| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Exploit.Drop.GS, blockierte WebsitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.12.2012, 20:32
| #1 |
 |  Exploit.Drop.GS, blockierte Websiten Hallo erstmal , das es so ein Forum gibt ist eine tolle Sache. Nun zu meinem Problem: Nachdem vorgestern eine Mail von der Finanzverwaltung eintraf, öffnete ich im Anfall geistiger Verwirrung die anhängende pdf. Diese ging aber nicht auf und es passierte nichts. Kurze Zeit meldete avast eine blockierte website. Ich googelte ein wenig und las, das ich wahrscheinlich eine malware erwischt hatte. Nach dem wechsel auf eine aktuellere Avast version und einfügen der firewall von Comodo lud ich mir ANTI MALWARE runter und startete einen Scan. Der Scan entdeckte den Exploit.Drop.GS und schob ihn in Quarantäne und ich löschte ihn. Das Problem ist, das jetzt immer noch die Windows von avast mit den 2 blockierten Websiten kommen und das nervt gewaltig, Was kann ich tun??? Im voraus schonmal vielen Dank knut1418 |
|
13.12.2012, 13:54
| #2 |
| /// Malware-holic   | Exploit.Drop.GS, blockierte Websiten Hi,
__________________comodo kann weg. poste alle Malwarebytes funde: http://www.trojaner-board.de/125889-...en-posten.html poste OTL logs: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
13.12.2012, 17:36
| #3 |
| | Exploit.Drop.GS, blockierte Websiten Hallo,
__________________nachfolgend die Logs. Danke knut1418 Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.12.11.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 lappi :: LAPPI-PC [Administrator] Schutz: Aktiviert 11.12.2012 17:01:36 mbam-log-2012-12-11 (17-01-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 480452 Laufzeit: 1 Stunde(n), 47 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\lappi\AppData\Local\Temp\wpbt0.dll (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende)OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.12.2012 17:43:25 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lappi\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,51% Memory free 6,18 Gb Paging File | 4,90 Gb Available in Paging File | 79,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,88 Gb Total Space | 135,52 Gb Free Space | 61,08% Space Free | Partition Type: NTFS Drive D: | 11,00 Gb Total Space | 2,40 Gb Free Space | 21,84% Space Free | Partition Type: NTFS Computer Name: LAPPI-PC | User Name: lappi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.13 14:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lappi\Downloads\OTL.exe PRC - [2012.11.28 12:45:16 | 001,868,432 | ---- | M] () -- C:\Programme\Comodo\Dragon\dragon_updater.exe PRC - [2012.11.22 15:03:31 | 001,681,472 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe PRC - [2012.11.08 00:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Programme\Comodo\COMODO Internet Security\cfp.exe PRC - [2012.11.01 08:52:54 | 000,875,728 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Programme\Comodo\GeekBuddy\unit_manager.exe PRC - [2012.11.01 08:52:52 | 000,877,264 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Programme\Comodo\GeekBuddy\unit.exe PRC - [2012.11.01 08:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Programme\Common Files\Comodo\launcher_service.exe PRC - [2012.10.31 15:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Programme\Common Files\Comodo\GeekBuddyRSP.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.04.08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Programme\Common Files\Authentium\AntiVirus5\vseqrts.exe PRC - [2010.04.08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Programme\Common Files\Authentium\AntiVirus5\vsedsps.exe PRC - [2010.04.08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Programme\Common Files\Authentium\AntiVirus5\vseamps.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.12.19 18:27:04 | 000,066,856 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007.08.14 14:43:46 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV - [2012.12.11 21:56:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.11 19:05:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.28 12:45:16 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Programme\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater) SRV - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012.11.01 08:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Programme\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher) SRV - [2012.10.31 15:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Programme\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.06.05 09:39:42 | 000,289,544 | ---- | M] () [Auto | Stopped] -- C:\Programme\PC Beschleunigen\PCSUService.exe -- (PCSUService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010.05.02 22:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files\wLite\wService.exe -- (wxpSvc) SRV - [2010.04.08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Programme\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts) SRV - [2010.04.08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Programme\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps) SRV - [2010.04.08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Programme\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.03.05 08:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.12.04 09:41:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\CFRMD.sys -- (CFRMD) DRV - [2012.11.08 00:37:45 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\inspect.sys -- (inspect) DRV - [2012.11.08 00:37:44 | 000,042,264 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2012.11.08 00:37:43 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.10.11 12:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007.07.31 18:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2007.07.10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.25 12:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.05.30 14:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr) DRV - [2007.04.23 22:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2006.06.28 08:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7C784927-4120-4CC1-8C4F-87DEA672B92A}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=0498585504944087&q={searchTerms} IE - HKLM\..