| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.10.2012, 21:25
| #1 |
 |  Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 Habe folgendes Problem und hoffe hier auf fachkundige Hilfe... :-) Mein Vater bekam vorgestern eine Mail mit dieser gefakten Vodafone-Rechnung. Er rief mich gleich an und ich riet ihm (nachdem ich kurz gegoogelt hatte), die Mail sofort zu löschen, was er auch getan hat. Gestern war ich bei ihm und er zeigte mir, dass sein Browser (IE) nicht mehr funktioniert. Der Browser flackert, also er blitzt immer ganz hell auf und es lässt sich nichts anklicken und öffnen. Hab dann mal den Virenscanner drübergejagt (Avira) und der hat den Virus DumbCRC.0 aus der PDF-Datei der Vodafon-Mail gefunden, obwohl mein Vater angeblich die Mail und auch nicht den Anhang geöffnet hat. Bei einem früheren Durchlauf gestern Morgen hat Avira noch nichts gefunden, da war aber das Browser-Problem schon da. Bei Firefox und Opera tritt das Flackern nicht auf. Meine eigentliche Frage ist nun, hat das Flackern was mit dem Virus bzw Trojaner zu tun oder ist das ein ganz anderes Problem? Hinzufügen möchte ich noch, dass mein Vater bisher immer Firefox benutzte, dieser aber immer langsamer wurde und spätestens beim Starten von Videos nix mehr ging. Seit dem benutze er problemlos den IE. Danke fürs Helfen im Voraus! |
|
24.10.2012, 21:37
| #2 |
| /// Malware-holic   | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 hi
__________________wer solche, oder ähnlich verdächtige mails bekommt, diese an uns weiterleiten, wie das geht steht in meiner signatur. zu der frage. avira findet die pdf in der mail, egal ob sie geöffnet wurde oder nicht. evtl. liegt sie im papierkorb des mail programms, dazu benötige ich den scan bericht um dir das sagen zu können. avira, berichte, dort ist er. außerdem: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
24.10.2012, 21:58
| #3 |
| | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 OK, werd ich tun. Am WE bin ich wieder dort.
__________________Die Mail kann ich leider nicht mehr an Euch weiterleiten, da sie gelöscht wurde. Könnte sein, dass sie noch im Papierkorb ist, muss ich mal nachsehen... |
|
28.10.2012, 12:10
| #4 |
| | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 So bin jetzt am betroffenen Rechner. Heute funktioniert der IE, mit Firefox und Chrome geht gar nix. Hier nun die Auswertung... OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2012 11:39:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads_Internet\Programme Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 57,82% Memory free 3,99 Gb Paging File | 2,42 Gb Available in Paging File | 60,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 349,06 Gb Total Space | 249,39 Gb Free Space | 71,45% Space Free | Partition Type: NTFS Drive D: | 116,70 Gb Total Space | 110,12 Gb Free Space | 94,36% Space Free | Partition Type: NTFS Computer Name: WIHAKO-PC | User Name: wihako | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.28 11:31:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads_Internet\Programme\OTL.exe PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011.12.11 12:56:40 | 000,033,792 | ---- | M] (EasyBits Software Corp.) -- C:\WINDOWS\System32\ezntsvc.exe PRC - [2011.08.14 15:51:46 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.08.14 15:51:45 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.08.14 15:51:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.10.29 21:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Vid HD\Vid.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.06.27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.06.27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007.03.01 16:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.01.18 07:43:56 | 000,183,320 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\SharedBin\LvApi11.dll MOD - [2010.10.29 21:02:38 | 000,751,616 | ---- | M] () -- C:\Programme\Logitech\Vid HD\vpxmd.dll MOD - [2010.10.29 21:01:30 | 000,027,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\SDL.dll MOD - [2009.04.22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtNetwork4.dll MOD - [2009.04.10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtCore4.dll MOD - [2009.03.03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll MOD - [2009.03.03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll MOD - [2009.03.03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll MOD - [2009.03.03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtWebKit4.dll MOD - [2009.03.03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtXml4.dll MOD - [2009.03.03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtSql4.dll MOD - [2009.03.03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtOpenGL4.dll MOD - [2009.03.03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtGui4.dll MOD - [2009.03.03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Programme\Logitech\Vid HD\phonon4.dll ========== Services (SafeList) ========== SRV - [2012.10.23 17:25:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.10 07:47:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 13:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.12.11 12:56:40 | 000,033,792 | ---- | M] (EasyBits Software Corp.) [Auto | Running] -- C:\WINDOWS\System32\ezntsvc.exe -- (ezntsvc) SRV - [2011.08.14 15:51:46 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.08.14 15:51:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.01.09 11:46:24 | 000,410,976 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.08.14 15:51:46 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.08.14 15:51:46 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.08.12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVNET) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.05.22 20:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.10.26 17:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKLM\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {ABC4246F-515B-46F1-94EC-45ADFD0F9B08} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{ABC4246F-515B-46F1-94EC-45ADFD0F9B08}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alba-schottland.de/start.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{ABC4246F-515B-46F1-94EC-45ADFD0F9B08}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1ex6Kptuuyb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.alba-schottland.de/start.html" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {990af1c2-5a27-4460-8149-ecc6bc122af3}:10.10.27.6 FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1ex6Kptuuyb&search=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.23 17:25:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.23 17:25:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.18 17:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wihako\AppData\Roaming\mozilla\Extensions [2012.10.23 19:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wihako\AppData\Roaming\mozilla\Firefox\Profiles\fk5zdrwx.default\extensions [2011.08.22 14:45:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\wihako\AppData\Roaming\mozilla\Firefox\Profiles\fk5zdrwx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.27 10:19:01 | 000,000,000 | ---D | M] (IncrediMail MediaBar Deutsch 2) -- C:\Users\wihako\AppData\Roaming\mozilla\Firefox\Profiles\fk5zdrwx.default\extensions\{990af1c2-5a27-4460-8149-ecc6bc122af3} [2012.08.24 14:59:12 | 000,002,187 | ---- | M] () -- C:\Users\wihako\AppData\Roaming\mozilla\firefox\profiles\fk5zdrwx.default\searchplugins\MyStart Search.xml [2012.10.23 17:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.23 17:24:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.23 17:24:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.23 17:24:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.23 17:25:35 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.03 07:44:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.14 19:43:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.03 07:44:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.03 07:44:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.03 07:44:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.03 07:44:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: MyStart Search (Enabled) CHR - default_search_provider: search_url = hxxp://mystart.incredimail.com//?loc=GC_Default_Search&search={searchTerms}&a=1ex6Kptuuyb CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\wihako\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Skype Click to Call = C:\Users\wihako\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [dnstupack] C:\Users\wihako\AppData\Roaming\dnstupack.exe () O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D22D3EAC-539E-47D7-9131-4048FF12A0AD}: NameServer = 89.246.64.8 82.145.9.8 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\WINDOWS\System32\ezShellStart.exe (EasyBits Software Corp.) O24 - Desktop WallPaper: C:\Bilder\fotos 2007\2007 schottland\296.jpg O24 - Desktop BackupWallPaper: C:\Bilder\fotos 2007\2007 schottland\296.