|
Plagegeister aller Art und deren Bekämpfung: Internet Weiterleitung zu Werbe- und PornoseitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.11.2012, 18:08 | #1 |
| Internet Weiterleitung zu Werbe- und Pornoseiten Hallo, wie bereits die Überschrift verrät werde ich dauern nach der Googlesuche auf Porno und oder Werbeseiten weitergeleitet. Ich habe bereits erfolglos mehrere Virenscanner und die Kaspersky Notfall CD 10 durchlaufen lassen. Dieses Problem habe ich beim Googlen auch mehrmals gefunden, die Lösung bestand allerdings aus mir vollkommen unverständlichen Logfiles etc. kann mir jemand weiterhelfen? MfG 0magertrud |
04.11.2012, 18:34 | #2 |
/// Malware-holic | Internet Weiterleitung zu Werbe- und Pornoseiten hi
__________________hatt einer der scanner was gefunden? falls ja, fundmeldung mit pfadangabe posten Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
04.11.2012, 20:50 | #3 |
| Internet Weiterleitung zu Werbe- und Pornoseiten OTL.txt:
__________________Code:
ATTFilter OTL logfile created on: 4-11-2012 19:34:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wilma\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,32% Memory free 3,74 Gb Paging File | 2,48 Gb Available in Paging File | 66,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 103,78 Gb Total Space | 33,63 Gb Free Space | 32,41% Space Free | Partition Type: NTFS Computer Name: PC_VAN_WILMA | User Name: Wilma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-11-04 19:31:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wilma\Desktop\OTL.exe PRC - [2012-10-24 08:04:59 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012-10-16 18:07:01 | 004,762,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012-08-30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe PRC - [2012-07-11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011-01-17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011-01-17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010-04-02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010-03-25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009-12-21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2007-07-19 14:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe PRC - [2007-04-19 10:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe PRC - [2007-02-15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-02-14 19:46:20 | 000,278,608 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe PRC - [2007-02-14 19:45:48 | 000,159,744 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Powercinema\PCMService.exe PRC - [2007-02-05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007-01-11 10:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2006-12-18 16:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe ========== Modules (No Company Name) ========== MOD - [2012-08-30 22:24:20 | 007,422,392 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll MOD - [2012-08-30 22:24:18 | 001,270,200 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll MOD - [2012-08-30 22:24:18 | 000,192,952 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll MOD - [2012-08-30 22:24:16 | 002,453,944 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll MOD - [2012-08-30 22:24:16 | 002,126,264 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll MOD - [2012-08-30 22:24:16 | 000,795,064 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll MOD - [2012-08-30 22:23:02 | 000,459,192 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll MOD - [2012-06-15 03:06:22 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012-06-15 03:00:15 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012-06-15 02:56:46 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012-05-13 03:19:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012-05-13 03:13:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012-05-13 03:10:09 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012-05-13 03:09:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012-02-10 19:13:37 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2011-09-05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll MOD - [2011-09-05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll MOD - [2007-09-18 20:04:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll MOD - [2007-09-18 20:04:16 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll MOD - [2007-09-18 20:04:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll MOD - [2007-09-18 20:04:16 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2007-09-18 20:03:55 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2700.37112__90ba9c70f846762e\MOM.Implementation.dll MOD - [2007-09-18 20:03:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2700.37110__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2007-09-18 20:03:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2007-09-18 20:03:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2007-09-18 20:03:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2700.37112__90ba9c70f846762e\CCC.Implementation.dll MOD - [2007-05-24 14:52:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007-03-02 10:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll MOD - [2007-02-14 19:46:24 | 000,339,968 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLTinyDB.dll MOD - [2007-02-14 19:46:06 | 000,241,750 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLCapEngine.dll MOD - [2007-02-14 19:46:06 | 000,114,768 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLSchMgr.dll MOD - [2007-02-14 19:46:06 | 000,032,768 | ---- | M] () -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvcps.dll MOD - [2007-01-11 10:02:14 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll MOD - [2002-07-04 08:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012-10-24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-08-30 22:26:56 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP) SRV - [2012-07-13 12:39:50 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2009-12-21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-09-26 11:47:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007-02-14 19:46:24 | 000,110,677 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) SRV - [2007-02-14 19:46:20 | 000,278,608 | ---- | M] () [Auto | Running] -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) SRV - [2007-02-05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012-11-03 14:06:07 | 000,585,560 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011-10-20 11:48:00 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2011-10-20 11:48:00 | 000,013,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011-07-22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011-07-12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011-03-10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009-12-14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec) DRV - [2009-12-14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV - [2009-11-02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009-09-03 01:16:05 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2007-05-24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007-05-02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007-05-02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007-05-02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) DRV - [2007-02-28 17:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007-02-24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-01-23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007-01-23 04:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006-12-14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006-11-28 14:53:14 | 000,847,536 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ing.nl/particulier/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (Ask.com) IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_nl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=vtDiaDsaybdk_hA94Q8vnK-EuU4?q={searchTerms} IE - HKCU\..\SearchScopes\{7E1E5ABB-A9A3-41F5-949C-10FA46DCA085}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20110521,16991,0,5,0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012-11-03 14:08:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012-11-03 14:08:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012-11-03 14:06:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-11-04 00:06:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-11-04 00:06:17 | 000,000,000 | ---D | M] [2012-11-04 00:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wilma\AppData\Roaming\mozilla\Extensions [2012-11-04 00:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wilma\AppData\Roaming\mozilla\Firefox\Profiles\c0ktcxpu.default\extensions [2009-07-24 14:37:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wilma\AppData\Roaming\mozilla\Firefox\Profiles\c0ktcxpu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-02-21 01:10:43 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Wilma\AppData\Roaming\mozilla\Firefox\Profiles\c0ktcxpu.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2012-11-04 00:07:47 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Wilma\AppData\Roaming\mozilla\firefox\profiles\c0ktcxpu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2010-05-05 12:08:39 | 000,000,873 | ---- | M] () -- C:\Users\Wilma\AppData\Roaming\mozilla\firefox\profiles\c0ktcxpu.default\searchplugins\conduit.xml [2012-11-04 00:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007-09-18 20:13:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-08-03 10:13:10 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2012-10-24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-05-04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2006-11-09 14:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2012-10-24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012-10-24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012-10-24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012-10-24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012-10-24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012-10-24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Kaspersky URL Advisor = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\ CHR - Extension: Virtual Keyboard = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\ CHR - Extension: Google Mail = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\ O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (Ask.com) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found O4 - HKLM..