\SearchScopes\{EAB3ABD5-7DB0-476A-B92E-6BE6674A546D}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110824&tt=091212_621_5012_7&babsrc=HP_ss&mntrId=5c8240d60000000000000022690a993c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0958BB94-2D13-428E-95E2-4330F9337C7E}: "URL" = hxxp://www.bing.com/search?FORM=CYB4DF&PC=CYB4&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=091212_621_5012_7&babsrc=SP_ss&mntrId=5c8240d60000000000000022690a993c IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PCTC_de IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=0498585504944087&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.01.27 18:21:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.01.27 18:21:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.11 20:56:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.11 19:05:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.11 19:05:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.10 23:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lappi\AppData\Roaming\mozilla\Extensions [2012.12.11 19:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lappi\AppData\Roaming\mozilla\Firefox\Profiles\b0lct98e.default\Extensions [2012.12.10 23:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.11 20:56:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.12.11 19:05:36 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.20 07:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.20 07:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - Extension: Google Drive = C:\Users\lappi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Wajam = C:\Users\lappi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Wajam = C:\Users\lappi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Wajam = C:\Users\lappi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\ CHR - Extension: Google Mail = C:\Users\lappi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Search-Results Toolbar) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\Programme\Searchqu Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\Programme\Searchqu Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [tvncontrol] "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [playkadns] C:\Users\lappi\AppData\Roaming\playkadns.exe () O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C090995B-1E10-498D-AF51-253CC408E631}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\25976~1.107\{c16c1~1\mngr.dll) - File not found O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img30.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img30.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.11 21:46:24 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Local\Macromedia [2012.12.11 21:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Comodo [2012.12.11 21:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.12.11 20:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.12.11 20:58:54 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.12.11 20:55:30 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.12.11 20:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.12.11 20:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.12.11 19:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA [2012.12.11 19:31:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO [2012.12.11 19:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2012.12.11 19:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo [2012.12.11 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Local\Comodo [2012.12.11 19:23:24 | 000,045,832 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll [2012.12.11 19:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo [2012.12.11 16:45:46 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\Malwarebytes [2012.12.11 16:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.11 16:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.11 16:45:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.11 16:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.12.11 16:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Beschleunigen [2012.12.10 23:37:23 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\Mozilla [2012.12.10 23:37:23 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Local\Mozilla [2012.12.10 23:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.12.10 23:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.12.10 23:36:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2012.12.10 23:36:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.12.10 23:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.12.10 23:35:41 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Local\Wajam [2012.12.10 23:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.12.10 23:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.12.10 23:35:20 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\Babylon [2012.12.08 16:44:07 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\DVD Flick [2012.12.08 16:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick [2012.12.08 16:43:35 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx [2012.12.08 16:43:35 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx [2012.12.08 16:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick [2012.12.08 16:40:48 | 000,000,000 | ---D | C] -- C:\Users\lappi\Desktop\günter film [2012.12.08 15:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Easy Burner [2012.12.08 15:44:03 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\Windows\System32\vbalExpBar6.ocx [2012.12.08 15:44:00 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\SSubTmr6.dll [2012.12.08 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\lappi\AppData\Roaming\FreeBurner [2012.12.08 15:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar [2012.12.08 15:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner [2012.12.04 09:41:28 | 000,035,064 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\CFRMD.sys [2012.11.16 19:46:11 | 000,000,000 | ---D | C] -- C:\Users\lappi\Desktop\alles mögliche [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.13 17:46:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cd6c2f230aa67f.job [2012.12.13 17:18:53 | 000,000,281 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2012.12.13 17:17:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 17:17:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 17:17:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.13 17:17:10 | 3210,756,096 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 14:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.13 14:08:53 | 000,000,557 | ---- | M] () -- C:\Users\lappi\Desktop\netzwelt.de.website [2012.12.13 08:49:54 | 000,312,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.12 20:03:28 | 000,027,136 | ---- | M] () -- C:\Users\lappi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.12 19:30:34 | 000,000,000 | ---- | M] () -- C:\Users\lappi\defogger_reenable [2012.12.12 17:36:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.12.12 17:18:59 | 000,045,832 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll [2012.12.11 21:44:18 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk [2012.12.11 21:44:17 | 000,001,920 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2012.12.11 21:44:17 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk [2012.12.11 21:01:03 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.11 20:58:57 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.12.11 19:41:50 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2012.12.11 19:24:52 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2012.12.11 19:23:37 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk [2012.12.11 16:52:29 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.10 23:37:19 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.10 19:02:20 | 000,014,377 | ---- | M] () -- C:\Users\lappi\Documents\Finanzamt_Steuerverwaltung.pdf [2012.12.09 12:05:37 | 255,765,814 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.12.08 16:43:42 | 000,001,699 | ---- | M] () -- C:\Users\lappi\Desktop\DVD Flick.lnk [2012.12.08 15:44:04 | 000,000,939 | ---- | M] () -- C:\Users\lappi\Desktop\Free Easy Burner.lnk [2012.12.04 09:41:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\CFRMD.sys [2012.11.18 08:54:04 | 000,628,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.18 08:54:04 | 000,596,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.18 08:54:04 | 000,126,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.18 08:54:04 | 000,104,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.13 08:39:30 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.13 08:39:30 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.12 19:30:34 | 000,000,000 | ---- | C] () -- C:\Users\lappi\defogger_reenable [2012.12.11 21:44:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.11 21:44:18 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk [2012.12.11 21:44:17 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2012.12.11 21:44:17 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk [2012.12.11 21:01:03 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.11 20:58:57 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.12.11 19:24:52 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2012.12.11 19:23:37 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk [2012.12.11 16:45:37 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.11 16:44:38 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2012.12.10 23:37:19 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.12.10 23:37:19 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.10 19:02:19 | 000,014,377 | ---- | C] () -- C:\Users\lappi\Documents\Finanzamt_Steuerverwaltung.pdf [2012.12.08 16:43:42 | 000,001,699 | ---- | C] () -- C:\Users\lappi\Desktop\DVD Flick.lnk [2012.12.08 15:44:20 | 000,001,003 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Easy CD DVD Burner.lnk [2012.12.08 15:44:04 | 000,000,939 | ---- | C] () -- C:\Users\lappi\Desktop\Free Easy Burner.lnk [2012.12.08 15:43:59 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2012.10.31 17:42:15 | 000,064,970 | ---- | C] () -- C:\Users\lappi\Untitled 180.jpg [2012.10.31 17:42:14 | 000,065,749 | ---- | C] () -- C:\Users\lappi\Untitled 179.jpg [2012.10.31 17:42:14 | 000,065,706 | ---- | C] () -- C:\Users\lappi\Untitled 178.jpg [2012.10.31 17:42:12 | 000,066,476 | ---- | C] () -- C:\Users\lappi\Untitled 177.jpg [2012.10.31 17:42:09 | 000,063,536 | ---- | C] () -- C:\Users\lappi\Untitled 176.jpg [2012.10.31 17:42:01 | 000,066,422 | ---- | C] () -- C:\Users\lappi\Untitled 175.jpg [2012.10.31 17:42:00 | 000,067,008 | ---- | C] () -- C:\Users\lappi\Untitled 174.jpg [2012.10.31 17:41:58 | 000,064,807 | ---- | C] () -- C:\Users\lappi\Untitled 173.jpg [2012.10.31 17:41:47 | 000,064,131 | ---- | C] () -- C:\Users\lappi\Untitled 172.jpg [2012.10.31 17:41:28 | 019,613,611 | ---- | C] () -- C:\Users\lappi\Untitled 171.wmv [2012.10.31 17:41:04 | 000,063,177 | ---- | C] () -- C:\Users\lappi\Untitled 170.jpg [2012.10.31 17:41:03 | 000,063,748 | ---- | C] () -- C:\Users\lappi\Untitled 169.jpg [2012.10.31 17:40:46 | 000,062,662 | ---- | C] () -- C:\Users\lappi\Untitled 168.jpg [2012.10.31 17:40:39 | 000,062,364 | ---- | C] () -- C:\Users\lappi\Untitled 167.jpg [2012.04.22 16:10:59 | 000,000,124 | ---- | C] () -- C:\Users\lappi\Meine freigegebenen Ordner - Verknüpfung.lnk [2012.02.20 22:39:49 | 000,128,128 | ---- | C] () -- C:\Users\lappi\ESt2010_Susanne_Marx_und_Marx_Kurt.elfo [2011.12.12 15:47:09 | 000,000,029 | ---- | C] () -- C:\Windows\RRK.INI [2011.12.12 15:46:40 | 000,000,112 | ---- | C] () -- C:\Windows\TLCAPPS.INI [2011.12.12 15:46:28 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2011.11.18 18:58:04 | 000,059,148 | ---- | C] () -- C:\Users\lappi\Untitled 166.jpg [2011.11.04 18:34:13 | 000,066,456 | ---- | C] () -- C:\Users\lappi\Untitled 165.jpg [2011.11.04 18:34:12 | 000,066,453 | ---- | C] () -- C:\Users\lappi\Untitled 164.jpg [2011.11.04 18:34:11 | 000,066,914 | ---- | C] () -- C:\Users\lappi\Untitled 163.jpg [2011.11.04 18:34:10 | 000,067,145 | ---- | C] () -- C:\Users\lappi\Untitled 162.jpg [2011.11.04 18:34:09 | 000,066,963 | ---- | C] () -- C:\Users\lappi\Untitled 161.jpg [2011.11.04 18:34:08 | 000,067,118 | ---- | C] () -- C:\Users\lappi\Untitled 160.jpg [2011.11.04 18:34:07 | 000,064,460 | ---- | C] () -- C:\Users\lappi\Untitled 159.jpg [2011.11.04 18:34:05 | 000,065,593 | ---- | C] () -- C:\Users\lappi\Untitled 158.jpg [2011.11.04 18:34:04 | 000,067,123 | ---- | C] () -- C:\Users\lappi\Untitled 157.jpg [2011.11.04 18:34:02 | 000,065,957 | ---- | C] () -- C:\Users\lappi\Untitled 156.jpg [2011.11.04 18:32:36 | 000,064,543 | ---- | C] () -- C:\Users\lappi\Untitled 155.jpg [2011.11.04 18:32:32 | 000,061,757 | ---- | C] () -- C:\Users\lappi\Untitled 154.jpg [2011.11.04 18:32:07 | 000,022,210 | ---- | C] () -- C:\Users\lappi\Untitled 153.jpg [2011.11.04 18:32:02 | 000,023,585 | ---- | C] () -- C:\Users\lappi\Untitled 152.jpg [2011.11.04 18:31:57 | 000,032,939 | ---- | C] () -- C:\Users\lappi\Untitled 151.jpg [2011.11.04 18:31:02 | 000,445,437 | ---- | C] () -- C:\Users\lappi\Untitled 150.wmv [2011.11.04 18:30:59 | 000,027,752 | ---- | C] () -- C:\Users\lappi\Untitled 149.jpg [2011.11.04 18:30:55 | 000,030,703 | ---- | C] () -- C:\Users\lappi\Untitled 148.jpg [2011.11.04 18:30:47 | 000,031,920 | ---- | C] () -- C:\Users\lappi\Untitled 147.jpg [2011.11.04 18:30:38 | 000,035,502 | ---- | C] () -- C:\Users\lappi\Untitled 146.jpg [2011.11.04 18:30:37 | 000,035,197 | ---- | C] () -- C:\Users\lappi\Untitled 145.jpg [2011.11.04 18:30:35 | 000,035,296 | ---- | C] () -- C:\Users\lappi\Untitled 144.jpg [2011.06.20 17:45:42 | 000,059,598 | ---- | C] () -- C:\Users\lappi\Untitled 143.jpg [2011.06.20 17:45:39 | 000,061,668 | ---- | C] () -- C:\Users\lappi\Untitled 142.jpg [2011.06.20 17:45:38 | 000,057,395 | ---- | C] () -- C:\Users\lappi\Untitled 141.jpg [2011.06.20 17:45:36 | 000,052,400 | ---- | C] () -- C:\Users\lappi\Untitled 140.jpg [2011.06.20 17:45:35 | 000,059,124 | ---- | C] () -- C:\Users\lappi\Untitled 139.jpg [2011.06.20 17:45:32 | 000,051,955 | ---- | C] () -- C:\Users\lappi\Untitled 138.jpg [2011.06.20 17:45:31 | 000,055,631 | ---- | C] () -- C:\Users\lappi\Untitled 137.jpg [2011.06.20 17:45:30 | 000,058,403 | ---- | C] () -- C:\Users\lappi\Untitled 136.jpg [2011.06.20 17:45:26 | 000,059,263 | ---- | C] () -- C:\Users\lappi\Untitled 135.jpg [2011.06.20 17:45:21 | 000,059,544 | ---- | C] () -- C:\Users\lappi\Untitled 134.jpg [2011.06.20 17:45:13 | 003,413,443 | ---- | C] () -- C:\Users\lappi\Untitled 133.wmv [2011.06.20 17:45:06 | 000,057,263 | ---- | C] () -- C:\Users\lappi\Untitled 132.jpg [2011.06.20 17:44:59 | 000,058,574 | ---- | C] () -- C:\Users\lappi\Untitled 131.jpg [2011.06.20 17:44:57 | 000,060,157 | ---- | C] () -- C:\Users\lappi\Untitled 130.jpg [2011.06.20 17:44:56 | 000,059,513 | ---- | C] () -- C:\Users\lappi\Untitled 129.jpg [2011.06.18 18:03:23 | 000,051,987 | ---- | C] () -- C:\Users\lappi\Untitled 128.jpg [2011.06.18 18:03:11 | 000,052,546 | ---- | C] () -- C:\Users\lappi\Untitled 127.jpg [2011.06.18 18:02:56 | 000,052,101 | ---- | C] () -- C:\Users\lappi\Untitled 126.jpg [2011.06.18 18:02:50 | 000,057,284 | ---- | C] () -- C:\Users\lappi\Untitled 125.jpg [2011.06.18 18:02:45 | 000,057,654 | ---- | C] () -- C:\Users\lappi\Untitled 124.jpg [2011.06.18 18:02:35 | 000,056,644 | ---- | C] () -- C:\Users\lappi\Untitled 123.jpg [2011.06.16 15:59:23 | 000,055,012 | ---- | C] () -- C:\Users\lappi\Untitled 122.jpg [2011.06.16 15:59:17 | 000,057,305 | ---- | C] () -- C:\Users\lappi\Untitled 121.jpg [2011.06.16 15:59:09 | 000,057,232 | ---- | C] () -- C:\Users\lappi\Untitled 120.jpg [2011.06.16 15:59:02 | 000,055,394 | ---- | C] () -- C:\Users\lappi\Untitled 119.jpg [2011.05.13 15:22:24 | 001,319,880 | ---- | C] () -- C:\Users\lappi\Gruber Dach 3.jpg [2011.05.13 15:21:32 | 001,117,611 | ---- | C] () -- C:\Users\lappi\Gruber Dach 2.jpg [2011.05.13 15:20:55 | 001,074,467 | ---- | C] () -- C:\Users\lappi\Gruber Dach 1.jpg [2011.05.13 15:20:02 | 000,483,461 | ---- | C] () -- C:\Users\lappi\Gruber Kran2.jpg [2011.05.13 15:19:06 | 000,645,476 | ---- | C] () -- C:\Users\lappi\Gruber Kran1.jpg [2011.03.01 19:33:30 | 004,061,443 | ---- | C] () -- C:\Users\lappi\Untitled 118.wmv [2011.03.01 19:32:55 | 007,421,497 | ---- | C] () -- C:\Users\lappi\Untitled 117.wmv [2011.03.01 19:32:51 | 000,055,497 | ---- | C] () -- C:\Users\lappi\Untitled 116.jpg [2011.03.01 19:32:48 | 000,052,471 | ---- | C] () -- C:\Users\lappi\Untitled 115.jpg [2011.03.01 19:32:44 | 000,052,510 | ---- | C] () -- C:\Users\lappi\Untitled 114.jpg [2011.03.01 19:32:43 | 000,052,708 | ---- | C] () -- C:\Users\lappi\Untitled 113.jpg [2011.03.01 19:32:37 | 000,051,780 | ---- | C] () -- C:\Users\lappi\Untitled 112.jpg [2011.03.01 19:32:36 | 000,052,082 | ---- | C] () -- C:\Users\lappi\Untitled 110.jpg [2011.03.01 19:32:36 | 000,051,848 | ---- | C] () -- C:\Users\lappi\Untitled 111.jpg [2011.03.01 19:32:34 | 000,051,929 | ---- | C] () -- C:\Users\lappi\Untitled 109.jpg [2011.03.01 19:32:33 | 000,051,850 | ---- | C] () -- C:\Users\lappi\Untitled 108.jpg [2011.03.01 19:32:32 | 000,051,988 | ---- | C] () -- C:\Users\lappi\Untitled 107.jpg [2011.03.01 19:32:16 | 000,052,317 | ---- | C] () -- C:\Users\lappi\Untitled 106.jpg [2011.03.01 19:32:14 | 000,052,050 | ---- | C] () -- C:\Users\lappi\Untitled 105.jpg [2011.03.01 19:32:08 | 000,053,440 | ---- | C] () -- C:\Users\lappi\Untitled 104.jpg [2011.03.01 19:31:34 | 000,057,995 | ---- | C] () -- C:\Users\lappi\Untitled 103.jpg [2011.03.01 19:30:25 | 000,051,330 | ---- | C] () -- C:\Users\lappi\Untitled 102.jpg [2011.03.01 19:30:23 | 000,051,957 | ---- | C] () -- C:\Users\lappi\Untitled 101.jpg [2011.03.01 19:29:53 | 000,056,297 | ---- | C] () -- C:\Users\lappi\Untitled 100.jpg [2011.03.01 19:29:34 | 000,056,600 | ---- | C] () -- C:\Users\lappi\Untitled 99.jpg [2011.03.01 19:29:00 | 000,063,304 | ---- | C] () -- C:\Users\lappi\Untitled 98.jpg [2011.01.16 17:23:53 | 001,717,419 | ---- | C] () -- C:\Users\lappi\Untitled 97.wmv [2010.11.17 17:55:04 | 000,047,683 | ---- | C] () -- C:\Users\lappi\Untitled 96.jpg [2010.11.17 17:55:00 | 000,050,796 | ---- | C] () -- C:\Users\lappi\Untitled 95.jpg [2010.11.17 17:54:47 | 000,050,048 | ---- | C] () -- C:\Users\lappi\Untitled 94.jpg [2010.11.12 18:30:52 | 000,333,419 | ---- | C] () -- C:\Users\lappi\Untitled 93.wmv [2010.11.12 18:30:48 | 000,029,992 | ---- | C] () -- C:\Users\lappi\Untitled 92.jpg [2010.11.12 18:30:40 | 000,029,547 | ---- | C] () -- C:\Users\lappi\Untitled 89.jpg [2010.11.06 08:48:50 | 000,058,820 | ---- | C] () -- C:\Users\lappi\Untitled 88.jpg [2010.11.06 08:48:44 | 000,058,735 | ---- | C] () -- C:\Users\lappi\Untitled 87.jpg [2010.11.06 08:48:09 | 005,509,473 | ---- | C] () -- C:\Users\lappi\Untitled 86.wmv [2010.11.06 08:48:06 | 000,061,318 | ---- | C] () -- C:\Users\lappi\Untitled 85.jpg [2010.10.19 19:04:15 | 000,063,553 | ---- | C] () -- C:\Users\lappi\Untitled 83.jpg [2010.10.19 19:04:14 | 000,062,614 | ---- | C] () -- C:\Users\lappi\Untitled 82.jpg [2010.10.13 20:57:02 | 000,184,623 | ---- | C] () -- C:\Users\lappi\steuer2010.elfo [2010.08.24 13:02:32 | 000,045,829 | ---- | C] () -- C:\Users\lappi\Untitled 81.jpg [2010.08.24 13:02:20 | 000,049,052 | ---- | C] () -- C:\Users\lappi\Untitled 80.jpg [2010.08.03 18:27:06 | 000,052,945 | ---- | C] () -- C:\Users\lappi\Untitled 79.jpg [2010.08.03 18:26:43 | 000,055,620 | ---- | C] () -- C:\Users\lappi\Untitled 78.jpg [2010.08.03 18:26:34 | 000,054,778 | ---- | C] () -- C:\Users\lappi\Untitled 77.jpg [2010.08.02 21:41:41 | 000,052,593 | ---- | C] () -- C:\Users\lappi\Untitled 76.jpg [2010.08.02 21:41:40 | 000,054,366 | ---- | C] () -- C:\Users\lappi\Untitled 75.jpg [2010.08.02 21:41:39 | 000,054,121 | ---- | C] () -- C:\Users\lappi\Untitled 74.jpg [2010.08.02 21:41:37 | 000,053,675 | ---- | C] () -- C:\Users\lappi\Untitled 73.jpg [2010.08.02 21:41:33 | 000,053,880 | ---- | C] () -- C:\Users\lappi\Untitled 72.jpg [2010.07.23 18:00:52 | 000,048,765 | ---- | C] () -- C:\Users\lappi\Untitled 69.jpg [2010.07.23 16:44:48 | 000,039,058 | ---- | C] () -- C:\Users\lappi\Untitled 68.jpg [2010.07.23 16:43:45 | 004,213,467 | ---- | C] () -- C:\Users\lappi\Untitled 66.wmv [2010.07.23 16:43:40 | 000,054,915 | ---- | C] () -- C:\Users\lappi\Untitled 65.jpg [2010.07.23 16:43:32 | 000,058,551 | ---- | C] () -- C:\Users\lappi\Untitled 64.jpg [2010.07.23 16:43:31 | 000,057,660 | ---- | C] () -- C:\Users\lappi\Untitled 63.jpg [2010.07.21 19:37:48 | 000,037,022 | ---- | C] () -- C:\Users\lappi\Untitled 61.jpg [2010.07.21 19:37:02 | 009,805,695 | ---- | C] () -- C:\Users\lappi\Untitled 60.wmv [2010.07.21 19:36:17 | 002,357,473 | ---- | C] () -- C:\Users\lappi\Untitled 59.wmv [2010.07.21 19:36:07 | 001,517,443 | ---- | C] () -- C:\Users\lappi\Untitled 58.wmv [2010.07.21 19:35:51 | 000,039,749 | ---- | C] () -- C:\Users\lappi\Untitled 57.jpg [2010.07.21 19:35:40 | 000,041,831 | ---- | C] () -- C:\Users\lappi\Untitled 56.jpg [2010.07.21 19:35:30 | 000,045,036 | ---- | C] () -- C:\Users\lappi\Untitled 55.jpg [2010.07.21 19:34:58 | 000,043,566 | ---- | C] () -- C:\Users\lappi\Untitled 54.jpg [2010.07.21 19:34:45 | 000,041,895 | ---- | C] () -- C:\Users\lappi\Untitled 53.jpg [2010.07.21 19:34:29 | 000,045,269 | ---- | C] () -- C:\Users\lappi\Untitled 52.jpg [2010.07.21 19:34:08 | 000,047,709 | ---- | C] () -- C:\Users\lappi\Untitled 51.jpg [2010.07.21 19:33:30 | 000,038,769 | ---- | C] () -- C:\Users\lappi\Untitled 50.jpg [2010.07.21 19:33:19 | 000,041,619 | ---- | C] () -- C:\Users\lappi\Untitled 49.jpg [2010.07.21 19:28:06 | 000,041,909 | ---- | C] () -- C:\Users\lappi\Untitled 48.jpg [2010.07.21 19:27:54 | 000,054,861 | ---- | C] () -- C:\Users\lappi\Untitled 47.jpg [2010.07.21 19:27:14 | 000,043,668 | ---- | C] () -- C:\Users\lappi\Untitled 45.jpg [2010.07.21 19:26:38 | 000,805,425 | ---- | C] () -- C:\Users\lappi\Untitled 44.wmv [2010.07.20 14:48:10 | 000,052,346 | ---- | C] () -- C:\Users\lappi\Untitled 41.jpg [2010.07.20 14:47:33 | 000,057,110 | ---- | C] () -- C:\Users\lappi\Untitled 39.jpg [2010.07.20 14:47:08 | 000,047,576 | ---- | C] () -- C:\Users\lappi\Untitled 38.jpg [2010.07.20 14:46:44 | 000,054,178 | ---- | C] () -- C:\Users\lappi\Untitled 35.jpg [2010.07.20 14:11:13 | 000,056,382 | ---- | C] () -- C:\Users\lappi\Untitled 34.jpg [2010.07.20 14:10:29 | 046,757,785 | ---- | C] () -- C:\Users\lappi\Untitled 33.wmv [2010.06.19 14:23:16 | 000,059,681 | ---- | C] () -- C:\Users\lappi\Untitled 32.jpg [2010.06.19 14:23:15 | 000,062,827 | ---- | C] () -- C:\Users\lappi\Untitled 31.jpg [2010.06.19 14:23:12 | 010,573,479 | ---- | C] () -- C:\Users\lappi\Untitled 30.wmv [2010.06.19 14:23:05 | 000,058,857 | ---- | C] () -- C:\Users\lappi\Untitled 29.jpg [2010.06.19 14:23:05 | 000,058,762 | ---- | C] () -- C:\Users\lappi\Untitled 27.jpg [2010.06.19 14:23:05 | 000,058,318 | ---- | C] () -- C:\Users\lappi\Untitled 28.jpg [2010.06.19 14:23:04 | 000,056,219 | ---- | C] () -- C:\Users\lappi\Untitled 26.jpg [2010.06.19 14:23:04 | 000,055,720 | ---- | C] () -- C:\Users\lappi\Untitled 25.jpg [2010.06.19 14:22:34 | 000,059,184 | ---- | C] () -- C:\Users\lappi\Untitled 24.jpg [2010.06.19 14:22:33 | 000,058,486 | ---- | C] () -- C:\Users\lappi\Untitled 23.jpg [2010.06.19 14:22:31 | 000,056,180 | ---- | C] () -- C:\Users\lappi\Untitled 22.jpg [2010.06.19 14:22:26 | 000,060,848 | ---- | C] () -- C:\Users\lappi\Untitled 21.jpg [2010.05.27 16:41:20 | 378,136,917 | ---- | C] () -- C:\Users\lappi\Untitled 20.wmv [2010.05.27 16:41:04 | 008,797,473 | ---- | C] () -- C:\Users\lappi\Untitled 19.wmv [2010.05.27 16:40:27 | 000,057,927 | ---- | C] () -- C:\Users\lappi\Untitled 18.jpg [2010.05.27 16:40:22 | 000,060,588 | ---- | C] () -- C:\Users\lappi\Untitled 17.jpg [2010.05.27 16:40:19 | 000,054,673 | ---- | C] () -- C:\Users\lappi\Untitled 16.jpg [2010.05.27 16:38:15 | 000,060,714 | ---- | C] () -- C:\Users\lappi\Untitled 15.jpg [2010.05.27 16:38:13 | 000,061,147 | ---- | C] () -- C:\Users\lappi\Untitled 14.jpg [2010.05.27 16:38:07 | 000,055,638 | ---- | C] () -- C:\Users\lappi\Untitled 13.jpg [2010.05.27 16:37:45 | 007,381,503 | ---- | C] () -- C:\Users\lappi\Untitled 12.wmv [2010.05.24 14:05:10 | 000,024,206 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\UserTile.png [2009.09.03 16:12:30 | 000,027,136 | ---- | C] () -- C:\Users\lappi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.27 17:09:34 | 000,005,648 | ---- | C] () -- C:\Users\lappi\AppData\Local\d3d9caps.dat [2008.01.21 03:24:54 | 000,234,080 | ---- | C] () -- C:\Users\lappi\AppData\Roaming\playkadns.exe ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.10 23:35:20 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Babylon [2012.10.16 22:08:57 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\calibre [2009.09.21 19:28:31 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Camel101 [2010.10.13 18:12:01 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\elsterformular [2012.12.08 16:15:15 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\FreeBurner [2011.01.19 15:20:43 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\GetRightToGo [2009.09.09 21:52:07 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Magic Academy [2009.09.18 20:26:06 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Merscom [2011.11.18 19:01:42 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\NCH Swift Sound [2010.05.24 14:05:09 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\PeerNetworking [2011.01.19 15:23:51 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Philipp Winterberg [2009.09.10 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\PlayFirst [2009.09.22 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Shape games [2011.10.20 20:26:05 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\Uniblue [2009.08.27 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\lappi\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 708 bytes -> C:\Users\lappi\Documents\Re_ ROBERT DANZ.eml:OECustomProperty @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.12.2012 14:35:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lappi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,04% Memory free
6,18 Gb Paging File | 4,70 Gb Available in Paging File | 76,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,88 Gb Total Space | 135,72 Gb Free Space | 61,17% Space Free | Partition Type: NTFS
Drive D: | 11,00 Gb Total Space | 2,40 Gb Free Space | 21,84% Space Free | Partition Type: NTFS
Computer Name: LAPPI-PC | User Name: lappi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1537305291-2819360922-3794042925-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C27934-3CE7-4D79-B0A4-894CCFDF862C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2FFEED21-C422-4BF1-A5BE-6A77961C3360}" = rport=137 | protocol=17 | dir=out | app=system |
"{328D0C7C-36FB-4F33-8EF7-2FA822BAB3DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{49369C65-7216-47B2-B8FE-6E0AE1F207E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5892368B-4458-454E-8082-316010F51C74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6727A4B3-A206-40E1-A0DE-9A6BE29F9849}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C91F7E5-92EB-43CD-84AF-3E74CE9A0CC7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8CE3A12D-2DDA-4A7D-9E6F-AD4DED164E7C}" = rport=139 | protocol=6 | dir=out | app=system |
"{A0B57B7F-05A8-4348-9E42-E7850A50691E}" = lport=138 | protocol=17 | dir=in | app=system |
"{A17F829A-59B4-4A79-92C7-8C80917E1A1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B70C96E3-7411-4ED1-AD56-C16C49D2D9AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCCA2691-3C26-402F-8293-C5F0A6C635F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF27905A-EEE1-4A76-934B-9AD84FF03118}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CFE8743E-E90F-4702-A3FC-186A2DFF0088}" = lport=139 | protocol=6 | dir=in | app=system |
"{DCE4F2CA-42E3-4277-A533-9BEEF97ECB2D}" = lport=445 | protocol=6 | dir=in | app=system |
"{E826EB4F-4F30-4609-98CF-FFB312EBEF43}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EFE401D0-8073-4639-BA13-0D230EB40374}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F14E0991-CDDE-43C5-8767-351E49EE4F27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F311C3D2-87B4-4711-AA69-7C5CAD925779}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5D7647B-5C00-4D05-A44C-3D9E2CCEC571}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094F58B3-7980-4BD2-900D-92F88BE7A751}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{1FD919F0-7712-49D9-A153-F0191DCADEAD}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{23C60B81-5A8F-4828-AEA1-545C5D9B068B}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\srtool~1\dtuser.exe |
"{3F9EB967-0594-4C0E-8FF5-FD1644354F3C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{474CF4D8-92F7-4507-82AE-4031E7DD0E6E}" = protocol=17 | dir=in | app=c:\program files\wlite\wlite.exe |
"{55651C76-40AA-4915-802A-6EB1FEF86FF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{596E1A76-6AEF-4500-877E-CD03092594AC}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{6DA024DA-E596-4728-8F3E-97094EB24DA7}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\srtool~1\dtuser.exe |