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\WINDOWS\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.03 17:21:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.23 17:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.10.28 11:34:36 | 000,002,623 | ---- | M] () -- C:\Users\wihako\Desktop\Microsoft Word.lnk [2012.10.28 11:23:42 | 000,050,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.28 11:23:42 | 000,018,148 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.28 11:23:42 | 000,013,316 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.28 11:23:42 | 000,007,126 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.28 11:18:31 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 11:18:31 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 11:18:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.28 11:18:12 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys [2012.10.23 19:25:37 | 000,001,744 | ---- | M] () -- C:\Users\wihako\Desktop\Mozilla Firefox.lnk [2012.10.23 16:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.23 16:38:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.23 16:09:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.20 21:52:51 | 000,689,018 | ---- | M] () -- C:\Users\wihako\Documents\DSCI0054.JPG [2012.10.20 21:52:37 | 001,381,083 | ---- | M] () -- C:\Users\wihako\Documents\DSCI0046.JPG [2012.10.20 21:35:24 | 005,621,248 | ---- | M] () -- C:\Users\wihako\Documents\utf-8''Raindrops.pps ========== Files Created - No Company Name ========== [2012.10.23 19:25:37 | 000,001,744 | ---- | C] () -- C:\Users\wihako\Desktop\Mozilla Firefox.lnk [2012.10.20 21:52:51 | 000,689,018 | ---- | C] () -- C:\Users\wihako\Documents\DSCI0054.JPG [2012.10.20 21:52:36 | 001,381,083 | ---- | C] () -- C:\Users\wihako\Documents\DSCI0046.JPG [2012.10.20 21:35:23 | 005,621,248 | ---- | C] () -- C:\Users\wihako\Documents\utf-8''Raindrops.pps [2012.07.19 09:41:20 | 000,102,180 | ---- | C] () -- C:\Users\wihako\Dias_Herbert_komplett.nri [2012.07.09 14:49:57 | 000,006,688 | ---- | C] () -- C:\Windows\MOVEXE.EXE [2012.04.01 12:09:44 | 000,246,451 | ---- | C] () -- C:\Users\wihako\Dias2.nri [2012.04.01 12:08:48 | 000,289,409 | ---- | C] () -- C:\Users\wihako\Dias1.nri [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.12.31 11:25:14 | 000,000,680 | ---- | C] () -- C:\Users\wihako\AppData\Local\d3d9caps.dat [2011.12.11 12:56:42 | 000,008,836 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2011.12.08 17:48:06 | 000,000,104 | ---- | C] () -- C:\Windows\GKERDE3D.INI [2011.12.08 17:48:04 | 000,099,621 | ---- | C] () -- C:\Windows\GKEDEINS.EXE [2011.11.29 10:28:22 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll [2011.11.07 17:53:06 | 000,024,206 | ---- | C] () -- C:\Users\wihako\AppData\Roaming\UserTile.png [2011.10.20 08:30:46 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.09.21 18:44:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.09.10 17:02:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.09.10 17:02:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.08.29 13:56:10 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI [2011.08.23 15:37:26 | 000,129,536 | ---- | C] () -- C:\Users\wihako\AppData\Roaming\dnstupack.exe [2011.08.18 17:03:43 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.08.16 13:26:09 | 000,025,088 | ---- | C] () -- C:\Users\wihako\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.16 12:00:01 | 000,000,204 | ---- | C] () -- C:\Windows\ulead32.ini [2011.08.14 16:24:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.08.14 14:35:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.03 11:17:51 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\Canon [2012.01.04 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\CD-LabelPrint [2012.01.07 10:55:28 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\Digilabs [2012.02.27 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\Engelmann Media [2011.11.26 19:39:30 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\Leadertech [2012.10.23 16:28:46 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\XnView ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.08.14 14:20:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.10.20 22:10:37 | 000,000,000 | ---D | M] -- C:\Anlagen_eMail [2012.08.16 16:30:57 | 000,000,000 | ---D | M] -- C:\BAUKAST [2012.02.15 19:15:15 | 000,000,000 | ---D | M] -- C:\Bilder [2011.10.19 18:41:27 | 000,000,000 | -HSD | M] -- C:\Boot [2012.07.19 09:50:18 | 000,000,000 | ---D | M] -- C:\DIAS [2011.08.14 14:10:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.08.29 13:39:46 | 000,000,000 | ---D | M] -- C:\Downloads_Internet [2011.12.08 17:48:01 | 000,000,000 | ---D | M] -- C:\GKERDE [2011.08.14 14:26:38 | 000,000,000 | -H-D | M] -- C:\hp [2012.07.09 14:50:04 | 000,000,000 | ---D | M] -- C:\PCCHAMP [2011.08.29 13:55:40 | 000,000,000 | ---D | M] -- C:\PCWELT [2011.10.29 18:18:14 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.23 19:21:25 | 000,000,000 | R--D | M] -- C:\Program Files [2012.06.26 17:37:12 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.08.14 14:10:57 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.28 11:42:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.14 14:14:45 | 000,000,000 | R--D | M] -- C:\Users [2012.10.23 16:29:09 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 13:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 13:58:10 | 000,032,554 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.08.14 15:54:58 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.08.14 15:54:59 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.09.22 16:39:19 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2011.08.18 20:32:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2011.08.18 20:32:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2011.08.18 20:32:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.08.18 20:31:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2011.08.18 20:31:47 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2011.08.18 20:31:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2011.08.18 21:09:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2011.08.18 21:09:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2011.08.18 20:31:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.03.19 14:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\hp\DRIVERS\NVIDIA_Serial_ATA\nvstor32.sys [2007.03.19 14:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvstor32.inf_1306af02\nvstor32.sys [2007.10.26 17:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\WINDOWS\System32\drivers\nvstor32.sys [2007.10.26 17:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvrd32.inf_0f6358b4\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.07.03 16:46:23 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.07.03 16:46:23 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2011.10.27 08:11:49 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.10.27 08:11:49 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < %USERPROFILE%\*.* > [2012.04.01 12:33:12 | 000,289,409 | ---- | M] () -- C:\Users\wihako\Dias1.nri [2012.04.01 12:20:00 | 000,246,451 | ---- | M] () -- C:\Users\wihako\Dias2.nri [2012.07.19 10:00:30 | 000,102,180 | ---- | M] () -- C:\Users\wihako\Dias_Herbert_komplett.nri [2012.10.28 11:50:16 | 003,670,016 | -HS- | M] () -- C:\Users\wihako\NTUSER.DAT [2012.10.28 11:50:16 | 000,262,144 | -H-- | M] () -- C:\Users\wihako\ntuser.dat.LOG1 [2012.04.11 19:07:06 | 000,262,144 | -H-- | M] () -- C:\Users\wihako\ntuser.dat.LOG2 [2012.10.27 09:42:44 | 000,065,536 | -HS- | M] () -- C:\Users\wihako\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2012.10.27 09:42:44 | 000,524,288 | -HS- | M] () -- C:\Users\wihako\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2011.08.14 14:14:57 | 000,524,288 | -HS- | M] () -- C:\Users\wihako\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2011.08.14 14:14:58 | 000,000,020 | -HS- | M] () -- C:\Users\wihako\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 716 bytes -> C:\Users\wihako\Documents\Adventsfahrt.eml:OECustomProperty @Alternate Data Stream - 681 bytes -> C:\Users\wihako\Documents\Weiterl__ WG_ (fwd).eml:OECustomProperty < End of report > Extra.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2012 11:39:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads_Internet\Programme
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 57,82% Memory free
3,99 Gb Paging File | 2,42 Gb Available in Paging File | 60,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 349,06 Gb Total Space | 249,39 Gb Free Space | 71,45% Space Free | Partition Type: NTFS
Drive D: | 116,70 Gb Total Space | 110,12 Gb Free Space | 94,36% Space Free | Partition Type: NTFS
Computer Name: WIHAKO-PC | User Name: wihako | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29C8AE67-920D-44D2-B2E5-E6F9722C976C}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{30803E55-5175-4ACF-BCB6-BED2449331A1}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{616C8E8C-58A6-4043-B135-B0FEC7558C12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0F37311D-A804-4B0F-905B-33A3516228C8}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{CBBABC47-3DB6-49F6-9457-C50FF14890FF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6BBF4829-5616-48EB-837B-24866AF7B0F7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E34A6CF0-4D0B-48FB-8072-EBE9D1AA6902}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{33D21DE0-8363-4997-A960-E32EA9D84AB3}" = KODAK Create@Home Software (für dm)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C8550C86-A712-4219-AD4C-038C9FD1D149}" = Ulead PhotoImpact 11
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CCFF1CFE-0327-424C-0001-6796B1D17F13}" = Photomizer Scan
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.23
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP4800 series Benutzerregistrierung" = Canon iP4800 series Benutzerregistrierung
"Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Fotobuch_is1" = Fotobuch
"Google Chrome" = Google Chrome
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"IncrediMail_MediaBar_Deutsch_2 Toolbar" = IncrediMail MediaBar Deutsch 2 Toolbar
"Logitech Vid" = Logitech Vid HD
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Paint Shop Pro 5.03" = Paint Shop Pro 5.03 CD
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"RealPlayer 6.0" = RealPlayer
"XnView_is1" = XnView 1.95.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.10.2012 08:10:34 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 15f4 Anfangszeit: 01cdb11696668a46 Zeitpunkt
der Beendigung: 0
Error - 23.10.2012 08:59:33 | Computer Name = wihako-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16450, Zeitstempel
0x503723f6, fehlerhaftes Modul IEFRAME.dll, Version 9.0.8112.16450, Zeitstempel
0x5037273b, Ausnahmecode 0xc0000005, Fehleroffset 0x000b2b8e, Prozess-ID 0xaec,
Anwendungsstartzeit 01cdb11df78437aa.