\Run: [PCMService] c:\Program Files\Powercinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( ) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/components/hidinputmonitorx.ocx (HidInputMonitorX Control) O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///D:/components/A9.ocx (A9Helper.A9) O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///D:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EEB64B2-F0B4-4A65-BCF7-2051F59949CF}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE85206-892D-4BB3-98F7-C660B1C232CF}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7aa9a8c1-dcf1-11df-8f36-001d60072977}\Shell - "" = AutoRun O33 - MountPoints2\{7aa9a8c1-dcf1-11df-8f36-001d60072977}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{edb15dc3-df6d-11dd-9754-001d60072977}\Shell - "" = AutoRun O33 - MountPoints2\{edb15dc3-df6d-11dd-9754-001d60072977}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012-11-04 19:31:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wilma\Desktop\OTL.exe [2012-11-04 00:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012-11-04 00:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012-11-03 16:26:46 | 000,000,000 | ---D | C] -- C:\Users\Wilma\AppData\Roaming\SUPERAntiSpyware.com [2012-11-03 16:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012-11-03 16:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012-11-03 16:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012-11-03 14:14:17 | 000,000,000 | R--D | C] -- C:\Backup [2012-11-03 14:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0 [2012-11-03 14:08:23 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys [2012-11-03 14:08:23 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2012-11-03 14:08:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012-11-03 14:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch [2012-11-03 14:06:07 | 000,585,560 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012-10-31 22:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012-10-31 22:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012-10-31 22:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2009-03-08 17:29:37 | 000,133,104 | ---- | C] (Google Inc.) -- C:\Users\Wilma\GOOGLEUPDATE.EXE [2 C:\Users\Wilma\Documents\*.tmp files -> C:\Users\Wilma\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-11-04 19:31:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wilma\Desktop\OTL.exe [2012-11-04 19:30:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Uitgebreide garantie.job [2012-11-04 19:30:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job [2012-11-04 19:29:34 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-11-04 19:29:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-11-04 19:29:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-11-04 19:28:52 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\GJMFX.job [2012-11-04 19:28:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-11-04 19:28:38 | 1878,220,800 | -HS- | M] () -- C:\hiberfil.sys [2012-11-04 12:18:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-11-04 12:03:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012-11-04 12:01:24 | 000,691,458 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2012-11-04 12:01:24 | 000,608,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-11-04 12:01:24 | 000,137,188 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2012-11-04 12:01:23 | 000,109,764 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-11-04 00:06:41 | 000,000,873 | ---- | M] () -- C:\Users\Wilma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012-11-04 00:06:40 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-11-03 16:54:17 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 17d3d17a-e736-4c1f-bc7a-8667748e1ff8.job [2012-11-03 16:54:17 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 09e54ffb-8ca2-4f44-b330-bd09e0621cb1.job [2012-11-03 16:26:31 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012-11-03 14:15:00 | 000,017,408 | ---- | M] () -- C:\Users\Wilma\AppData\Local\WebpageIcons.db [2012-11-03 14:10:07 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2012-11-03 14:10:06 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2012-11-03 14:06:07 | 000,585,560 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012-10-31 22:40:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012-10-31 22:25:49 | 000,001,966 | ---- | M] () -- C:\Users\Wilma\Desktop\Google Chrome.lnk [2012-10-31 22:25:49 | 000,001,958 | ---- | M] () -- C:\Users\Wilma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012-10-23 21:48:31 | 035,175,761 | ---- | M] () -- C:\Users\Wilma\Desktop\Markierte_Lernvokabeln_Griechisch.pdf [2012-10-17 14:10:31 | 040,254,154 | ---- | M] () -- C:\Users\Wilma\Desktop\Christian_Bischoff_Rednermappe.pdf [2012-10-16 21:48:22 | 000,094,208 | RHS- | M] () -- C:\Windows\System32\PxAFSU.dll [2 C:\Users\Wilma\Documents\*.tmp files -> C:\Users\Wilma\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-11-04 00:06:41 | 000,000,873 | ---- | C] () -- C:\Users\Wilma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012-11-04 00:06:40 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012-11-04 00:06:40 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012-11-03 16:27:11 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 09e54ffb-8ca2-4f44-b330-bd09e0621cb1.job [2012-11-03 16:27:09 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 17d3d17a-e736-4c1f-bc7a-8667748e1ff8.job [2012-11-03 16:26:31 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012-11-03 14:14:56 | 000,017,408 | ---- | C] () -- C:\Users\Wilma\AppData\Local\WebpageIcons.db [2012-11-03 14:10:07 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012-11-03 14:10:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2012-10-31 22:25:49 | 000,001,966 | ---- | C] () -- C:\Users\Wilma\Desktop\Google Chrome.lnk [2012-10-31 22:25:49 | 000,001,958 | ---- | C] () -- C:\Users\Wilma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012-10-21 19:20:02 | 035,175,761 | ---- | C] () -- C:\Users\Wilma\Desktop\Markierte_Lernvokabeln_Griechisch.pdf [2012-10-17 14:10:30 | 040,254,154 | ---- | C] () -- C:\Users\Wilma\Desktop\Christian_Bischoff_Rednermappe.pdf [2012-10-16 21:48:23 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\GJMFX.job [2012-10-16 21:48:22 | 000,094,208 | RHS- | C] () -- C:\Windows\System32\PxAFSU.dll [2011-08-29 23:36:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011-04-29 20:42:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011-03-11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2010-12-26 21:09:18 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2009-09-03 00:15:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009-07-24 14:20:02 | 000,001,024 | ---- | C] () -- C:\Users\Wilma\.rnd [2008-05-23 22:54:48 | 000,002,943 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008-01-20 10:22:29 | 000,007,268 | ---- | C] () -- C:\Users\Wilma\AppData\Local\d3d9caps.dat [2008-01-17 17:01:45 | 000,020,992 | ---- | C] () -- C:\Users\Wilma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-01-17 16:46:59 | 000,000,093 | ---- | C] () -- C:\Users\Wilma\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006-11-02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011-02-27 14:56:31 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\Canon [2010-08-03 00:19:35 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\Cornelsen [2010-12-05 23:01:06 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\LimeWirePlus [2012-02-10 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\OpenOffice.org [2008-05-23 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\Packard Bell [2009-09-03 00:51:21 | 000,000,000 | ---D | M] -- C:\Users\Wilma\AppData\Roaming\Samsung ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006-11-02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006-11-02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006-11-02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006-11-02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009-04-11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006-11-02 13:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006-11-02 13:58:10 | 000,032,602 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008-01-17 16:48:31 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\Recovery DVD Creator.job [2008-01-17 16:48:32 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\Uitgebreide garantie.job [2009-03-08 17:25:53 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job [2011-03-20 19:49:02 | 000,001,042 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011-03-20 19:49:03 | 000,001,046 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012-10-16 21:48:23 | 000,000,298 | ---- | C] () -- C:\Windows\Tasks\GJMFX.job [2012-11-03 16:27:09 | 000,000,510 | ---- | C] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 17d3d17a-e736-4c1f-bc7a-8667748e1ff8.job [2012-11-03 16:27:11 | 000,000,510 | ---- | C] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 09e54ffb-8ca2-4f44-b330-bd09e0621cb1.job < MD5 for: AGP440.SYS > [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2007-10-24 04:56:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys [2008-01-19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008-02-17 01:43:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008-02-17 01:43:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2007-10-24 05:11:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys [2008-02-17 01:43:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008-10-29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008-10-29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008-10-30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008-02-16 00:08:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008-02-16 00:08:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008-10-28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006-11-02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008-01-19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008-01-19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008-01-19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006-11-02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008-01-19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008-01-19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008-01-19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008-01-19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006-11-02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007-09-19 05:26:38 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007-09-19 05:26:39 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008-01-19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006-11-02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009-04-11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009-04-11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008-01-19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008-01-19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006-11-02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006-11-02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008-01-19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006-11-02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008-01-19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008-01-19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011-10-20 11:48:00 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys [2011-10-20 11:48:00 | 000,013,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys [2012-11-03 14:06:07 | 000,585,560 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys [2011-03-10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys [2009-11-02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > [2006-11-02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006-11-02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006-11-02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006-11-02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006-11-02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2007-05-24 14:53:00 | 000,339,968 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2011-08-14 18:53:29 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011-08-14 18:53:29 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2006-11-02 10:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll [2012-08-30 22:23:46 | 000,229,816 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll [2012-10-16 21:48:22 | 000,094,208 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\PxAFSU.dll < %USERPROFILE%\*.