"{82AD317D-021F-488A-8100-180864ADDCBB}" = protocol=6 | dir=in | app=c:\program files\wlite\wlite.exe |
"{A37A87D3-8EE0-4940-A0BF-5AF803D05F65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A572F5FA-2D90-4EE5-A6DC-0AC376B43D56}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{B1B94060-07A7-4DF4-884F-52665C1BA5B5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B2F3C280-20C8-4227-8E30-EA13575A5208}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{BED66075-587F-431E-9F65-56F33193E707}" = protocol=6 | dir=in | app=c:\program files\wlite\wservice.exe |
"{DBECE805-5726-4FE3-9DAE-863CD7B21E15}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{E702247F-2BBC-458F-9095-DF3C8A2E9964}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EBE868E8-8F15-4C7B-A5B3-C92FFB5B1B3B}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{ED71B33D-2DDB-46DA-8E98-C7851BB79826}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F592EC79-DA3B-430E-9447-C8FDF0161215}" = protocol=17 | dir=in | app=c:\program files\wlite\wservice.exe |
"{FB9165D2-47E7-4DFD-81A4-25D59A16EC5E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{240A6426-ABB3-4BA0-9CBD-8963572DA062}C:\program files\nch software\talk\talk.exe" = protocol=6 | dir=in | app=c:\program files\nch software\talk\talk.exe |
"TCP Query User{2428E747-DBCC-487C-8842-2524EE78715A}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe |
"TCP Query User{248AAE2E-D09D-43DA-B353-026506C00AA3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9E962CF5-6DC3-477C-9170-6409F77BE734}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C5ABDDB5-B0BA-491E-A772-8A5CE361122D}C:\program files\nch software\talk\talk.exe" = protocol=6 | dir=in | app=c:\program files\nch software\talk\talk.exe |
"UDP Query User{4815CB3D-47A5-4E63-99A0-74BAF473ACA4}C:\program files\nch software\talk\talk.exe" = protocol=17 | dir=in | app=c:\program files\nch software\talk\talk.exe |
"UDP Query User{8A2B6BB9-6B6F-4899-A80B-78740C777638}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe |
"UDP Query User{AAB9074B-4587-4805-9C0B-3A48F0363319}C:\program files\nch software\talk\talk.exe" = protocol=17 | dir=in | app=c:\program files\nch software\talk\talk.exe |
"UDP Query User{C5C66348-76FE-4646-9D76-678EB9009DED}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EF0E656A-3967-46F3-A209-3F31BCF0CC00}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = Die Sims™ Lebensgeschichten
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3BC0EB7D-79D7-4272-82B6-A1BB4F3563AE}" = Humax_toolbox_v.1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{85833A03-476B-43B3-B61C-5EB946DBF6E4}" = HP User Guides 0092
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E21161DD-05A2-42ED-A0EC-9C1393F51A64}" = GeekBuddy
"{E62381A7-B1C1-4121-8262-84D38C77786C}" = COMODO Internet Security
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED8DE18A-421A-46CE-884B-E913EB16AB49}" = calibre
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Toolbar" = AOL Toolbar 5.0
"avast" = avast! Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Comodo Dragon" = Comodo Dragon
"Debut" = Debut Video Capture Software
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Formula V3 v2.28" = Formula V3 v2.28
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"koyotesofttoolbarnew" = Search-Results Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office8.0" = Microsoft Office 97, Professional Edition
"PMCTool_is1" = PMCTool v 0.1.4.0
"RRK32.EXE" = BilliBanni und seine Freunde
"S4Uninst" = Die Siedler IV
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"ToolBox" = NCH Toolbox
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1537305291-2819360922-3794042925-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
========== Last 20 Event Log Errors ==========
[ Antivirus Events ]
Error - 20.01.2012 08:18:13 | Computer Name = lappi-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 11.12.2012 14:41:29 | Computer Name = lappi-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
Error - 11.12.2012 14:41:29 | Computer Name = lappi-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
Error - 11.12.2012 14:41:58 | Computer Name = lappi-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
Error - 11.12.2012 16:12:02 | Computer Name = lappi-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.12.2012 16:34:15 | Computer Name = lappi-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.12.2012 12:16:03 | Computer Name = lappi-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.12.2012 14:34:45 | Computer Name = lappi-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.12.2012 03:27:41 | Computer Name = lappi-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.12.2012 03:50:50 | Computer Name = lappi-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.12.2012 08:53:14 | Computer Name = lappi-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 13.12.2012 03:41:57 | Computer Name = lappi-PC | Source = DCOM | ID = 10010
Description =
Error - 13.12.2012 03:46:28 | Computer Name = lappi-PC | Source = DCOM | ID = 10010
Description =
Error - 13.12.2012 03:50:09 | Computer Name = lappi-PC | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =
Error - 13.12.2012 03:50:51 | Computer Name = lappi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.12.2012 03:50:51 | Computer Name = lappi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.12.2012 03:53:00 | Computer Name = lappi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.12.2012 03:53:00 | Computer Name = lappi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.12.2012 08:52:24 | Computer Name = lappi-PC | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =
Error - 13.12.2012 08:53:14 | Computer Name = lappi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 13.12.2012 08:53:14 | Computer Name = lappi-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Geändert von knut1418 (13.12.2012 um 18:06 Uhr) |
|
13.12.2012, 18:54
| #4 |
| /// Malware-holic | Exploit.Drop.GS, blockierte Websiten hi wieso ist comodo noch drauf, weg damit bitte. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [playkadns] C:\Users\lappi\AppData\Roaming\playkadns.exe ()
:Files
C:\Users\lappi\AppData\Roaming\playkadns.exe
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.12.2012, 21:38
| #5 |
| | Exploit.Drop.GS, blockierte Websiten ll processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\playkadns not found. File C:\Users\lappi\AppData\Roaming\playkadns.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: lappi ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: lappi ->Temp folder emptied: 732182182 bytes ->Temporary Internet Files folder emptied: 573775477 bytes ->Java cache emptied: 57644126 bytes ->FireFox cache emptied: 53430351 bytes ->Google Chrome cache emptied: 13527526 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 464712789 bytes RecycleBin emptied: 1811509 bytes Total Files Cleaned = 1.809,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12132012_210613 Files\Folders moved on Reboot... C:\Users\lappi\AppData\Local\Temp\ehmsas.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