Error - 23.10.2012 09:01:05 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1dfc Anfangszeit: 01cdb11e55e6828a Zeitpunkt
der Beendigung: 10
Error - 23.10.2012 09:01:45 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: fc8 Anfangszeit: 01cdb11e77a93d9a Zeitpunkt
der Beendigung: 8
Error - 23.10.2012 09:15:19 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 17d0 Anfangszeit: 01cdb120341b87b0 Zeitpunkt
der Beendigung: 46
Error - 23.10.2012 09:16:47 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 318 Anfangszeit: 01cdb120764c1c30 Zeitpunkt
der Beendigung: 285
Error - 23.10.2012 09:18:00 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1460 Anfangszeit: 01cdb120ad4809b0 Zeitpunkt
der Beendigung: 151
Error - 23.10.2012 11:13:14 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: fe4 Anfangszeit: 01cdb130e0d9fdf0 Zeitpunkt
der Beendigung: 24
Error - 23.10.2012 11:13:45 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1a24 Anfangszeit: 01cdb130e1220370 Zeitpunkt
der Beendigung: 19
Error - 23.10.2012 11:18:25 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ed0 Anfangszeit: 01cdb13122336c50 Zeitpunkt
der Beendigung: 0
[ System Events ]
Error - 23.10.2012 11:49:48 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.10.2012 14:07:47 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.10.2012 04:25:50 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.10.2012 12:29:35 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.10.2012 12:47:07 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.10.2012 12:56:32 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.10.2012 13:21:38 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.10.2012 12:29:55 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.10.2012 04:23:51 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.10.2012 06:19:57 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Hier mal noch der AviraAntiVir-Report vom 23.10.: Beginne mit der Suche in 'C:\' <HP> C:\Users\wihako\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q21K7U8Y\1501793652RE.pdf [FUND] Enthält Code des DumbCRC.0-Virus C:\Users\wihako\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGOLPX2W\1501793652RE.pdf [FUND] Enthält Code des DumbCRC.0-Virus Beginne mit der Suche in 'D:\' <Recovery> Beginne mit der Desinfektion: C:\Users\wihako\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGOLPX2W\1501793652RE.pdf [FUND] Enthält Code des DumbCRC.0-Virus [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55e0787d.qua' verschoben! C:\Users\wihako\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q21K7U8Y\1501793652RE.pdf [FUND] Enthält Code des DumbCRC.0-Virus [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d7757da.qua' verschoben! |
|
29.10.2012, 20:02
| #5 |
| /// Malware-holic | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [dnstupack] C:\Users\wihako\AppData\Roaming\dnstupack.exe ()
:Files
C:\Users\wihako\AppData\Roaming\dnstupack.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.11.2012, 15:10
| #6 |
| | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 Hi Markus, danke für Deine schnelle Antwort, bin aber erst jetzt wieder am Problem-Rechner. Hier das Textdokument. Der Upload der zip-Datei folgt... All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dnstupack not found. File C:\Users\wihako\AppData\Roaming\dnstupack.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: wihako ->Flash cache emptied: 3130572 bytes Total Flash Files Cleaned = 3,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: wihako ->Temp folder emptied: 28830356 bytes ->Temporary Internet Files folder emptied: 530618605 bytes ->Java cache emptied: 68414 bytes ->FireFox cache emptied: 40341270 bytes ->Google Chrome cache emptied: 191869258 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7700 bytes RecycleBin emptied: 104 bytes Total Files Cleaned = 755,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11052012_145814 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Upload hat problemlos geklappt :-) Erwarte nun weitere Anweisungen ;-) |
|
05.11.2012, 19:36
| #7 | |
| /// Malware-holic | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.11.2012, 15:03
| #8 |
| | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 Hi Markus, hier der Inhalt der txt-Datei: Combofix Logfile: Code:
ATTFilter ComboFix 12-11-06.03 - wihako 06.11.2012 14:38:59.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.1918.1097 [GMT 1:00]
ausgeführt von:: c:\users\wihako\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\wihako\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-06 bis 2012-11-06 ))))))))))))))))))))))))))))))
.
.
2012-11-06 13:46 . 2012-11-06 13:46 -------- d-----w- c:\users\wihako\AppData\Local\temp
2012-11-06 13:46 . 2012-11-06 13:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-05 14:24 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{657EBFE9-2AFD-4130-B32A-CBFF3C0E385E}\mpengine.dll
2012-11-05 13:58 . 2012-11-05 14:14 -------- d-----w- C:\_OTL
2012-11-02 11:55 . 2012-11-02 11:55 26 ----a-w- c:\windows\fiupd.bat
2012-10-23 13:00 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-23 13:00 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-23 13:00 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-23 13:00 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-23 13:00 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-23 12:59 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-23 12:59 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 11:54 . 2012-07-09 13:49 6688 ----a-w- c:\windows\MOVEXE.EXE
2012-10-10 06:47 . 2012-09-22 15:39 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 06:47 . 2011-08-22 13:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-19 12:35 . 2012-09-19 12:35 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-19 12:35 . 2011-12-31 10:24 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-28 17:13 . 2012-10-28 17:13 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17420464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-08-14 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 06:47]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-14 14:54]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-14 14:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.alba-schottland.de/start.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{D22D3EAC-539E-47D7-9131-4048FF12A0AD}: NameServer = 89.246.64.8 82.145.9.8
FF - ProfilePath - c:\users\wihako\AppData\Roaming\Mozilla\Firefox\Profiles\fk5zdrwx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.alba-schottland.de/start.html
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1ex6Kptuuyb&search=
FF - ExtSQL: 2012-09-19 14:35; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-08-22 13:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{990af1c2-5a27-4460-8149-ecc6bc122af3} - (no file)
BHO-{990af1c2-5a27-4460-8149-ecc6bc122af3} - (no file)
Toolbar-{990af1c2-5a27-4460-8149-ecc6bc122af3} - (no file)
WebBrowser-{990AF1C2-5A27-4460-8149-ECC6BC122AF3} - (no file)
AddRemove-Canon ScanGear Toolbox 3.1 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-06 14:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\wihako\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-06 14:48:56
ComboFix-quarantined-files.txt 2012-11-06 13:48
.