* > [2010-12-26 21:10:19 | 000,001,024 | ---- | M] () -- C:\Users\Wilma\.rnd [2009-03-08 17:29:37 | 000,133,104 | ---- | M] (Google Inc.) -- C:\Users\Wilma\GOOGLEUPDATE.EXE [2012-11-04 20:26:21 | 004,718,592 | -HS- | M] () -- C:\Users\Wilma\ntuser.dat [2012-11-04 20:26:21 | 000,262,144 | -H-- | M] () -- C:\Users\Wilma\ntuser.dat.LOG1 [2011-07-06 22:39:04 | 000,262,144 | -H-- | M] () -- C:\Users\Wilma\ntuser.dat.LOG2 [2012-11-04 12:59:13 | 000,065,536 | -HS- | M] () -- C:\Users\Wilma\ntuser.dat{56d4f770-f8d5-11df-950e-912ffc9b6972}.TM.blf [2012-11-04 12:59:13 | 000,524,288 | -HS- | M] () -- C:\Users\Wilma\ntuser.dat{56d4f770-f8d5-11df-950e-912ffc9b6972}.TMContainer00000000000000000001.regtrans-ms [2010-11-25 22:20:38 | 000,524,288 | -HS- | M] () -- C:\Users\Wilma\ntuser.dat{56d4f770-f8d5-11df-950e-912ffc9b6972}.TMContainer00000000000000000002.regtrans-ms [2010-11-25 21:58:17 | 000,065,536 | -HS- | M] () -- C:\Users\Wilma\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010-11-25 21:58:17 | 000,524,288 | -HS- | M] () -- C:\Users\Wilma\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2008-01-17 17:08:32 | 000,524,288 | -HS- | M] () -- C:\Users\Wilma\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2008-01-17 16:36:30 | 000,000,020 | -HS- | M] () -- C:\Users\Wilma\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > [2011-01-09 13:49:55 | 000,493,672 | ---- | M] (McAfee, Inc.) -- C:\Users\Wilma\Local Settings\Temp\contentDATs.exe [2009-07-12 23:56:18 | 001,914,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Wilma\Local Settings\Temp\FlashPlayerUpdate.exe [2010-11-02 10:32:33 | 002,826,192 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\FlashPlayerUpdate01.exe [2010-06-30 02:44:29 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe [2011-02-10 01:48:12 | 000,885,536 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe [2011-07-14 22:45:41 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe [2012-02-20 16:45:21 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe [2012-04-13 22:47:23 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u32-windows-i586-iftw.exe [2012-08-29 13:07:10 | 000,908,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe [2012-10-26 16:05:21 | 000,912,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Wilma\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe [2010-02-05 17:46:06 | 000,779,600 | ---- | M] (CANON INC.) -- C:\Users\Wilma\Local Settings\Temp\MSETUP4.EXE [2010-11-17 11:26:54 | 000,424,600 | ---- | M] (Google Inc.) -- C:\Users\Wilma\Local Settings\Temp\SearchWithGoogleUpdate.exe [2010-12-09 11:44:34 | 003,598,224 | ---- | M] (McAfee, Inc.) -- C:\Users\Wilma\Local Settings\Temp\SecurityScan_Release.exe [2008-05-23 22:52:36 | 001,174,664 | ---- | M] (Symantec Corporation) -- C:\Users\Wilma\Local Settings\Temp\SymLCSVC.EXE [960 C:\Users\Wilma\Local Settings\Temp\*.tmp files -> C:\Users\Wilma\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.dll > [2012-08-23 04:38:58 | 000,248,008 | ---- | M] (Ask.com) -- C:\Users\Wilma\Local Settings\Temp\AskSLib.dll [960 C:\Users\Wilma\Local Settings\Temp\*.tmp files -> C:\Users\Wilma\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 864 bytes -> C:\Users\Wilma\Documents\Gleichwertigkeit Prüfungsleistungen NL.eml:OECustomProperty @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Wilma:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\weltbild 1:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\vrede:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\voorzetsels:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Voor Wilmi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\vlucht naar Engeland:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Updater5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\tussen.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\stadtwaage:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\stadtwaage emden:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\stadthalle:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Stadthalle Emden:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\SS 2011:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\siegel Kirche:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Screenshots:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Scannen.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\scan2:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\scan 1:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\SantaCla.mp3:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 9:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 8:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 7:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 6b:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 6a:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 5b:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 4:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 3:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\samenvatting 1:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\restore:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\plattegrond:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Perry and the poor boys:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Osterlampe:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\osterglocken_by_Joujou_pixelio_de.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\om.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\ogentest1.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\naast.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\naambordje:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\My Music:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\My Art:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\My Albums:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Mijn Google Gadgets:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Kapellealtar_mcf-Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Kapelaltaar1_mcf-Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Kapelaltaar_mcf-Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Israel:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Israel 1:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\in.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Geschenkboekje_mcf-Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Freemake:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\familie-verschillende-leeftijden-8729.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\eva:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Echt:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\DVDVideoSoft:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Downloads:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Didaktische Ausarbeitung:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\dagtekst2:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Dagtekst:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Bremen 090.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Altaar2_mcf-Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\Altaar_mcf-Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\album:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\achter.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Wilma\Documents\24-06-2010:Roxio EMC Stream < End of report > Code:
ATTFilter OTL Extras logfile created on: 4-11-2012 19:34:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wilma\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,32% Memory free 3,74 Gb Paging File | 2,48 Gb Available in Paging File | 66,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 103,78 Gb Total Space | 33,63 Gb Free Space | 32,41% Space Free | Partition Type: NTFS Computer Name: PC_VAN_WILMA | User Name: Wilma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Trekpleister fotoservice] -- "C:\Program Files\Trekpleister\Trekpleister fotoservice\Trekpleister fotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C9A6AF4-0C05-402F-8C00-A8A54DC2D742}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2D3D3BE2-DEB6-4A2F-94BC-3F700BC83A11}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3E7A5DE9-5004-4025-930F-5BA67F081CD1}" = rport=445 | protocol=6 | dir=out | app=system | "{3FA7CDE6-18A8-46DC-8212-945540B4A22C}" = rport=137 | protocol=17 | dir=out | app=system | "{455B74DC-C64D-4285-95F3-8E900D954A6C}" = lport=445 | protocol=6 | dir=in | app=system | "{57DFBD9E-8D71-40AC-B787-EF8D5E42705D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{60E5FA3D-BCF7-42F0-B842-B753BFBD9FF1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{73049F38-6637-42EF-AEF1-6C6F409850B6}" = lport=139 | protocol=6 | dir=in | app=system | "{742E9B61-C0E4-48E7-B8C8-0F5FCA1F8131}" = rport=138 | protocol=17 | dir=out | app=system | "{83D8A191-A4C3-4F75-B69E-AB6F85F2B0E3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8E82E059-A6AC-4B8F-A423-01BDFB90D607}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{9E2FD0B1-DE95-402C-9DA2-0DB58A5E151A}" = rport=139 | protocol=6 | dir=out | app=system | "{A4D5B2F4-8588-47FE-9E4E-C82BF281B942}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A59815C8-15D2-41F9-B748-D8B447A4A748}" = lport=138 | protocol=17 | dir=in | app=system | "{BF10892F-2F57-48A0-8E6C-C0ED21A0B193}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C7C5BEB6-1FAA-4F9C-910E-626AB86DE9F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D202894D-DCE1-4F87-8011-57886629991D}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{E22BB168-9BCA-4D6A-8FDC-64D6158D8B5F}" = lport=137 | protocol=17 | dir=in | app=system | "{E43285BC-EE55-48AF-9F12-67404B274FD9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{002C4BCC-3DE0-4A10-8893-6EB2A4C5066F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{083EF299-8E27-480F-8BE0-A3AC234CDE17}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0D600FBA-E89A-4E56-873A-47A9E6B6E691}" = protocol=6 | dir=in | app=c:\program files\powercinema\powercinema.exe | "{188845C9-7930-44E3-9431-29CC04E76FCD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{195FE30D-9474-415F-A80F-62B29EEB8AD6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{41651206-1948-43B8-9869-5A31EACB2572}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{47E31CD9-4948-45EF-8E0C-90A1440C0417}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | "{4CACB475-C6E4-417F-BE0E-E9B62E055BF9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{504AC9D1-0581-4CB7-A9F7-C48237B44973}" = dir=in | app=c:\program files\powercinema\kernel\dms\clmsservice.exe | "{566D2618-C534-4DE3-B689-507A9DECDCD4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{5B23BEFC-440E-4B7A-A394-CD2D6BD61F91}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{69FE7DC4-954F-4200-AD4F-4FB017B37872}" = dir=in | app=c:\program files\powercinema\pcmservice.exe | "{7E209CE0-023E-4E84-8CEF-19894176A64F}" = protocol=6 | dir=in | app=c:\program files\powercinema\pcmservice.exe | "{899FC00F-959C-46A6-A968-944AA23CD930}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{99B166ED-7921-4A9F-9ED2-ABD73F71ECD9}" = protocol=17 | dir=in | app=c:\program files\powercinema\powercinema.exe | "{AA87530B-8A12-466F-B51D-26DE2E2D0467}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BAD17FE0-956D-406A-8247-8748AB342C24}" = dir=in | app=c:\program files\powercinema\powercinema.exe | "{BD77E75B-5ECD-4BD6-B70F-814888578F31}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | "{D7738908-2E0B-43AC-B7DF-11D2877D01A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E3AA117F-A685-4EF2-A83D-FC6451C783D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E8FF027A-BF44-4401-9175-71CA3EA58720}" = protocol=17 | dir=in | app=c:\program files\powercinema\pcmservice.exe | "{ED2FA439-4B71-4CFA-9881-0031DBAD6778}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{F2C2DCD7-9F24-479D-A5A7-3E6BC170E99E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{FC814DA1-32D2-41C2-9488-9A3C254BC9A9}" = dir=in | app=c:\program files\powercinema\kernel\dmp\clbrowserengine.exe | "TCP Query User{0B535C9F-C3A7-46B1-9797-190D20BFC4AF}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | "TCP Query User{67D33195-05D1-4BCB-B3EE-8A524C99FEF2}C:\program files\limewire plus\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire plus\limewire.exe | "TCP Query User{69D6554F-D0B2-461B-9824-E0E2F2BF7164}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe | "TCP Query User{B573CB6B-0F76-43AE-A43A-16082B1BE5C5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{C2B67180-8333-4DFD-8039-7651A9058EF7}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe | "TCP Query User{E0D23213-A501-4E7A-A60E-BCE652C2C57B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{E13EBA21-B5F7-4C83-A22B-CE7494B3BC69}C:\program files\limewire plus\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire plus\limewire.exe | "UDP Query User{12DF269C-353C-4A10-B68E-BEBF2DC790DF}C:\program files\limewire plus\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire plus\limewire.exe | "UDP Query