13.12.2012, 21:40
| #6 |
| /// Malware-holic | Exploit.Drop.GS, blockierte Websiten hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Exploit.Drop.GS, blockierte Websiten |
|
13.12.2012, 22:01
| #7 |
| | Exploit.Drop.GS, blockierte Websiten 21:58:43.0035 4536 ============================================================ 21:58:43.0066 4536 C: <-> \Device\Harddisk0\DR0\Partition1 21:58:43.0129 4536 D: <-> \Device\Harddisk0\DR0\Partition2 21:58:43.0129 4536 ============================================================ 21:58:43.0129 4536 Initialize success 21:58:43.0129 4536 ============================================================ 21:58:46.0093 4512 ============================================================ 21:58:46.0093 4512 Scan started 21:58:46.0093 4512 Mode: Manual; 21:58:46.0093 4512 ============================================================ 21:58:46.0430 4512 ================ Scan system memory ======================== 21:58:46.0430 4512 System memory - ok 21:58:46.0440 4512 ================ Scan services ============================= 21:58:46.0760 4512 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 21:58:46.0770 4512 ACPI - ok 21:58:46.0870 4512 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:58:46.0870 4512 AdobeFlashPlayerUpdateSvc - ok 21:58:46.0930 4512 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:58:46.0940 4512 adp94xx - ok 21:58:46.0960 4512 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:58:46.0960 4512 adpahci - ok 21:58:46.0980 4512 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 21:58:46.0980 4512 adpu160m - ok 21:58:47.0030 4512 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:58:47.0030 4512 adpu320 - ok 21:58:47.0080 4512 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:58:47.0090 4512 AeLookupSvc - ok 21:58:47.0160 4512 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 21:58:47.0160 4512 AFD - ok 21:58:47.0190 4512 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:58:47.0200 4512 agp440 - ok 21:58:47.0210 4512 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 21:58:47.0210 4512 aic78xx - ok 21:58:47.0230 4512 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 21:58:47.0230 4512 ALG - ok 21:58:47.0250 4512 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 21:58:47.0250 4512 aliide - ok 21:58:47.0270 4512 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 21:58:47.0280 4512 amdagp - ok 21:58:47.0300 4512 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 21:58:47.0310 4512 amdide - ok 21:58:47.0320 4512 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 21:58:47.0320 4512 AmdK7 - ok 21:58:47.0340 4512 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:58:47.0340 4512 AmdK8 - ok 21:58:47.0400 4512 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 21:58:47.0400 4512 ApfiltrService - ok 21:58:47.0440 4512 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 21:58:47.0440 4512 Appinfo - ok 21:58:47.0460 4512 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 21:58:47.0460 4512 arc - ok 21:58:47.0500 4512 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:58:47.0500 4512 arcsas - ok 21:58:47.0530 4512 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 21:58:47.0530 4512 aswFsBlk - ok 21:58:47.0580 4512 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 21:58:47.0590 4512 aswMonFlt - ok 21:58:47.0620 4512 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys 21:58:47.0620 4512 aswRdr - ok 21:58:47.0700 4512 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 21:58:47.0710 4512 aswSnx - ok 21:58:47.0840 4512 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys 21:58:47.0850 4512 aswSP - ok 21:58:47.0870 4512 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 21:58:47.0870 4512 aswTdi - ok 21:58:47.0920 4512 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:58:47.0920 4512 AsyncMac - ok 21:58:47.0970 4512 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 21:58:47.0970 4512 atapi - ok 21:58:48.0010 4512 [ 0437199C88F6E88A387CFEC8A8886A6E ] athr C:\Windows\system32\DRIVERS\athr.sys 21:58:48.0020 4512 athr - ok 21:58:48.0090 4512 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:58:48.0100 4512 AudioEndpointBuilder - ok 21:58:48.0120 4512 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 21:58:48.0120 4512 Audiosrv - ok 21:58:48.0200 4512 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 21:58:48.0200 4512 avast! Antivirus - ok 21:58:48.0250 4512 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys 21:58:48.0250 4512 BCM43XV - ok 21:58:48.0290 4512 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 21:58:48.0290 4512 Beep - ok 21:58:48.0370 4512 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 21:58:48.0370 4512 BFE - ok 21:58:48.0450 4512 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 21:58:48.0460 4512 BITS - ok 21:58:48.0480 4512 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 21:58:48.0480 4512 blbdrive - ok 21:58:48.0530 4512 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:58:48.0530 4512 bowser - ok 21:58:48.0560 4512 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 21:58:48.0560 4512 BrFiltLo - ok 21:58:48.0570 4512 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 21:58:48.0570 4512 BrFiltUp - ok 21:58:48.0600 4512 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 21:58:48.0600 4512 Browser - ok 21:58:48.0630 4512 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 21:58:48.0630 4512 Brserid - ok 21:58:48.0670 4512 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 21:58:48.0670 4512 BrSerWdm - ok 21:58:48.0710 4512 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 21:58:48.0710 4512 BrUsbMdm - ok 21:58:48.0730 4512 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 21:58:48.0730 4512 BrUsbSer - ok 21:58:48.0780 4512 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:58:48.0790 4512 BTHMODEM - ok 21:58:48.0810 4512 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:58:48.0810 4512 cdfs - ok 21:58:48.0880 4512 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:58:48.0880 4512 cdrom - ok 21:58:48.0980 4512 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 21:58:48.0990 4512 CertPropSvc - ok 21:58:49.0010 4512 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 21:58:49.0010 4512 circlass - ok 21:58:49.0070 4512 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 21:58:49.0070 4512 CLFS - ok 21:58:49.0150 4512 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:58:49.0160 4512 clr_optimization_v2.0.50727_32 - ok 21:58:49.0280 4512 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:58:49.0280 4512 clr_optimization_v4.0.30319_32 - ok 21:58:49.0310 4512 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:58:49.0320 4512 CmBatt - ok 21:58:49.0330 4512 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:58:49.0330 4512 cmdide - ok 21:58:49.0420 4512 [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe 21:58:49.0430 4512 Com4Qlb - ok 21:58:49.0440 