Vor Suchlauf: 14 Verzeichnis(se), 271.109.902.336 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 271.050.891.264 Bytes frei
.
- - End Of File - - CDEA6539E34F8D0FC3B125610B7D2C8B
|
|
07.11.2012, 16:46
| #9 |
| /// Malware-holic | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 hi flackert er noch? download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.11.2012, 20:17
| #10 |
| | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 Der IE lief gestern völlig problemlos und flackerte nicht mehr! Soll ich den tdss-killer trotzdem ausführen? (Der Firefox hängt sich nach wie vor auf und z.B. Clips laufen nur unter ständigem Ruckeln bis zum Stillstand. Hatte ich ja so hier noch nicht geschildert, ist aber wahrscheinlich ein ganz anderes Problem. Das war der eigentliche Grund, weshalb mein Vater auf den IE umstieg, der ja dann flackerte... ) |
|
07.11.2012, 20:19
| #11 |
| /// Malware-holic | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 tdss killer trotzdem ausführen, ff gucken wir uns noch an :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.11.2012, 14:50
| #12 |
| | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 Das Programm hat keine log-Datei erstellt, deshalb ein Screenshot vom Scan-Ergebnis. |
|
08.11.2012, 14:55
| #13 |
| /// Malware-holic | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 c: öffnen, tdss-killer-datum-version.txt öffnen, inhalt kopieren und hier einfügen bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.11.2012, 14:56
| #14 |
| | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 OK, sorry, wusste ich nicht ;-) 14:43:51.0110 3868 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 14:43:51.0464 3868 ============================================================ 14:43:51.0464 3868 Current date / time: 2012/11/08 14:43:51.0464 14:43:51.0464 3868 SystemInfo: 14:43:51.0464 3868 14:43:51.0464 3868 OS Version: 6.0.6002 ServicePack: 2.0 14:43:51.0464 3868 Product type: Workstation 14:43:51.0464 3868 ComputerName: WIHAKO-PC 14:43:51.0464 3868 UserName: wihako 14:43:51.0464 3868 Windows directory: C:\Windows 14:43:51.0464 3868 System windows directory: C:\Windows 14:43:51.0464 3868 Processor architecture: Intel x86 14:43:51.0464 3868 Number of processors: 1 14:43:51.0464 3868 Page size: 0x1000 14:43:51.0464 3868 Boot type: Normal boot 14:43:51.0464 3868 ============================================================ 14:43:51.0875 3868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 14:43:51.0889 3868 ============================================================ 14:43:51.0889 3868 \Device\Harddisk0\DR0: 14:43:51.0889 3868 MBR partitions: 14:43:51.0889 3868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2BA1F6B1 14:43:51.0889 3868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2BA1F6F0, BlocksNum 0xE9651A0 14:43:51.0889 3868 ============================================================ 14:43:51.0911 3868 C: <-> \Device\Harddisk0\DR0\Partition1 14:43:51.0952 3868 D: <-> \Device\Harddisk0\DR0\Partition2 14:43:51.0952 3868 ============================================================ 14:43:51.0952 3868 Initialize success 14:43:51.0952 3868 ============================================================ 14:44:04.0574 3932 ============================================================ 14:44:04.0574 3932 Scan started 14:44:04.0574 3932 Mode: Manual; SigCheck; TDLFS; 14:44:04.0574 3932 ============================================================ 14:44:04.0720 3932 ================ Scan system memory ======================== 14:44:04.0720 3932 System memory - ok 14:44:04.0724 3932 ================ Scan services ============================= 14:44:05.0253 3932 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 14:44:05.0436 3932 ACPI - ok 14:44:05.0482 3932 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:44:05.0496 3932 AdobeFlashPlayerUpdateSvc - ok 14:44:05.0553 3932 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:44:05.0578 3932 adp94xx - ok 14:44:05.0599 3932 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:44:05.0616 3932 adpahci - ok 14:44:05.0637 3932 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:44:05.0654 3932 adpu160m - ok 14:44:05.0687 3932 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:44:05.0702 3932 adpu320 - ok 14:44:05.0751 3932 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:44:05.0772 3932 AeLookupSvc - ok 14:44:05.0806 3932 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 14:44:05.0829 3932 AFD - ok 14:44:05.0856 3932 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:44:05.0869 3932 agp440 - ok 14:44:05.0886 3932 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:44:05.0900 3932 aic78xx - ok 14:44:05.0936 3932 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 14:44:05.0966 3932 ALG - ok 14:44:06.0006 3932 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 14:44:06.0018 3932 aliide - ok 14:44:06.0040 3932 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 14:44:06.0053 3932 amdagp - ok 14:44:06.0075 3932 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 14:44:06.0087 3932 amdide - ok 14:44:06.0106 3932 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 14:44:06.0150 3932 AmdK7 - ok 14:44:06.0187 3932 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 14:44:06.0217 3932 AmdK8 - ok 14:44:06.0288 3932 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 14:44:06.0300 3932 AntiVirSchedulerService - ok 14:44:06.0332 3932 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 14:44:06.0347 3932 AntiVirService - ok 14:44:06.0402 3932 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 14:44:06.0422 3932 Appinfo - ok 14:44:06.0477 3932 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 14:44:06.0490 3932 arc - ok 14:44:06.0528 3932 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:44:06.0541 3932 arcsas - ok 14:44:06.0577 3932 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:44:06.0602 3932 AsyncMac - ok 14:44:06.0634 3932 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 14:44:06.0647 3932 atapi - ok 14:44:06.0690 3932 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:44:06.0715 3932 AudioEndpointBuilder - ok 14:44:06.0734 3932 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 14:44:06.0760 3932 Audiosrv - ok 14:44:06.0787 3932 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 14:44:06.0802 3932 avgntflt - ok 14:44:06.0827 3932 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 14:44:06.0840 3932 avipbb - ok 14:44:06.0883 3932 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 14:44:06.0910 3932 Beep - ok 14:44:06.0935 3932 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 14:44:06.0963 3932 BFE - ok 14:44:07.0016 3932 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 14:44:07.0059 3932 BITS - ok 14:44:07.0074 3932 blbdrive - ok 14:44:07.0112 3932 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:44:07.0124 3932 bowser - ok 14:44:07.0152 3932 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:44:07.0178 3932 BrFiltLo - ok 14:44:07.0202 3932 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:44:07.0219 3932 BrFiltUp - ok 14:44:07.0250 3932 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 14:44:07.0277 3932 Browser - ok 14:44:07.0309 3932 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 14:44:07.0358 3932 Brserid - ok 14:44:07.0389 3932 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:44:07.0433 3932 BrSerWdm - ok 14:44:07.0459 3932 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:44:07.0508 3932 BrUsbMdm - ok 14:44:07.0532 3932 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:44:07.0576 3932 BrUsbSer - ok 14:44:07.0595 3932 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:44:07.0638 3932 BTHMODEM - ok 14:44:07.0705 3932 catchme - ok 14:44:07.0732 3932 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:44:07.0759 3932 cdfs - ok 14:44:07.0791 3932 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:44:07.0811 3932 cdrom - ok 14:44:07.0853 3932 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 14:44:07.0872 3932 CertPropSvc - ok 14:44:07.0908 3932 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 14:44:07.0953 3932 circlass - ok 14:44:07.0983 3932 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 14:44:08.0010 3932 CLFS - ok 14:44:08.0061 3932 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:44:08.0074 3932 clr_optimization_v2.0.50727_32 - ok 14:44:08.0123 3932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:44:08.0137 3932 clr_optimization_v4.0.30319_32 - ok 14:44:08.0163 3932 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:44:08.0174 3932 cmdide - ok 14:44:08.0200 3932 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:44:08.0211 3932 Compbatt - ok 14:44:08.0227 3932 COMSysApp - ok 