User{531CF9E6-1D8B-4472-A272-1F70BD06CCE2}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe | "UDP Query User{71D9D652-278A-415C-B66B-87D3AA5AD50C}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | "UDP Query User{769F9582-C38F-4A5B-8998-8163ECAD8058}C:\program files\limewire plus\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire plus\limewire.exe | "UDP Query User{8C4E984C-7D06-4B27-90B2-EC1D0885D7B5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{9318AEEB-7B63-440B-BE45-FAAD4ADE356D}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe | "UDP Query User{F549C9F0-0C64-4C87-B804-4C70A1257DA3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation "{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian "{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish "{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR "{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese "{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish "{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch "{0FAAA044-04CF-4766-84A2-A6A95CE196BD}" = Samsung PC Studio 3 "{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian "{14D55F2C-2A03-4291-B1CE-CC6FC5088386}" = HDRegNL "{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New "{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian "{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech "{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0 "{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard "{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = USB2.0 350K WebCam "{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360 "{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional "{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese "{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English "{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1 "{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins "{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light "{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian "{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek "{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility "{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007 "{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007 "{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007 "{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007 "{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007 "{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007 "{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007 "{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007 "{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007 "{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish "{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German "{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian "{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese "{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional "{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player "{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista "{AC76BA86-7AD7-1043-7B44-A81300000003}" = Adobe Reader 8.1.3 - Nederlands "{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master "{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish "{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian "{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese "{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE "{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant "{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish "{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech "{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard "{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French "{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek "{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French "{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AdobeReader" = Adobe Reader 8 "AskTBar Uninstall" = Ask Toolbar "Audacity_is1" = Audacity 1.2.6 "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "CDex" = CDex extraction audio "COMPUSERVE" = Compuserve ADSL "CREATOR9" = Creator 9 "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "FirefoxNL" = Firefox "Flashplayer" = Flash Player 9 Internet Explorer "Freemake Video Downloader_is1" = Freemake Video Downloader version 2.0.0 "Gebruikersregistratie voor Canon MG5100 series" = Gebruikersregistratie voor Canon MG5100 series "Gebruikersregistratie voor Canon MP550 series" = Gebruikersregistratie voor Canon MP550 series "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "Google Updater" = Google Updater "GOOGLE_EARTH" = Google Earth "GoogleBAE" = Google BAE "GoogleDesktop" = Google Desktop "GOOGLETOOLBAR" = Google Toolbar "ImageWriter" = Packard Bell ImageWriter "Infocentre" = Infocentre Rev. 2.0 "InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0 "LCDTest" = Packard Bell LCD Test "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "N360_2007_NL" = Norton 360 2007 "Picasa 3" = Picasa 3 "Picasa_2" = Picasa2 "PowerCinema5" = Power Cinema 5 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SETUPMYPC_NL" = SetUp My PC "Shockwave" = Shockwave player 10 "SKYPE" = Skype 3.2.2.163 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trekpleister fotoservice" = Trekpleister fotoservice "Trusted Software Assistant_is1" = File Type Assistant "Uninstall_is1" = Uninstall 1.0.0.1 "Updator" = Packard Bell Updator ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NetAssistant" = Freeze.com NetAssistant ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11-9-2012 17:22:02 | Computer Name = PC_van_Wilma | Source = Microsoft Office 12 | ID = 2001 Description = Rejected Safe Mode action : Microsoft Office Word. Error - 11-9-2012 17:22:08 | Computer Name = PC_van_Wilma | Source = Application Error | ID = 1000 Description = Toepassing met fout SETUP.EXE_Microsoft Setup Bootstrapper, versie 12.0.6606.1000, tijdstempel 0x4e26b0a2, module met fout ole32.dll, versie 6.0.6002.18277, tijdstempel 0x4c28d53e, uitzonderingscode 0xc0000005, foutmarge 0x00047333, proces-id 0x11f8, starttijd van toepassing 0x01cd9062baec8570. Error - 15-9-2012 3:48:50 | Computer Name = PC_van_Wilma | Source = Application Error | ID = 1000 Description = Toepassing met fout AcroRd32.exe, versie 8.1.0.137, tijdstempel 0x46444e37, module met fout AcroRd32.dll, versie 8.1.3.187, tijdstempel 0x48f5acd6, uitzonderingscode 0xc0000005, foutmarge 0x0009608a, proces-id 0x1624, starttijd van toepassing 0x01cd931677ae5610. Error - 24-9-2012 10:32:01 | Computer Name = PC_van_Wilma | Source = Application Hang | ID = 1002 Description = Programma iexplore.exe, versie 9.0.8112.16450 reageert niet meer op Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en -oplossingen in het Configuratiescherm controleren. Proces-id: f68 Starttijd: 01cd9a611d74d690 Eindtijd: 67 Error - 27-9-2012 9:19:29 | Computer Name = PC_van_Wilma | Source = System Restore | ID = 8193 Description = Error - 27-9-2012 9:19:29 | Computer Name = PC_van_Wilma | Source = System Restore | ID = 8210 Description = Error - 1-10-2012 10:44:40 | Computer Name = PC_van_Wilma | Source = System Restore | ID = 8193 Description = Error - 1-10-2012 10:44:40 | Computer Name = PC_van_Wilma | Source = System Restore | ID = 8210 Description = Error - 8-10-2012 13:49:07 | Computer Name = PC_van_Wilma | Source = EventSystem | ID = 4621 Description = Error - 16-10-2012 17:27:46 | Computer Name = PC_van_Wilma | Source = EventSystem | ID = 4621 Description = [ OSession Events ] Error - 15-12-2008 20:24:38 | Computer Name = PC_van_Wilma | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5028 seconds with 4620 seconds of active time. This session ended with a crash. [ System Events ] Error - 3-11-2012 19:00:23 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7000 Description = Error - 3-11-2012 19:25:02 | Computer Name = PC_van_Wilma | Source = DCOM | ID = 10010 Description = Error - 4-11-2012 4:58:29 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7022 Description = Error - 4-11-2012 4:58:29 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7001 Description = Error - 4-11-2012 5:44:27 | Computer Name = PC_van_Wilma | Source = DCOM | ID = 10010 Description = Error - 4-11-2012 6:02:00 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7022 Description = Error - 4-11-2012 6:02:00 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7001 Description = Error - 4-11-2012 7:59:08 | Computer Name = PC_van_Wilma | Source = DCOM | ID = 10010 Description = Error - 4-11-2012 14:31:15 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7022 Description = Error - 4-11-2012 14:31:15 | Computer Name = PC_van_Wilma | Source = Service Control Manager | ID = 7001 Description = < End of report > |
05.11.2012, 15:19 | #4 |
/// Malware-holic | Internet Weiterleitung zu Werbe- und Pornoseiten hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012-10-16 21:48:22 | 000,094,208 | RHS- | M] () -- C:\Windows\System32\PxAFSU.dll [2012-11-04 19:28:52 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\GJMFX.job :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
lade unhide: http://filepony.de/download-unhide/ doppelklicken, dateien werden sichtbar Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.11.2012, 18:53 | #5 |
| Internet Weiterleitung zu Werbe- und Pornoseiten Gut alles gemacht und hochgeladen. Hier die Text-Datei vom Reboot: Code:
ATTFilter All processes killed ========== OTL ========== C:\Windows\System32\PxAFSU.dll moved successfully. C:\Windows\Tasks\GJMFX.job moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Wilma ->Flash cache emptied: 3156095 bytes Total Flash Files Cleaned = 3,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User User: Public User: Wilma ->Temp folder emptied: 1241513639 bytes ->Temporary Internet Files folder emptied: 736968685 bytes ->Java cache emptied: 53445180 bytes ->FireFox cache emptied: 53298381 bytes ->Google Chrome cache emptied: 28889819 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 360219512 bytes RecycleBin emptied: 27570724 bytes Total Files Cleaned = 2.386,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11052012_180448 Files\Folders moved on Reboot... C:\Windows\temp\JET5B29.tmp moved successfully. C:\Windows\temp\~ROMFN_0000021C moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
05.11.2012, 19:35 | #6 |
/// Malware-holic | Internet Weiterleitung zu Werbe- und Pornoseiten hi downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten.
__________________ --> Internet Weiterleitung zu Werbe- und Pornoseiten |
05.11.2012, 19:40 | #7 |
| Internet Weiterleitung zu Werbe- und Pornoseiten Summary: Code:
ATTFilter System volume information: dwHighDateTime = 0x1c85913,dwLowDateTime = 0x7b594079 System32: dwHighDateTime = 0x1c6fe70,dwLowDateTime = 0xa3cd0a16 dwSerialNumber = 0x22a7e47c |
05.11.2012, 19:43 | #8 | |
/// Malware-holic | Internet Weiterleitung zu Werbe- und Pornoseiten danke Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.11.2012, 21:16 | #9 |
| Internet Weiterleitung zu Werbe- und Pornoseiten Hallo, folgendes Problem: das Programm sagt, dass "Avira Desktop" aktiv wäre, obwohl ich das gar nicht installiert habe und es sich nicht auf dem Rechner befindet! Habe das Programm trotzdem laufen lassen: Code:
ATTFilter ComboFix 12-11-05.03 - Wilma 05-11-2012 20:50:49.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1790.635 [GMT 1:00] Gestart vanuit: c:\users\Wilma\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Freeze.com\NetAssistant\NeTAssistant.dll c:\users\Wilma\Documents\~WRL0367.tmp c:\users\Wilma\Documents\~WRL2253.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-05 to 2012-11-05 )))))))))))))))))))))))))))))) . . 2012-11-05 20:03 . 2012-11-05 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-05 17:04 . 2012-11-05 17:49 -------- d-----w- C:\_OTL 2012-11-03 13:14 . 2012-11-03 13:14 -------- d-----r- C:\Backup 2012-11-03 13:08 . 2009-12-14 11:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2012-11-03 13:08 . 2009-12-14 11:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2012-11-03 13:08 . 2012-11-03 13:08 -------- dc----w- c:\windows\system32\DRVSTORE 2012-11-03 13:06 . 2012-11-03 13:06 -------- d-----w- c:\program files\Common Files\InfoWatch 2012-10-31 21:39 . 2012-11-03 12:34 -------- d-----w- c:\programdata\AVAST Software 2012-10-31 21:39 . 2012-10-31 21:39 -------- d-----w- c:\program files\AVAST Software 2012-10-16 09:25 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-16 09:25 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-16 09:25 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-16 09:25 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-16 09:25 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-16 09:25 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-16 09:25 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-13 19:32 . 2012-09-13 19:32 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-13 19:32 . 2011-09-05 08:16 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-30 21:23 . 2012-08-30 21:23 229816 ----a-w- c:\windows\system32\klogon.dll 2012-08-24 06:59 . 2012-09-24 01:02 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-24 01:02 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-24 01:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-24 01:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-24 01:02 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-24 01:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-10-24 17:50 . 2012-11-03 23:06 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-08-16 12:51 . 2008-09-24 23:11 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL" [2009-07-24 57344] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD0.dll" [2010-10-27 2735200] . [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] 2010-10-27 10:34 2735200 ----a-w- c:\program files\DVDVideoSoft\tbDVD0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD0.dll" [2010-10-27 2735200] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVD0.dll" [2010-10-27 2735200] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-16 30192] "PCMService"="c:\program files\Powercinema\PCMService.exe" [2007-02-14 159744] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] . c:\users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - CSVirtualDiskDrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-11-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-18 08:40] . 2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 18:48] . 2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 18:48] . 2012-11-05 c:\windows\Tasks\Recovery DVD Creator.job - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-09-18 16:34] . 2012-11-05 c:\windows\Tasks\Uitgebreide garantie.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-09-18 16:38] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\c0ktcxpu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - google.de FF - ExtSQL: 2012-11-03 14:06; KavAntiBanner@Kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru FF - ExtSQL: 2012-11-03 14:08; virtualKeyboard@kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru FF - ExtSQL: !HIDDEN! 2007-09-18 21:13; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - ExtSQL: !HIDDEN! 2009-08-09 14:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: !HIDDEN! 2012-11-03 14:08; linkfilter@kaspersky.ru; c:\program files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-11-05 21:03 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . [0] 0x7A22CAEA . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2012-11-05 21:07:46 ComboFix-quarantined-files.txt 2012-11-05 20:07 . Pre-Run: 39.350.734.848 bytes beschikbaar Post-Run: 38.879.936.512 bytes beschikbaar . - - End Of File - - 76FC267FC33EE4B8FC18AD38E4E19252 |
05.11.2012, 21:22 | #10 |
/// Malware-holic | Internet Weiterleitung zu Werbe- und Pornoseiten hi sieht ok aus download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.11.2012, 21:30 | #11 |
| Internet Weiterleitung zu Werbe- und Pornoseiten Hier: Code:
ATTFilter 21:27:28.0915 4688 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:27:29.0030 4688 ============================================================ 21:27:29.0030 4688 Current date / time: 2012/11/05 21:27:29.0030 21:27:29.0030 4688 SystemInfo: 21:27:29.0030 4688 21:27:29.0031 4688 OS Version: 6.0.6002 ServicePack: 2.0 21:27:29.0031 4688 Product type: Workstation 21:27:29.0031 4688 ComputerName: PC_VAN_WILMA 21:27:29.0031 4688 UserName: Wilma 21:27:29.0031 4688 Windows directory: C:\Windows 21:27:29.0031 4688 System windows directory: C:\Windows 21:27:29.0031 4688 Processor architecture: Intel x86 21:27:29.0031 4688 Number of processors: 1 21:27:29.0031 4688 Page size: 0x1000 21:27:29.0031 4688 Boot type: Normal boot 21:27:29.0031 4688 ============================================================ 21:27:29.0702 4688 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:27:29.0705 4688 ============================================================ 21:27:29.0705 4688 \Device\Harddisk0\DR0: 21:27:29.0705 4688 MBR partitions: 21:27:29.0705 4688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1003000, BlocksNum 0xCF91000 21:27:29.0705 4688 ============================================================ 21:27:29.0743 4688 C: <-> \Device\Harddisk0\DR0\Partition1 21:27:29.0743 4688 ============================================================ 21:27:29.0743 4688 Initialize success 21:27:29.0743 4688 ============================================================ 21:27:58.0409 5560 ============================================================ 21:27:58.0410 5560 Scan started 21:27:58.0410 5560 Mode: Manual; SigCheck; TDLFS; 21:27:58.0410 5560 ============================================================ 21:27:58.0923 5560 ================ Scan system memory ======================== 21:27:58.0923 5560 System memory - ok 21:27:58.0928 5560 ================ Scan services ============================= 21:27:59.0160 5560 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 21:27:59.0302 5560 ACPI - ok 21:27:59.0370 5560 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:27:59.0423 5560 adp94xx - ok 21:27:59.0480 5560 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:27:59.0503 5560 adpahci - ok 21:27:59.0562 5560 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 21:27:59.0580 5560 adpu160m - ok 21:27:59.0623 5560 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:27:59.0642 5560 adpu320 - ok 21:27:59.0722 5560 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:27:59.0767 5560 AeLookupSvc - ok 21:27:59.0879 5560 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 21:27:59.0942 5560 AFD - ok 21:28:00.0007 5560 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:28:00.0025 5560 agp440 - ok 21:28:00.0105 5560 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 21:28:00.0124 5560 aic78xx - ok 21:28:00.0205 5560 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 21:28:00.0261 5560 ALG - ok 21:28:00.0317 5560 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 21:28:00.0331 5560 aliide - ok 21:28:00.0404 5560 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 21:28:00.0419 5560 amdagp - ok 21:28:00.0451 5560 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 21:28:00.0467 5560 amdide - ok 21:28:00.0510 5560 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 21:28:00.0588 5560 AmdK7 - ok 21:28:00.0638 5560 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:28:00.0673 5560 AmdK8 - ok 21:28:00.0737 5560 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 21:28:00.0763 5560 Appinfo - ok 21:28:00.0838 5560 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 21:28:00.0857 5560 arc - ok 21:28:00.0906 5560 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:28:00.0925 5560 arcsas - ok 21:28:01.0030 5560 [ 66597AD6098352D11239C0C42100B176 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe 21:28:01.0048 5560 ASLDRService ( UnsignedFile.Multi.Generic ) - warning 21:28:01.0048 5560 ASLDRService - detected UnsignedFile.Multi.Generic (1) 21:28:01.0183 5560 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:28:01.0214 5560 AsyncMac - ok 21:28:01.0290 5560 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 21:28:01.0306 5560 atapi - ok 21:28:01.0398 5560 [ 0C8DFA21B1D9D2EF14B692104AE68A69 ] athr C:\Windows\system32\DRIVERS\athr.sys 21:28:01.0500 5560 athr - ok 21:28:01.0561 5560 [ 702F6D03C671DA99C282D8DF32FE559E ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 21:28:01.0630 5560 Ati External Event Utility - ok 21:28:01.0787 5560 [ 2A32F08763CEDE62DD3C0DD83C4325E0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 21:28:01.0983 5560 atikmdag - ok 21:28:02.0084 5560 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:28:02.0130 5560 AudioEndpointBuilder - ok 21:28:02.0152 5560 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 21:28:02.0189 5560 Audiosrv - ok 21:28:02.0300 5560 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 21:28:02.0330 5560 Beep - ok 21:28:02.0390 5560 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 21:28:02.0437 5560 BFE - ok 21:28:02.0535 5560 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 21:28:02.0599 5560 BITS - ok 21:28:02.0613 5560 blbdrive - ok 21:28:02.0660 5560 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:28:02.0679 5560 bowser - ok 21:28:02.0750 5560 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 21:28:02.0793 5560 BrFiltLo - ok 21:28:02.0826 5560 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 21:28:02.0856 5560 BrFiltUp - ok 21:28:02.0913 5560 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 21:28:02.0952 5560 Browser - ok 21:28:03.0043 5560 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 21:28:03.0125 5560 Brserid - ok 21:28:03.0167 5560 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 21:28:03.0239 5560 BrSerWdm - ok 21:28:03.0284 5560 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 21:28:03.0336 5560 BrUsbMdm - ok 21:28:03.0368 5560 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 21:28:03.0439 5560 BrUsbSer - ok 21:28:03.0484 5560 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:28:03.0538 5560 BTHMODEM - ok 21:28:03.0634 5560 [ 7621340D31FB049A1257A9840C537C47 ] Cam5603D C:\Windows\system32\Drivers\BisonCam.sys 21:28:03.0705 5560 Cam5603D - ok 21:28:03.0825 5560 catchme - ok 21:28:03.0886 5560 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:28:03.0945 5560 cdfs - ok 21:28:04.0018 5560 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:28:04.0048 5560 cdrom - ok 21:28:04.0155 5560 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 21:28:04.0194 5560 CertPropSvc - ok 21:28:04.0238 5560 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 21:28:04.0297 5560 circlass - ok 21:28:04.0423 5560 [ CD6D23E3ADF57035C30B53843F21A416 ] CLCapSvc c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe 21:28:04.0456 5560 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning 21:28:04.0456 5560 CLCapSvc - detected UnsignedFile.Multi.Generic (1) 21:28:04.0520 5560 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 21:28:04.0545 5560 CLFS - ok 21:28:04.0624 5560 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:28:04.0642 5560 clr_optimization_v2.0.50727_32 - ok 21:28:04.0795 5560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:28:04.0816 5560 clr_optimization_v4.0.30319_32 - ok 21:28:04.0866 5560 [ 4FA0B771DF428DE79CE96108E5370841 ] CLSched c:\Program Files\Powercinema\Kernel\TV\CLSched.exe 21:28:04.0891 5560 CLSched ( UnsignedFile.Multi.Generic ) - warning 21:28:04.0892 5560 CLSched - detected UnsignedFile.Multi.Generic (1) 21:28:04.0958 5560 CLTNetCnService - ok 21:28:04.0994 5560 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:28:05.0031 5560 CmBatt - ok 21:28:05.0080 5560 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:28:05.0100 5560 cmdide - ok 21:28:05.0136 5560 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:28:05.0156 5560 Compbatt - ok 21:28:05.0174 5560 COMSysApp - ok 21:28:05.0198 5560 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:28:05.0216 5560 crcdisk - ok 21:28:05.0254 5560 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 21:28:05.0328 