users\Gian\Desktop\aswMBR.txt"
|
|
27.09.2012, 16:13
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit nervigen Pop-Ups von ad.adserverplus.com Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 08:37
| #29 |
| | Problem mit nervigen Pop-Ups von ad.adserverplus.com Hier das Logfile vom Vollscan mit Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.01.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Gian :: CZC8270Z8F [Administrator] 01.10.2012 19:12:22 mbam-log-2012-10-01 (19-12-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|M:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 536045 Laufzeit: 3 Stunde(n), 27 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
02.10.2012, 15:06
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit nervigen Pop-Ups von ad.adserverplus.com Das ist schon mal gut Wie weit ist das andere?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Problem mit nervigen Pop-Ups von ad.adserverplus.com |
| .dll, ad-aware, administrator, anti-malware, antivirus, autostart, avira, dateien, explorer, firefox, install.exe, logfile, löschen, malwarebytes, microsoft, nerven, neue, neue seite, pop-ups, problem, programme, seite, software, speicher, system, uninstall.exe, vista |
Linear-Darstellung