14:44:08.0241 3932 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:44:08.0253 3932 crcdisk - ok 14:44:08.0274 3932 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 14:44:08.0324 3932 Crusoe - ok 14:44:08.0404 3932 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:44:08.0425 3932 CryptSvc - ok 14:44:08.0487 3932 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:44:08.0526 3932 DcomLaunch - ok 14:44:08.0574 3932 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:44:08.0590 3932 DfsC - ok 14:44:08.0637 3932 [ 423C428326549DE67FB808C3A2F33F78 ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe 14:44:08.0660 3932 DfSdkS - ok 14:44:08.0731 3932 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 14:44:08.0849 3932 DFSR - ok 14:44:08.0897 3932 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:44:08.0924 3932 Dhcp - ok 14:44:08.0951 3932 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 14:44:08.0967 3932 disk - ok 14:44:09.0007 3932 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:44:09.0040 3932 Dnscache - ok 14:44:09.0090 3932 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:44:09.0123 3932 dot3svc - ok 14:44:09.0173 3932 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 14:44:09.0211 3932 DPS - ok 14:44:09.0255 3932 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:44:09.0279 3932 drmkaud - ok 14:44:09.0329 3932 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:44:09.0362 3932 DXGKrnl - ok 14:44:09.0408 3932 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 14:44:09.0454 3932 E1G60 - ok 14:44:09.0501 3932 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 14:44:09.0520 3932 EapHost - ok 14:44:09.0565 3932 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 14:44:09.0580 3932 Ecache - ok 14:44:09.0618 3932 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:44:09.0643 3932 elxstor - ok 14:44:09.0692 3932 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:44:09.0717 3932 EMDMgmt - ok 14:44:09.0753 3932 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 14:44:09.0778 3932 EventSystem - ok 14:44:09.0816 3932 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 14:44:09.0830 3932 exfat - ok 14:44:09.0888 3932 [ 9F5984873CDEA9BA1A0689DABF931E13 ] ezntsvc C:\Windows\system32\ezNTSvc.exe 14:44:09.0893 3932 ezntsvc ( UnsignedFile.Multi.Generic ) - warning 14:44:09.0893 3932 ezntsvc - detected UnsignedFile.Multi.Generic (1) 14:44:09.0916 3932 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:44:09.0939 3932 fastfat - ok 14:44:09.0983 3932 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:44:10.0026 3932 fdc - ok 14:44:10.0068 3932 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 14:44:10.0095 3932 fdPHost - ok 14:44:10.0130 3932 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 14:44:10.0182 3932 FDResPub - ok 14:44:10.0223 3932 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:44:10.0237 3932 FileInfo - ok 14:44:10.0266 3932 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:44:10.0291 3932 Filetrace - ok 14:44:10.0311 3932 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:44:10.0354 3932 flpydisk - ok 14:44:10.0387 3932 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:44:10.0404 3932 FltMgr - ok 14:44:10.0460 3932 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 14:44:10.0488 3932 FontCache - ok 14:44:10.0543 3932 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:44:10.0554 3932 FontCache3.0.0.0 - ok 14:44:10.0582 3932 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:44:10.0603 3932 Fs_Rec - ok 14:44:10.0621 3932 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:44:10.0636 3932 gagp30kx - ok 14:44:10.0676 3932 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 14:44:10.0706 3932 gpsvc - ok 14:44:10.0764 3932 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 14:44:10.0776 3932 gupdate - ok 14:44:10.0787 3932 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 14:44:10.0800 3932 gupdatem - ok 14:44:10.0826 3932 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:44:10.0875 3932 HdAudAddService - ok 14:44:10.0915 3932 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:44:10.0943 3932 HDAudBus - ok 14:44:10.0959 3932 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:44:11.0008 3932 HidBth - ok 14:44:11.0029 3932 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 14:44:11.0072 3932 HidIr - ok 14:44:11.0123 3932 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 14:44:11.0135 3932 hidserv - ok 14:44:11.0159 3932 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:44:11.0178 3932 HidUsb - ok 14:44:11.0217 3932 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:44:11.0244 3932 hkmsvc - ok 14:44:11.0269 3932 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:44:11.0283 3932 HpCISSs - ok 14:44:11.0324 3932 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:44:11.0384 3932 HTTP - ok 14:44:11.0415 3932 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:44:11.0429 3932 i2omp - ok 14:44:11.0490 3932 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:44:11.0512 3932 i8042prt - ok 14:44:11.0559 3932 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:44:11.0576 3932 iaStorV - ok 14:44:11.0621 3932 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 14:44:11.0629 3932 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:44:11.0629 3932 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:44:11.0686 3932 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:44:11.0723 3932 idsvc - ok 14:44:11.0744 3932 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:44:11.0757 3932 iirsp - ok 14:44:11.0784 3932 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 14:44:11.0819 3932 IKEEXT - ok 14:44:11.0896 3932 [ 4A705BF2A6F7972F2F2AD8A0D8079F95 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 14:44:11.0988 3932 IntcAzAudAddService - ok 14:44:12.0030 3932 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys 14:44:12.0046 3932 intelide - ok 14:44:12.0081 3932 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:44:12.0156 3932 intelppm - ok 14:44:12.0188 3932 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:44:12.0220 3932 IPBusEnum - ok 14:44:12.0242 3932 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:44:12.0273 3932 IpFilterDriver - ok 14:44:12.0323 3932 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:44:12.0342 3932 iphlpsvc - ok 14:44:12.0355 3932 IpInIp - ok 14:44:12.0375 3932 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:44:12.0422 3932 IPMIDRV - ok 14:44:12.0452 3932 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:44:12.0483 3932 IPNAT - ok 14:44:12.0509 3932 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:44:12.0533 3932 IRENUM - ok 14:44:12.0560 3932 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:44:12.0571 3932 isapnp - ok 14:44:12.0610 3932 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:44:12.0625 3932 iScsiPrt - ok 14:44:12.0648 3932 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:44:12.0661 3932 iteatapi - ok 14:44:12.0687 3932 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:44:12.0698 3932 iteraid - ok 14:44:12.0736 3932 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:44:12.0749 3932 kbdclass - ok 14:44:12.0779 3932 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 14:44:12.0825 3932 kbdhid - ok 14:44:12.0856 3932 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 14:44:12.0868 3932 KeyIso - ok 14:44:12.0921 3932 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:44:12.0945 3932 KSecDD - ok 14:44:12.0998 3932 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 14:44:13.0032 3932 KtmRm - ok 14:44:13.0061 3932 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 14:44:13.0081 3932 LanmanServer - ok 14:44:13.0128 3932 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:44:13.0152 3932 LanmanWorkstation - ok 14:44:13.0209 3932 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe 14:44:13.0215 3932 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 14:44:13.0215 3932 LightScribeService - detected UnsignedFile.Multi.Generic (1) 14:44:13.0245 3932 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:44:13.0273 3932 lltdio - ok 14:44:13.0316 3932 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:44:13.0352 3932 lltdsvc - ok 14:44:13.0389 3932 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:44:13.0440 3932 lmhosts - ok 14:44:13.0475 3932 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:44:13.0491 3932 LSI_FC - ok 14:44:13.0510 3932 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:44:13.0525 3932 LSI_SAS - ok 14:44:13.0557 3932 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:44:13.0573 3932 LSI_SCSI - ok 14:44:13.0603 3932 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 