5560 Crusoe - ok 21:28:05.0444 5560 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:28:05.0462 5560 CryptSvc - ok 21:28:05.0518 5560 [ 2C3F213EDDD231099FB779A45D7680E0 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys 21:28:05.0534 5560 CSVirtualDiskDrv - ok 21:28:05.0640 5560 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:28:05.0719 5560 DcomLaunch - ok 21:28:05.0790 5560 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:28:05.0815 5560 DfsC - ok 21:28:05.0972 5560 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 21:28:06.0197 5560 DFSR - ok 21:28:06.0299 5560 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 21:28:06.0387 5560 Dhcp - ok 21:28:06.0470 5560 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 21:28:06.0491 5560 disk - ok 21:28:06.0586 5560 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:28:06.0621 5560 Dnscache - ok 21:28:06.0688 5560 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:28:06.0740 5560 dot3svc - ok 21:28:06.0799 5560 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 21:28:06.0840 5560 DPS - ok 21:28:06.0914 5560 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:28:06.0956 5560 drmkaud - ok 21:28:07.0071 5560 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:28:07.0120 5560 DXGKrnl - ok 21:28:07.0187 5560 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 21:28:07.0243 5560 E1G60 - ok 21:28:07.0313 5560 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 21:28:07.0353 5560 EapHost - ok 21:28:07.0408 5560 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 21:28:07.0430 5560 Ecache - ok 21:28:07.0503 5560 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 21:28:07.0527 5560 elxstor - ok 21:28:07.0598 5560 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 21:28:07.0647 5560 EMDMgmt - ok 21:28:07.0720 5560 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 21:28:07.0754 5560 EventSystem - ok 21:28:07.0829 5560 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 21:28:07.0868 5560 exfat - ok 21:28:07.0937 5560 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:28:07.0978 5560 fastfat - ok 21:28:08.0041 5560 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:28:08.0096 5560 fdc - ok 21:28:08.0158 5560 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 21:28:08.0189 5560 fdPHost - ok 21:28:08.0237 5560 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 21:28:08.0295 5560 FDResPub - ok 21:28:08.0349 5560 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:28:08.0368 5560 FileInfo - ok 21:28:08.0415 5560 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:28:08.0449 5560 Filetrace - ok 21:28:08.0484 5560 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:28:08.0564 5560 flpydisk - ok 21:28:08.0622 5560 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:28:08.0648 5560 FltMgr - ok 21:28:08.0738 5560 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 21:28:08.0829 5560 FontCache - ok 21:28:08.0910 5560 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 21:28:08.0928 5560 FontCache3.0.0.0 - ok 21:28:09.0008 5560 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:28:09.0050 5560 Fs_Rec - ok 21:28:09.0122 5560 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 21:28:09.0142 5560 gagp30kx - ok 21:28:09.0186 5560 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys 21:28:09.0200 5560 GEARAspiWDM - ok 21:28:09.0307 5560 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 21:28:09.0321 5560 GoogleDesktopManager-051210-111108 - ok 21:28:09.0389 5560 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 21:28:09.0429 5560 gpsvc - ok 21:28:09.0539 5560 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 21:28:09.0556 5560 gupdate - ok 21:28:09.0594 5560 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 21:28:09.0610 5560 gupdatem - ok 21:28:09.0667 5560 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 21:28:09.0685 5560 gusvc - ok 21:28:09.0756 5560 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 21:28:09.0814 5560 HDAudBus - ok 21:28:09.0861 5560 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 21:28:09.0949 5560 HidBth - ok 21:28:09.0987 5560 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 21:28:10.0051 5560 HidIr - ok 21:28:10.0123 5560 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 21:28:10.0151 5560 hidserv - ok 21:28:10.0209 5560 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:28:10.0238 5560 HidUsb - ok 21:28:10.0285 5560 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:28:10.0325 5560 hkmsvc - ok 21:28:10.0369 5560 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 21:28:10.0387 5560 HpCISSs - ok 21:28:10.0449 5560 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:28:10.0556 5560 HTTP - ok 21:28:10.0605 5560 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 21:28:10.0635 5560 i2omp - ok 21:28:10.0731 5560 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 21:28:10.0773 5560 i8042prt - ok 21:28:10.0833 5560 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 21:28:10.0854 5560 iaStorV - ok 21:28:10.0930 5560 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 21:28:10.0957 5560 IDriverT ( UnsignedFile.Multi.Generic ) - warning 21:28:10.0957 5560 IDriverT - detected UnsignedFile.Multi.Generic (1) 21:28:11.0119 5560 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:28:11.0302 5560 idsvc - ok 21:28:11.0354 5560 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 21:28:11.0373 5560 iirsp - ok 21:28:11.0453 5560 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 21:28:11.0544 5560 IKEEXT - ok 21:28:11.0638 5560 [ AEF2FA29204056B81BC4CBF30260DEE1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 21:28:11.0768 5560 IntcAzAudAddService - ok 21:28:11.0818 5560 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys 21:28:11.0835 5560 intelide - ok 21:28:11.0890 5560 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:28:11.0971 5560 intelppm - ok 21:28:12.0023 5560 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:28:12.0101 5560 IPBusEnum - ok 21:28:12.0153 5560 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:28:12.0210 5560 IpFilterDriver - ok 21:28:12.0264 5560 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:28:12.0298 5560 iphlpsvc - ok 21:28:12.0310 5560 IpInIp - ok 21:28:12.0352 5560 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 21:28:12.0427 5560 IPMIDRV - ok 21:28:12.0464 5560 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 21:28:12.0504 5560 IPNAT - ok 21:28:12.0538 5560 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:28:12.0568 5560 IRENUM - ok 21:28:12.0629 5560 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:28:12.0644 5560 isapnp - ok 21:28:12.0708 5560 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 21:28:12.0735 5560 iScsiPrt - ok 21:28:12.0766 5560 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 21:28:12.0781 5560 iteatapi - ok 21:28:12.0818 5560 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 21:28:12.0844 5560 iteraid - ok 21:28:12.0905 5560 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:28:12.0923 5560 kbdclass - ok 21:28:12.0978 5560 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 21:28:13.0055 5560 kbdhid - ok 21:28:13.0131 5560 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 21:28:13.0151 5560 KeyIso - ok 21:28:13.0183 5560 kl1 - ok 21:28:13.0213 5560 kl2 - ok 21:28:13.0253 5560 KLIF - ok 21:28:13.0281 5560 klmouflt - ok 21:28:13.0342 5560 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:28:13.0378 5560 KSecDD - ok 21:28:13.0440 5560 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 21:28:13.0513 5560 KtmRm - ok 21:28:13.0574 5560 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 21:28:13.0607 5560 LanmanServer - ok 21:28:13.0691 5560 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:28:13.0748 5560 LanmanWorkstation - ok 21:28:13.0808 5560 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:28:13.0854 5560 lltdio - ok 21:28:13.0902 5560 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:28:13.0946 5560 lltdsvc - ok 21:28:13.0988 5560 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:28:14.0054 5560 lmhosts - ok 21:28:14.0103 5560 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 21:28:14.0122 5560 LSI_FC - ok 21:28:14.0155 5560 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 21:28:14.0175 5560 LSI_SAS - ok 21:28:14.0200 5560 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 21:28:14.0219 5560 LSI_SCSI - ok 21:28:14.0266 5560 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 21:28:14.0306 5560 luafv - ok 21:28:14.0329 5560 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 21:28:14.0347 5560 megasas - ok 21:28:14.0434 5560 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 21:28:14.0452 5560 Microsoft Office Groove Audit Service - ok 21:28:14.0509 5560 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 21:28:14.0561 5560 MMCSS - ok 21:28:14.0610 5560 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 21:28:14.0669 5560 Modem - ok 21:28:14.0722 5560 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:28:14.0776 5560 monitor - ok 21:28:14.0799 5560 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:28:14.0819 5560 mouclass - ok 21:28:14.0854 5560 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:28:14.0893 5560 mouhid - ok 21:28:14.0935 5560 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 21:28:14.0958 5560 MountMgr - ok 21:28:15.0034 5560 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 21:28:15.0055 5560 MozillaMaintenance - ok 21:28:15.0130 5560 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 21:28:15.0150 5560 mpio - ok 21:28:15.0190 5560 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:28:15.0234 5560 mpsdrv - ok 21:28:15.0324 5560 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 21:28:15.0389 5560 MpsSvc - ok 21:28:15.0411 5560 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 21:28:15.0447 5560 Mraid35x - ok 21:28:15.0509 5560 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:28:15.0542 5560 MRxDAV - ok 21:28:15.0610 5560 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:28:15.0656 5560 mrxsmb - ok 21:28:15.0735 5560 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:28:15.0768 5560 mrxsmb10 - ok 21:28:15.0801 5560 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:28:15.0838 5560 mrxsmb20 - ok 21:28:15.0880 5560 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys 21:28:15.0899 5560 msahci - ok 21:28:15.0929 5560 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:28:15.0967 5560 msdsm - ok 21:28:16.0021 5560 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 21:28:16.0110 5560 MSDTC - ok 21:28:16.0169 5560 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:28:16.0206 5560 Msfs - ok 21:28:16.0268 5560 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:28:16.0287 5560 msisadrv - ok 21:28:16.0340 5560 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:28:16.0381 5560 MSiSCSI - ok 21:28:16.0394 5560 msiserver - ok 21:28:16.0443 5560 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:28:16.0480 5560 MSKSSRV - ok 21:28:16.0537 5560 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:28:16.0592 5560 MSPCLOCK - ok 21:28:16.0639 5560 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:28:16.0678 5560 MSPQM - ok 21:28:16.0745 5560 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:28:16.0795 5560 MsRPC - ok 21:28:16.0852 5560 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 21:28:16.0873 5560 mssmbios - ok 21:28:16.0923 5560 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:28:16.0972 5560 MSTEE - ok 21:28:17.0033 5560 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys 21:28:17.0060 5560 MTsensor - ok 21:28:17.0107 5560 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 21:28:17.0128 5560 Mup - ok 21:28:17.0187 5560 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 21:28:17.0245 5560 napagent - ok 21:28:17.0378 5560 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:28:17.0426 5560 NativeWifiP - ok 21:28:17.0523 5560 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:28:17.0603 5560 NDIS - ok 21:28:17.0699 5560 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:28:17.0729 5560 NdisTapi - ok 21:28:17.0788 5560 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:28:17.0866 5560 Ndisuio - ok 21:28:17.0947 5560 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:28:17.0997 5560 NdisWan - ok 21:28:18.0056 5560 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:28:18.0087 5560 NDProxy - ok 21:28:18.0135 5560 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:28:18.0189 5560 NetBIOS - ok 21:28:18.0283 5560 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 21:28:18.0351 5560 netbt - ok 21:28:18.0405 5560 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 21:28:18.0459 5560 Netlogon - ok 21:28:18.0564 5560 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 21:28:18.0610 5560 Netman - ok 21:28:18.0685 5560 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 21:28:18.0746 5560 netprofm - ok 21:28:18.0800 5560 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:28:18.0821 5560 NetTcpPortSharing - ok 21:28:18.0861 5560 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 21:28:18.0881 5560 nfrd960 - ok 21:28:18.0938 5560 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:28:18.0991 5560 NlaSvc - ok 21:28:19.0053 5560 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:28:19.0109 5560 Npfs - ok 21:28:19.0175 5560 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 21:28:19.0267 5560 nsi - ok 21:28:19.0338 5560 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:28:19.0395 5560 nsiproxy - ok 21:28:19.0479 5560 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:28:19.0552 5560 Ntfs - ok 21:28:19.0604 5560 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 21:28:19.0670 5560 ntrigdigi - ok 21:28:19.0720 5560 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 21:28:19.0757 5560 Null - ok 21:28:19.0788 5560 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:28:19.0808 5560 nvraid - ok 21:28:19.0830 5560 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:28:19.0845 5560 nvstor - ok 21:28:19.0885 5560 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:28:19.0902 5560 nv_agp - ok 21:28:19.0916 5560 NwlnkFlt - ok 21:28:19.0926 5560 NwlnkFwd - ok 21:28:20.0040 5560 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:28:20.0068 5560 odserv - ok 21:28:20.0122 5560 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:28:20.0183 5560 ohci1394 - ok 21:28:20.0230 5560 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:28:20.0247 5560 ose - ok 21:28:20.0324 5560 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 21:28:20.0384 5560 p2pimsvc - ok 21:28:20.0446 5560 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 21:28:20.0477 5560 p2psvc - ok 21:28:20.0540 5560 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 21:28:20.0612 5560 Parport - ok 21:28:20.0664 5560 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:28:20.0683 5560 partmgr - ok 21:28:20.0706 5560 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 21:28:20.0765 5560 Parvdm - ok 21:28:20.0817 5560 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 21:28:20.0856 5560 PcaSvc - ok 21:28:20.0922 5560 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 21:28:20.0946 5560 pci - ok 21:28:20.0982 5560 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 21:28:21.0002 5560 pciide - ok 21:28:21.0044 5560 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 21:28:21.0067 5560 pcmcia - ok 21:28:21.0145 5560 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:28:21.0332 5560 PEAUTH - ok 21:28:21.0498 5560 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 21:28:21.0616 5560 pla - ok 21:28:21.0707 5560 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:28:21.0744 5560 PlugPlay - ok 21:28:21.0802 5560 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 21:28:21.0905 5560 PNRPAutoReg - ok 21:28:21.0957 5560 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 21:28:22.0020 5560 PNRPsvc - ok 21:28:22.0060 5560 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:28:22.0125 5560 PolicyAgent - ok 21:28:22.0212 5560 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:28:22.0251 5560 PptpMiniport - ok 21:28:22.0292 5560 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 21:28:22.0373 5560 Processor - ok 21:28:22.0427 5560 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 21:28:22.0464 5560 ProfSvc - ok 21:28:22.0491 5560 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 21:28:22.0512 5560 ProtectedStorage - ok 21:28:22.0562 5560 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 21:28:22.0592 5560 PSched - ok 21:28:22.0613 5560 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 21:28:22.0630 5560 PxHelp20 - ok 21:28:22.0702 5560 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 21:28:22.0793 5560 ql2300 - ok 21:28:22.0834 5560 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 21:28:22.0855 5560 ql40xx - ok 21:28:22.0927 5560 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 21:28:22.0973 5560 QWAVE - ok 21:28:23.0014 5560 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:28:23.0035 5560 QWAVEdrv - ok 21:28:23.0085 5560 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:28:23.0152 5560 RasAcd - ok 21:28:23.0208 5560 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 21:28:23.0266 5560 RasAuto - ok 21:28:23.0321 5560 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:28:23.0361 5560 Rasl2tp - ok 21:28:23.0427 5560 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 21:28:23.0472 5560 RasMan - ok 21:28:23.0530 5560 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:28:23.0560 5560 RasPppoe - ok 21:28:23.0612 5560 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:28:23.0661 5560 RasSstp - ok 21:28:23.0711 5560 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:28:23.0757 5560 rdbss - ok 21:28:23.0797 5560 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:28:23.0847 5560 RDPCDD - ok 21:28:23.0901 5560 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 21:28:23.0990 5560 rdpdr - ok 21:28:24.0027 5560 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:28:24.0081 5560 RDPENCDD - ok 21:28:24.0162 5560 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:28:24.0205 5560 RDPWD - ok 21:28:24.0263 5560 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:28:24.0304 5560 RemoteAccess - ok 21:28:24.0352 5560 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:28:24.0379 5560 RemoteRegistry - ok 21:28:24.0411 5560 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys 21:28:24.0447 5560 rimmptsk - ok 21:28:24.0460 5560 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys 21:28:24.0479 5560 rimsptsk - ok 21:28:24.0588 5560 [ 9638E5820858593A12005C753B03CEAE ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 21:28:24.0673 5560 RoxMediaDB9 - ok 21:28:24.0727 5560 [ 910FBA95EE4F56449AA81315884C8EFD ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 21:28:24.0748 5560 RoxWatch9 - ok 21:28:24.0800 5560 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 21:28:24.0836 5560 RpcLocator - ok 21:28:24.0927 5560 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll 21:28:24.0969 5560 RpcSs - ok 21:28:25.0031 5560 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:28:25.0079 5560 rspndr - ok 21:28:25.0138 5560 [ 8DE22FB05E4A0F797B1E442EB4B3B51C ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys 21:28:25.0197 5560 RTL8023xp - ok 21:28:25.0222 5560 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 21:28:25.0243 5560 SamSs - ok 21:28:25.0292 5560 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:28:25.0311 5560 sbp2port - ok 21:28:25.0371 5560 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:28:25.0404 5560 SCardSvr - ok 21:28:25.0479 5560 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 21:28:25.0537 5560 Schedule - ok 21:28:25.0573 5560 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 21:28:25.0603 5560 SCPolicySvc - ok 21:28:25.0664 5560 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 21:28:25.0690 5560 sdbus - ok 21:28:25.0735 5560 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:28:25.0762 5560 SDRSVC - ok 21:28:25.0803 5560 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:28:25.0894 5560 secdrv - ok 21:28:25.0961 5560 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 21:28:26.0005 5560 seclogon - ok 21:28:26.0059 5560 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 21:28:26.0097 5560 SENS - ok 21:28:26.0143 5560 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 21:28:26.0218 5560 Serenum - ok 21:28:26.0259 5560 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 21:28:26.0332 5560 Serial - ok 21:28:26.0364 5560 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 21:28:26.0402 5560 sermouse - ok 21:28:26.0474 5560 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 21:28:26.0515 5560 SessionEnv - ok 21:28:26.0560 5560 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 21:28:26.0589 5560 sffdisk - ok 21:28:26.0632 5560 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:28:26.0660 5560 sffp_mmc - ok 21:28:26.0718 5560 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 21:28:26.0749 5560 sffp_sd - ok 21:28:26.0776 5560 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 21:28:26.0838 5560 sfloppy - ok 21:28:26.0878 5560 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:28:26.0916 5560 SharedAccess - ok 21:28:26.0983 5560 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:28:27.0004 5560 ShellHWDetection - ok 21:28:27.0061 5560 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 21:28:27.0076 5560 sisagp - ok 21:28:27.0106 5560 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 21:28:27.0121 5560 SiSRaid2 - ok 21:28:27.0147 5560 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 21:28:27.0164 5560 SiSRaid4 - ok 21:28:27.0222 5560 [ A61BEC28D555B65D1CE2604AF85AD9BE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 21:28:27.0242 5560 SkypeUpdate - ok 21:28:27.0388 5560 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 21:28:27.0702 5560 slsvc - ok 21:28:27.0757 5560 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 21:28:27.0805 5560 SLUINotify - ok 21:28:27.0859 5560 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:28:27.0891 5560 Smb - ok 21:28:27.0945 5560 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:28:27.0966 5560 SNMPTRAP - ok 21:28:28.0029 5560 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 21:28:28.0048 5560 spldr - ok 21:28:28.0111 5560 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 21:28:28.0134 5560 Spooler - ok 21:28:28.0198 5560 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 21:28:28.0233 5560 srv - ok 21:28:28.0289 5560 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:28:28.0314 5560 srv2 - ok 21:28:28.0341 5560 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:28:28.0363 5560 srvnet - ok 21:28:28.0420 5560 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:28:28.0468 5560 SSDPSRV - ok 21:28:28.0535 5560 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:28:28.0570 5560 SstpSvc - ok 21:28:28.0609 5560 [ 5A1D0CA8A5F1E7B4EC50B9D76C001F0E ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys 21:28:28.0628 5560 ss_bus - ok 21:28:28.0691 5560 [ F0A85580E36A3A85059037D39A9CF079 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys 21:28:28.0708 5560 ss_mdfl - ok 21:28:28.0742 5560 [ 84C3DBFD1BFA4ADC0A950B3D5506CB00 ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys 21:28:28.0766 5560 ss_mdm - ok 21:28:28.0843 5560 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys 21:28:28.0851 5560 StarOpen ( UnsignedFile.Multi.Generic ) - warning 21:28:28.0851 5560 StarOpen - detected UnsignedFile.Multi.Generic (1) 21:28:28.0920 5560 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 21:28:28.0980 5560 stisvc - ok 21:28:29.0033 5560 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 21:28:29.0042 5560 stllssvr ( UnsignedFile.Multi.Generic ) - warning 21:28:29.0042 5560 stllssvr - detected UnsignedFile.Multi.Generic (1) 21:28:29.0082 5560 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 21:28:29.0101 5560 swenum - ok 