14:44:13.0629 3932 luafv - ok 14:44:13.0689 3932 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys 14:44:13.0707 3932 LVRS - ok 14:44:13.0798 3932 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys 14:44:13.0967 3932 LVUVC - ok 14:44:14.0032 3932 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 14:44:14.0050 3932 MDM - ok 14:44:14.0082 3932 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 14:44:14.0094 3932 megasas - ok 14:44:14.0135 3932 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 14:44:14.0169 3932 MMCSS - ok 14:44:14.0198 3932 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 14:44:14.0223 3932 Modem - ok 14:44:14.0252 3932 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:44:14.0276 3932 monitor - ok 14:44:14.0311 3932 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:44:14.0323 3932 mouclass - ok 14:44:14.0351 3932 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:44:14.0375 3932 mouhid - ok 14:44:14.0411 3932 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:44:14.0424 3932 MountMgr - ok 14:44:14.0476 3932 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 14:44:14.0490 3932 MozillaMaintenance - ok 14:44:14.0533 3932 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 14:44:14.0546 3932 mpio - ok 14:44:14.0574 3932 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:44:14.0595 3932 mpsdrv - ok 14:44:14.0636 3932 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 14:44:14.0670 3932 MpsSvc - ok 14:44:14.0694 3932 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:44:14.0706 3932 Mraid35x - ok 14:44:14.0725 3932 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:44:14.0740 3932 MRxDAV - ok 14:44:14.0763 3932 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:44:14.0787 3932 mrxsmb - ok 14:44:14.0812 3932 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:44:14.0829 3932 mrxsmb10 - ok 14:44:14.0844 3932 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:44:14.0858 3932 mrxsmb20 - ok 14:44:14.0876 3932 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys 14:44:14.0888 3932 msahci - ok 14:44:14.0907 3932 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:44:14.0922 3932 msdsm - ok 14:44:14.0959 3932 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 14:44:14.0990 3932 MSDTC - ok 14:44:15.0038 3932 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:44:15.0065 3932 Msfs - ok 14:44:15.0103 3932 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:44:15.0118 3932 msisadrv - ok 14:44:15.0159 3932 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:44:15.0192 3932 MSiSCSI - ok 14:44:15.0225 3932 msiserver - ok 14:44:15.0250 3932 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:44:15.0280 3932 MSKSSRV - ok 14:44:15.0324 3932 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:44:15.0357 3932 MSPCLOCK - ok 14:44:15.0375 3932 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:44:15.0407 3932 MSPQM - ok 14:44:15.0443 3932 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:44:15.0462 3932 MsRPC - ok 14:44:15.0505 3932 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:44:15.0522 3932 mssmbios - ok 14:44:15.0544 3932 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:44:15.0573 3932 MSTEE - ok 14:44:15.0595 3932 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 14:44:15.0611 3932 Mup - ok 14:44:15.0635 3932 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 14:44:15.0671 3932 napagent - ok 14:44:15.0707 3932 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:44:15.0725 3932 NativeWifiP - ok 14:44:15.0794 3932 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 14:44:15.0829 3932 NBService - ok 14:44:15.0867 3932 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:44:15.0895 3932 NDIS - ok 14:44:15.0933 3932 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:44:15.0957 3932 NdisTapi - ok 14:44:15.0982 3932 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:44:16.0019 3932 Ndisuio - ok 14:44:16.0061 3932 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:44:16.0086 3932 NdisWan - ok 14:44:16.0118 3932 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:44:16.0153 3932 NDProxy - ok 14:44:16.0193 3932 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:44:16.0224 3932 NetBIOS - ok 14:44:16.0255 3932 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:44:16.0282 3932 netbt - ok 14:44:16.0310 3932 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 14:44:16.0328 3932 Netlogon - ok 14:44:16.0371 3932 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 14:44:16.0410 3932 Netman - ok 14:44:16.0446 3932 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 14:44:16.0482 3932 netprofm - ok 14:44:16.0516 3932 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:44:16.0532 3932 NetTcpPortSharing - ok 14:44:16.0560 3932 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:44:16.0575 3932 nfrd960 - ok 14:44:16.0601 3932 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:44:16.0635 3932 NlaSvc - ok 14:44:16.0683 3932 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 14:44:16.0701 3932 NMIndexingService - ok 14:44:16.0731 3932 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:44:16.0754 3932 Npfs - ok 14:44:16.0780 3932 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 14:44:16.0811 3932 nsi - ok 14:44:16.0843 3932 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:44:16.0874 3932 nsiproxy - ok 14:44:16.0934 3932 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:44:16.0985 3932 Ntfs - ok 14:44:17.0012 3932 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 14:44:17.0055 3932 ntrigdigi - ok 14:44:17.0080 3932 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 14:44:17.0104 3932 Null - ok 14:44:17.0128 3932 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys 14:44:17.0195 3932 NVENETFD - ok 14:44:17.0360 3932 [ FBBA09782F2FAC5A57619DF378BA9372 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:44:17.0585 3932 nvlddmkm - ok 14:44:17.0633 3932 [ 1EFEC38A852AB35883BFFF3427B92B3F ] NVNET C:\Windows\system32\DRIVERS\nvmfdx32.sys 14:44:17.0651 3932 NVNET - ok 14:44:17.0674 3932 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:44:17.0689 3932 nvraid - ok 14:44:17.0713 3932 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:44:17.0726 3932 nvstor - ok 14:44:17.0751 3932 [ 7EBA6C9A0A295B1559EFB9062E701218 ] nvstor32 C:\Windows\system32\drivers\nvstor32.sys 14:44:17.0763 3932 nvstor32 - ok 14:44:17.0793 3932 [ CF7769F13B3ECC5E2BF1B3D1C5831AE8 ] nvsvc C:\Windows\system32\nvvsvc.exe 14:44:17.0813 3932 nvsvc - ok 14:44:17.0844 3932 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:44:17.0861 3932 nv_agp - ok 14:44:17.0881 3932 NwlnkFlt - ok 14:44:17.0896 3932 NwlnkFwd - ok 14:44:17.0938 3932 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 14:44:17.0962 3932 ohci1394 - ok 14:44:18.0014 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:44:18.0066 3932 p2pimsvc - ok 14:44:18.0088 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 14:44:18.0119 3932 p2psvc - ok 14:44:18.0148 3932 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 14:44:18.0210 3932 Parport - ok 14:44:18.0257 3932 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:44:18.0274 3932 partmgr - ok 14:44:18.0293 3932 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 14:44:18.0348 3932 Parvdm - ok 14:44:18.0404 3932 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 14:44:18.0422 3932 PcaSvc - ok 14:44:18.0453 3932 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 14:44:18.0471 3932 pci - ok 14:44:18.0492 3932 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 14:44:18.0508 3932 pciide - ok 14:44:18.0532 3932 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:44:18.0550 3932 pcmcia - ok 14:44:18.0598 3932 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:44:18.0675 3932 PEAUTH - ok 14:44:18.0787 3932 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 14:44:18.0862 3932 pla - ok 14:44:18.0904 3932 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:44:18.0927 3932 PlugPlay - ok 14:44:18.0954 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:44:18.0977 3932 PNRPAutoReg - ok 14:44:19.0004 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:44:19.0029 3932 PNRPsvc - ok 14:44:19.0078 3932 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:44:19.0104 3932 PolicyAgent - ok 14:44:19.0154 3932 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:44:19.0182 3932 PptpMiniport - ok 14:44:19.0233 3932 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 14:44:19.0279 3932 Processor - ok 14:44:19.0323 3932 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 14:44:19.0345 3932 ProfSvc - ok 14:44:19.0365 3932 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 14:44:19.0382 