21:28:29.0168 5560 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 21:28:29.0240 5560 swprv - ok 21:28:29.0298 5560 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 21:28:29.0316 5560 Symc8xx - ok 21:28:29.0336 5560 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 21:28:29.0354 5560 Sym_hi - ok 21:28:29.0373 5560 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 21:28:29.0391 5560 Sym_u3 - ok 21:28:29.0447 5560 [ 760E4F5A1E754BBE4A1BD2A0B54F6AA6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 21:28:29.0465 5560 SynTP - ok 21:28:29.0529 5560 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 21:28:29.0580 5560 SysMain - ok 21:28:29.0629 5560 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:28:29.0650 5560 TabletInputService - ok 21:28:29.0700 5560 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:28:29.0729 5560 TapiSrv - ok 21:28:29.0789 5560 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 21:28:29.0826 5560 TBS - ok 21:28:29.0926 5560 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:28:29.0967 5560 Tcpip - ok 21:28:30.0017 5560 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 21:28:30.0096 5560 Tcpip6 - ok 21:28:30.0149 5560 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:28:30.0197 5560 tcpipreg - ok 21:28:30.0251 5560 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:28:30.0288 5560 TDPIPE - ok 21:28:30.0353 5560 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:28:30.0391 5560 TDTCP - ok 21:28:30.0450 5560 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:28:30.0480 5560 tdx - ok 21:28:30.0551 5560 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 21:28:30.0574 5560 TermDD - ok 21:28:30.0640 5560 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 21:28:30.0681 5560 TermService - ok 21:28:30.0714 5560 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 21:28:30.0766 5560 Themes - ok 21:28:30.0786 5560 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 21:28:30.0828 5560 THREADORDER - ok 21:28:30.0884 5560 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 21:28:30.0925 5560 TrkWks - ok 21:28:30.0988 5560 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:28:31.0018 5560 TrustedInstaller - ok 21:28:31.0074 5560 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:28:31.0153 5560 tssecsrv - ok 21:28:31.0226 5560 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 21:28:31.0272 5560 tunmp - ok 21:28:31.0325 5560 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:28:31.0357 5560 tunnel - ok 21:28:31.0402 5560 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 21:28:31.0421 5560 uagp35 - ok 21:28:31.0479 5560 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:28:31.0516 5560 udfs - ok 21:28:31.0583 5560 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:28:31.0653 5560 UI0Detect - ok 21:28:31.0685 5560 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:28:31.0704 5560 uliagpkx - ok 21:28:31.0734 5560 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 21:28:31.0761 5560 uliahci - ok 21:28:31.0788 5560 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 21:28:31.0809 5560 UlSata - ok 21:28:31.0835 5560 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 21:28:31.0856 5560 ulsata2 - ok 21:28:31.0897 5560 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:28:31.0936 5560 umbus - ok 21:28:31.0990 5560 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 21:28:32.0034 5560 upnphost - ok 21:28:32.0074 5560 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:28:32.0105 5560 usbccgp - ok 21:28:32.0144 5560 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:28:32.0221 5560 usbcir - ok 21:28:32.0302 5560 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:28:32.0349 5560 usbehci - ok 21:28:32.0392 5560 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:28:32.0438 5560 usbhub - ok 21:28:32.0468 5560 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 21:28:32.0497 5560 usbohci - ok 21:28:32.0527 5560 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:28:32.0575 5560 usbprint - ok 21:28:32.0622 5560 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 21:28:32.0669 5560 usbscan - ok 21:28:32.0754 5560 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:28:32.0783 5560 USBSTOR - ok 21:28:32.0855 5560 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 21:28:33.0007 5560 usbuhci - ok 21:28:33.0073 5560 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 21:28:33.0099 5560 UxSms - ok 21:28:33.0157 5560 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 21:28:33.0194 5560 vds - ok 21:28:33.0237 5560 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:28:33.0319 5560 vga - ok 21:28:33.0358 5560 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 21:28:33.0389 5560 VgaSave - ok 21:28:33.0423 5560 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 21:28:33.0440 5560 viaagp - ok 21:28:33.0481 5560 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 21:28:33.0551 5560 ViaC7 - ok 21:28:33.0582 5560 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys 21:28:33.0598 5560 viaide - ok 21:28:33.0624 5560 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:28:33.0643 5560 volmgr - ok 21:28:33.0701 5560 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:28:33.0728 5560 volmgrx - ok 21:28:33.0800 5560 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:28:33.0827 5560 volsnap - ok 21:28:33.0868 5560 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 21:28:33.0889 5560 vsmraid - ok 21:28:33.0947 5560 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 21:28:34.0096 5560 VSS - ok 21:28:34.0175 5560 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 21:28:34.0212 5560 W32Time - ok 21:28:34.0265 5560 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 21:28:34.0329 5560 WacomPen - ok 21:28:34.0384 5560 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 21:28:34.0426 5560 Wanarp - ok 21:28:34.0462 5560 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:28:34.0491 5560 Wanarpv6 - ok 21:28:34.0556 5560 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:28:34.0609 5560 wcncsvc - ok 21:28:34.0651 5560 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:28:34.0684 5560 WcsPlugInService - ok 21:28:34.0716 5560 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 21:28:34.0734 5560 Wd - ok 21:28:34.0804 5560 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:28:34.0846 5560 Wdf01000 - ok 21:28:34.0934 5560 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:28:34.0984 5560 WdiServiceHost - ok 21:28:35.0011 5560 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:28:35.0046 5560 WdiSystemHost - ok 21:28:35.0070 5560 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 21:28:35.0102 5560 WebClient - ok 21:28:35.0151 5560 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:28:35.0224 5560 Wecsvc - ok 21:28:35.0280 5560 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:28:35.0339 5560 wercplsupport - ok 21:28:35.0386 5560 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 21:28:35.0433 5560 WerSvc - ok 21:28:35.0536 5560 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 21:28:35.0564 5560 WinDefend - ok 21:28:35.0583 5560 WinHttpAutoProxySvc - ok 21:28:35.0628 5560 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:28:35.0661 5560 Winmgmt - ok 21:28:35.0737 5560 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 21:28:35.0820 5560 WinRM - ok 21:28:35.0933 5560 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 21:28:35.0993 5560 Wlansvc - ok 21:28:36.0030 5560 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:28:36.0094 5560 WmiAcpi - ok 21:28:36.0156 5560 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:28:36.0183 5560 wmiApSrv - ok 21:28:36.0281 5560 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 21:28:36.0451 5560 WMPNetworkSvc - ok 21:28:36.0508 5560 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:28:36.0539 5560 WPCSvc - ok 21:28:36.0622 5560 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:28:36.0644 5560 WPDBusEnum - ok 21:28:36.0719 5560 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 21:28:36.0758 5560 WpdUsb - ok 21:28:37.0105 5560 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 21:28:37.0172 5560 WPFFontCache_v0400 - ok 21:28:37.0241 5560 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:28:37.0281 5560 ws2ifsl - ok 21:28:37.0333 5560 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 21:28:37.0358 5560 wscsvc - ok 21:28:37.0375 5560 WSearch - ok 21:28:37.0506 5560 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 21:28:37.0643 5560 wuauserv - ok 21:28:37.0752 5560 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:28:37.0804 5560 WUDFRd - ok 21:28:37.0851 5560 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:28:37.0893 5560 wudfsvc - ok 21:28:37.0922 5560 ================ Scan global =============================== 21:28:37.0975 5560 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 21:28:38.0055 5560 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 21:28:38.0094 5560 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 21:28:38.0151 5560 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 21:28:38.0157 5560 [Global] - ok 21:28:38.0162 5560 ================ Scan MBR ================================== 21:28:38.0200 5560 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 21:28:38.0503 5560 \Device\Harddisk0\DR0 - ok 21:28:38.0512 5560 ================ Scan VBR ================================== 21:28:38.0546 5560 [ F69C39059DC82AB1C8251E49A6943066 ] \Device\Harddisk0\DR0\Partition1 21:28:38.0551 5560 \Device\Harddisk0\DR0\Partition1 - ok 21:28:38.0564 5560 ============================================================ 21:28:38.0564 5560 Scan finished 21:28:38.0564 5560 ============================================================ 21:28:38.0617 1732 Detected object count: 6 21:28:38.0617 1732 Actual detected object count: 6 21:28:47.0945 1732 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user 21:28:47.0945 1732 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:28:47.0946 1732 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user 21:28:47.0946 1732 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:28:47.0947 1732 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user 21:28:47.0947 1732 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:28:47.0949 1732 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 21:28:47.0949 1732 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:28:47.0950 1732 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 21:28:47.0950 1732 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:28:47.0957 1732 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 21:28:47.0957 1732 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip |
06.11.2012, 22:23 | #12 |
| Internet Weiterleitung zu Werbe- und Pornoseiten Ist jetzt noch etwas Zutun oder ist noch die Auswertung im Gange? Danke! MfG 0magertrud |
07.11.2012, 16:15 | #13 |
/// Malware-holic | Internet Weiterleitung zu Werbe- und Pornoseiten malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
07.11.2012, 21:54 | #14 |
| Internet Weiterleitung zu Werbe- und Pornoseiten Keine Funde: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.07.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Wilma :: PC_VAN_WILMA [Administrator] Schutz: Aktiviert 7-11-2012 19:32:36 mbam-log-2012-11-07 (19-32-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 342731 Laufzeit: 1 Stunde(n), 51 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
08.11.2012, 18:58 | #15 |
/// Malware-holic | Internet Weiterleitung zu Werbe- und Pornoseiten ja lade den CCleaner standard: CCleaner Download - CCleaner 3.24.1850 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Internet Weiterleitung zu Werbe- und Pornoseiten |
bereits, erfolglos, gefunde, google, googlen, googlesuche, inter, interne, internet, kaspersky, logfiles, lösung, mehrmals, notfall, porno, pornoseiten, problem, redirecting, scan, scanner, verständliche, virenscan, virenscanner, weiterhelfen, weiterleitung, werbeseite, werbeseiten, werbung; pop-up; falsche weiterleitung; links |