3932 ProtectedStorage - ok 14:44:19.0413 3932 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys 14:44:19.0435 3932 Ps2 - ok 14:44:19.0475 3932 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 14:44:19.0496 3932 PSched - ok 14:44:19.0511 3932 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 14:44:19.0524 3932 PxHelp20 - ok 14:44:19.0575 3932 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:44:19.0613 3932 ql2300 - ok 14:44:19.0636 3932 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:44:19.0651 3932 ql40xx - ok 14:44:19.0685 3932 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 14:44:19.0703 3932 QWAVE - ok 14:44:19.0729 3932 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:44:19.0743 3932 QWAVEdrv - ok 14:44:19.0759 3932 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:44:19.0785 3932 RasAcd - ok 14:44:19.0815 3932 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 14:44:19.0842 3932 RasAuto - ok 14:44:19.0879 3932 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:44:19.0904 3932 Rasl2tp - ok 14:44:19.0945 3932 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 14:44:19.0967 3932 RasMan - ok 14:44:20.0003 3932 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:44:20.0022 3932 RasPppoe - ok 14:44:20.0048 3932 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:44:20.0065 3932 RasSstp - ok 14:44:20.0096 3932 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:44:20.0119 3932 rdbss - ok 14:44:20.0146 3932 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:44:20.0172 3932 RDPCDD - ok 14:44:20.0228 3932 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 14:44:20.0277 3932 rdpdr - ok 14:44:20.0291 3932 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:44:20.0318 3932 RDPENCDD - ok 14:44:20.0373 3932 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:44:20.0390 3932 RDPWD - ok 14:44:20.0425 3932 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:44:20.0451 3932 RemoteAccess - ok 14:44:20.0494 3932 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:44:20.0516 3932 RemoteRegistry - ok 14:44:20.0548 3932 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 14:44:20.0560 3932 RpcLocator - ok 14:44:20.0591 3932 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 14:44:20.0623 3932 RpcSs - ok 14:44:20.0665 3932 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:44:20.0691 3932 rspndr - ok 14:44:20.0719 3932 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 14:44:20.0735 3932 SamSs - ok 14:44:20.0764 3932 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:44:20.0777 3932 sbp2port - ok 14:44:20.0810 3932 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:44:20.0832 3932 SCardSvr - ok 14:44:20.0880 3932 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 14:44:20.0906 3932 Schedule - ok 14:44:20.0939 3932 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:44:20.0960 3932 SCPolicySvc - ok 14:44:20.0981 3932 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:44:20.0998 3932 SDRSVC - ok 14:44:21.0022 3932 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:44:21.0074 3932 secdrv - ok 14:44:21.0100 3932 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 14:44:21.0131 3932 seclogon - ok 14:44:21.0148 3932 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 14:44:21.0179 3932 SENS - ok 14:44:21.0213 3932 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 14:44:21.0256 3932 Serenum - ok 14:44:21.0279 3932 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 14:44:21.0324 3932 Serial - ok 14:44:21.0343 3932 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:44:21.0385 3932 sermouse - ok 14:44:21.0436 3932 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 14:44:21.0461 3932 SessionEnv - ok 14:44:21.0488 3932 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:44:21.0531 3932 sffdisk - ok 14:44:21.0561 3932 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:44:21.0607 3932 sffp_mmc - ok 14:44:21.0632 3932 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:44:21.0680 3932 sffp_sd - ok 14:44:21.0700 3932 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:44:21.0751 3932 sfloppy - ok 14:44:21.0782 3932 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:44:21.0811 3932 SharedAccess - ok 14:44:21.0844 3932 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:44:21.0859 3932 ShellHWDetection - ok 14:44:21.0885 3932 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 14:44:21.0899 3932 sisagp - ok 14:44:21.0919 3932 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 14:44:21.0932 3932 SiSRaid2 - ok 14:44:21.0948 3932 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:44:21.0962 3932 SiSRaid4 - ok 14:44:22.0029 3932 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 14:44:22.0042 3932 SkypeUpdate - ok 14:44:22.0140 3932 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 14:44:22.0297 3932 slsvc - ok 14:44:22.0341 3932 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 14:44:22.0365 3932 SLUINotify - ok 14:44:22.0415 3932 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:44:22.0437 3932 Smb - ok 14:44:22.0476 3932 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:44:22.0489 3932 SNMPTRAP - ok 14:44:22.0515 3932 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 14:44:22.0527 3932 spldr - ok 14:44:22.0561 3932 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 14:44:22.0576 3932 Spooler - ok 14:44:22.0602 3932 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 14:44:22.0626 3932 srv - ok 14:44:22.0654 3932 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:44:22.0683 3932 srv2 - ok 14:44:22.0722 3932 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:44:22.0737 3932 srvnet - ok 14:44:22.0750 3932 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:44:22.0780 3932 SSDPSRV - ok 14:44:22.0813 3932 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 14:44:22.0823 3932 ssmdrv - ok 14:44:22.0867 3932 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:44:22.0882 3932 SstpSvc - ok 14:44:22.0907 3932 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 14:44:22.0928 3932 StillCam - ok 14:44:22.0980 3932 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 14:44:23.0004 3932 stisvc - ok 14:44:23.0034 3932 [ 4CFEB2BD9723489DA072B300940EA287 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe 14:44:23.0045 3932 stllssvr - ok 14:44:23.0069 3932 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:44:23.0084 3932 swenum - ok 14:44:23.0111 3932 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 14:44:23.0138 3932 swprv - ok 14:44:23.0171 3932 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 14:44:23.0184 3932 Symc8xx - ok 14:44:23.0228 3932 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 14:44:23.0242 3932 Sym_hi - ok 14:44:23.0255 3932 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 14:44:23.0269 3932 Sym_u3 - ok 14:44:23.0300 3932 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 14:44:23.0329 3932 SysMain - ok 14:44:23.0364 3932 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:44:23.0380 3932 TabletInputService - ok 14:44:23.0421 3932 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:44:23.0445 3932 TapiSrv - ok 14:44:23.0486 3932 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 14:44:23.0511 3932 TBS - ok 14:44:23.0558 3932 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:44:23.0596 3932 Tcpip - ok 14:44:23.0622 3932 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 14:44:23.0654 3932 Tcpip6 - ok 14:44:23.0686 3932 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:44:23.0699 3932 tcpipreg - ok 14:44:23.0737 3932 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:44:23.0767 3932 TDPIPE - ok 14:44:23.0791 3932 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:44:23.0818 3932 TDTCP - ok 14:44:23.0853 3932 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:44:23.0874 3932 tdx - ok 14:44:23.0899 3932 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:44:23.0913 3932 TermDD - ok 14:44:23.0958 3932 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 14:44:23.0997 3932 TermService - ok 14:44:24.0033 3932 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 14:44:24.0051 3932 Themes - ok 14:44:24.0075 3932 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 14:44:24.0109 3932 THREADORDER - ok 14:44:24.0148 3932 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 14:44:24.0177 3932 TrkWks - ok 14:44:24.0229 3932 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:44:24.0252 3932 TrustedInstaller - ok 14:44:24.0299 3932 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:44:24.0330 3932 tssecsrv - ok 14:44:24.0364 3932 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 14:44:24.0381 3932 tunmp - ok 14:44:24.0402 3932 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:44:24.0420 3932 tunnel - ok 14:44:24.0456 3932 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:44:24.0471 3932 uagp35 - ok 14:44:24.0508 3932 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:44:24.0535 3932 udfs - ok 14:44:24.0578 3932 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:44:24.0616 3932 UI0Detect - ok 14:44:24.0639 3932 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:44:24.0655 3932 uliagpkx - ok 14:44:24.0678 3932 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 14:44:24.0698 3932 uliahci - ok 14:44:24.0725 3932 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 14:44:24.0742 3932 UlSata - ok 14:44:24.0775 3932 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 14:44:24.0793 3932 ulsata2 - ok 14:44:24.0822 3932 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:44:24.0854 3932 umbus - ok 14:44:24.0923 3932 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 14:44:24.0948 3932 UMVPFSrv - ok 14:44:25.0002 3932 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 14:44:25.0045 3932 upnphost - ok 14:44:25.0079 3932 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 14:44:25.0103 3932 usbaudio - ok 14:44:25.0142 3932 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:44:25.0166 3932 usbccgp - ok 14:44:25.0204 3932 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:44:25.0261 3932 usbcir - ok 14:44:25.0319 3932 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:44:25.0343 3932 usbehci - ok 14:44:25.0369 3932 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:44:25.0398 3932 usbhub - ok 14:44:25.0418 3932 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 14:44:25.0444 3932 usbohci - ok 14:44:25.0490 3932 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:44:25.0515 3932 usbprint - ok 14:44:25.0554 3932 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 14:44:25.0573 3932 usbscan - ok 14:44:25.0593 3932 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:44:25.0612 3932 USBSTOR - ok 14:44:25.0647 3932 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:44:25.0689 3932 usbuhci - ok 14:44:25.0722 3932 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 14:44:25.0750 3932 usbvideo - ok 14:44:25.0780 3932 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 14:44:25.0802 3932 UxSms - ok 14:44:25.0851 3932 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 14:44:25.0879 3932 vds - ok 14:44:25.0907 3932 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:44:25.0953 3932 vga - ok 14:44:25.0983 3932 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 14:44:26.0009 3932 VgaSave - ok 14:44:26.0035 3932 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 14:44:26.0047 3932 viaagp - ok 14:44:26.0070 3932 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 14:44:26.0122 3932 ViaC7 - ok 14:44:26.0146 3932 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys 14:44:26.0160 3932 viaide - ok 14:44:26.0178 3932 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:44:26.0190 3932 volmgr - ok 14:44:26.0216 3932 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:44:26.0234 3932 volmgrx - ok 14:44:26.0272 3932 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:44:26.0288 3932 volsnap - ok 14:44:26.0326 3932 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:44:26.0340 3932 vsmraid - ok 14:44:26.0372 3932 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 14:44:26.0426 3932 VSS - ok 14:44:26.0451 3932 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 14:44:26.0477 3932 W32Time - ok 14:44:26.0512 3932 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:44:26.0561 3932 WacomPen - ok 14:44:26.0596 3932 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 14:44:26.0615 3932 Wanarp - ok 14:44:26.0628 3932 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:44:26.0648 3932 Wanarpv6 - ok 14:44:26.0679 3932 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:44:26.0701 3932 wcncsvc - ok 14:44:26.0734 3932 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:44:26.0754 3932 WcsPlugInService - ok 14:44:26.0785 3932 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 14:44:26.0796 3932 Wd - ok 14:44:26.0847 3932 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:44:26.0873 3932 Wdf01000 - ok 14:44:26.0902 3932 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:44:26.0931 3932 WdiServiceHost - ok 14:44:26.0943 3932 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:44:26.0972 3932 WdiSystemHost - ok 14:44:27.0006 3932 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 14:44:27.0023 3932 WebClient - ok 14:44:27.0053 3932 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:44:27.0068 3932 Wecsvc - ok 14:44:27.0096 3932 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:44:27.0117 3932 wercplsupport - ok 14:44:27.0155 3932 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 14:44:27.0177 3932 WerSvc - ok 14:44:27.0230 3932 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 14:44:27.0249 3932 WinDefend - ok 14:44:27.0267 3932 WinHttpAutoProxySvc - ok 14:44:27.0305 3932 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:44:27.0341 3932 Winmgmt - ok 14:44:27.0394 3932 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 14:44:27.0446 3932 WinRM - ok 14:44:27.0512 3932 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:44:27.0540 3932 Wlansvc - ok 14:44:27.0579 3932 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:44:27.0641 3932 WmiAcpi - ok 14:44:27.0693 3932 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:44:27.0714 3932 wmiApSrv - ok 14:44:27.0768 3932 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 14:44:27.0795 3932 WMPNetworkSvc - ok 14:44:27.0812 3932 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:44:27.0830 3932 WPCSvc - ok 14:44:27.0872 3932 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:44:27.0886 3932 WPDBusEnum - ok 14:44:27.0947 3932 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:44:27.0976 3932 WPFFontCache_v0400 - ok 14:44:28.0012 3932 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:44:28.0037 3932 ws2ifsl - ok 14:44:28.0069 3932 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 14:44:28.0085 3932 wscsvc - ok 14:44:28.0099 3932 WSearch - ok 14:44:28.0190 3932 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 14:44:28.0270 3932 wuauserv - ok 14:44:28.0307 3932 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:44:28.0346 3932 WUDFRd - ok 14:44:28.0378 3932 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:44:28.0409 3932 wudfsvc - ok 14:44:28.0427 3932 ================ Scan global =============================== 14:44:28.0445 3932 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 14:44:28.0481 3932 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 14:44:28.0500 3932 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 14:44:28.0549 3932 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 14:44:28.0553 3932 [Global] - ok 14:44:28.0558 3932 ================ Scan MBR ================================== 14:44:28.0569 3932 [ 5F8B5082F3482CC06B72EC5806598AE9 ] \Device\Harddisk0\DR0 14:44:28.0756 3932 \Device\Harddisk0\DR0 - ok 14:44:28.0760 3932 ================ Scan VBR ================================== 14:44:28.0765 3932 [ 6D25862009067B46ABF3D71DF2398DFF ] \Device\Harddisk0\DR0\Partition1 14:44:28.0767 3932 \Device\Harddisk0\DR0\Partition1 - ok 14:44:28.0795 3932 [ 3F22F10C0F8E78ACFA380D9870C0E8A0 ] \Device\Harddisk0\DR0\Partition2 14:44:28.0797 3932 \Device\Harddisk0\DR0\Partition2 - ok 14:44:28.0802 3932 ============================================================ 14:44:28.0802 3932 Scan finished 14:44:28.0802 3932 ============================================================ 14:44:28.0825 3724 Detected object count: 3 14:44:28.0825 3724 Actual detected object count: 3 14:44:48.0232 3724 ezntsvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:48.0233 3724 ezntsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:48.0233 3724 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:48.0233 3724 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:48.0239 3724 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:48.0239 3724 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:50:55.0250 4796 Deinitialize success |
|
09.11.2012, 19:27
| #15 |
| /// Malware-holic | Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 deswegen sag ichs ja :-) lade den CCleaner standard: CCleaner Download - CCleaner 3.24.1850 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 |
| anderes, anhang, avira, beim starten, bli, browser, e-mail, firefox, folge, frage, klicke, langsamer, löschen, mail, nicht mehr, nichts, opera, problem, scan, scanner, starten, trojaner, virenscan, virenscanner, virus |
Linear-Darstellung