4512 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:58:49.0440 4512 Compbatt - ok 21:58:49.0450 4512 COMSysApp - ok 21:58:49.0460 4512 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:58:49.0460 4512 crcdisk - ok 21:58:49.0480 4512 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 21:58:49.0480 4512 Crusoe - ok 21:58:49.0560 4512 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:58:49.0560 4512 CryptSvc - ok 21:58:49.0630 4512 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys 21:58:49.0630 4512 CVirtA - ok 21:58:49.0810 4512 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 21:58:49.0820 4512 CVPND - ok 21:58:49.0880 4512 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys 21:58:49.0880 4512 CVPNDRVA - ok 21:58:49.0900 4512 Scan interrupted by user! 21:58:49.0900 4512 ================ Scan global =============================== 21:58:49.0900 4512 Scan interrupted by user! 21:58:49.0900 4512 ================ Scan MBR ================================== 21:58:49.0900 4512 Scan interrupted by user! 21:58:49.0900 4512 ================ Scan VBR ================================== 21:58:49.0900 4512 Scan interrupted by user! 21:58:49.0900 4512 ============================================================ 21:58:49.0900 4512 Scan finished 21:58:49.0900 4512 ============================================================ 21:58:49.0910 6136 Detected object count: 0 21:58:49.0910 6136 Actual detected object count: 0 21:59:33.0987 5180 ============================================================ 21:59:33.0987 5180 Scan started 21:59:33.0987 5180 Mode: Manual; SigCheck; TDLFS; 21:59:33.0987 5180 ============================================================ 21:59:34.0253 5180 ================ Scan system memory ======================== 21:59:34.0253 5180 System memory - ok 21:59:34.0253 5180 ================ Scan services ============================= 21:59:34.0471 5180 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 21:59:34.0643 5180 ACPI - ok 21:59:34.0752 5180 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:59:34.0767 5180 AdobeFlashPlayerUpdateSvc - ok 21:59:34.0813 5180 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:59:34.0843 5180 adp94xx - ok 21:59:34.0883 5180 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:59:34.0903 5180 adpahci - ok 21:59:34.0933 5180 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 21:59:34.0953 5180 adpu160m - ok 21:59:34.0993 5180 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:59:35.0013 5180 adpu320 - ok 21:59:35.0073 5180 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:59:35.0103 5180 AeLookupSvc - ok 21:59:35.0163 5180 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 21:59:35.0183 5180 AFD - ok 21:59:35.0203 5180 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:59:35.0223 5180 agp440 - ok 21:59:35.0243 5180 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 21:59:35.0263 5180 aic78xx - ok 21:59:35.0283 5180 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 21:59:35.0323 5180 ALG - ok 21:59:35.0333 5180 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 21:59:35.0353 5180 aliide - ok 21:59:35.0383 5180 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 21:59:35.0403 5180 amdagp - ok 21:59:35.0423 5180 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 21:59:35.0443 5180 amdide - ok 21:59:35.0473 5180 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 21:59:35.0503 5180 AmdK7 - ok 21:59:35.0513 5180 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:59:35.0553 5180 AmdK8 - ok 21:59:35.0583 5180 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 21:59:35.0613 5180 ApfiltrService - ok 21:59:35.0623 5180 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 21:59:35.0643 5180 Appinfo - ok 21:59:35.0663 5180 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 21:59:35.0683 5180 arc - ok 21:59:35.0703 5180 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:59:35.0723 5180 arcsas - ok 21:59:35.0763 5180 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 21:59:35.0813 5180 aswFsBlk - ok 21:59:35.0863 5180 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 21:59:35.0873 5180 aswMonFlt - ok 21:59:35.0893 5180 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys 21:59:35.0903 5180 aswRdr - ok 21:59:35.0973 5180 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 21:59:36.0003 5180 aswSnx - ok 21:59:36.0073 5180 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys 21:59:36.0123 5180 aswSP - ok 21:59:36.0153 5180 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 21:59:36.0173 5180 aswTdi - ok 21:59:36.0193 5180 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:59:36.0233 5180 AsyncMac - ok 21:59:36.0293 5180 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 21:59:36.0313 5180 atapi - ok 21:59:36.0433 5180 [ 0437199C88F6E88A387CFEC8A8886A6E ] athr C:\Windows\system32\DRIVERS\athr.sys 21:59:36.0463 5180 athr - ok 21:59:36.0523 5180 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:59:36.0573 5180 AudioEndpointBuilder - ok 21:59:36.0593 5180 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 21:59:36.0633 5180 Audiosrv - ok 21:59:36.0713 5180 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 21:59:36.0733 5180 avast! Antivirus - ok 21:59:36.0773 5180 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys 21:59:36.0853 5180 BCM43XV - ok 21:59:36.0873 5180 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 21:59:36.0923 5180 Beep - ok 21:59:36.0973 5180 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 21:59:37.0023 5180 BFE - ok 21:59:37.0083 5180 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 21:59:37.0143 5180 BITS - ok 21:59:37.0163 5180 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 21:59:37.0203 5180 blbdrive - ok 21:59:37.0253 5180 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:59:37.0283 5180 bowser - ok 21:59:37.0323 5180 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 21:59:37.0363 5180 BrFiltLo - ok 21:59:37.0393 5180 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 21:59:37.0423 5180 BrFiltUp - ok 21:59:37.0473 5180 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 21:59:37.0503 5180 Browser - ok 21:59:37.0533 5180 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 21:59:37.0593 5180 Brserid - ok 21:59:37.0623 5180 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 21:59:37.0673 5180 BrSerWdm - ok 21:59:37.0693 5180 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 21:59:37.0743 5180 BrUsbMdm - ok 21:59:37.0763 5180 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 21:59:37.0823 5180 BrUsbSer - ok 21:59:37.0833 5180 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:59:37.0883 5180 BTHMODEM - ok 21:59:37.0893 5180 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:59:37.0923 5180 cdfs - ok 21:59:37.0973 5180 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:59:38.0003 5180 cdrom - ok 21:59:38.0053 5180 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 21:59:38.0083 5180 CertPropSvc - ok 21:59:38.0103 5180 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 21:59:38.0133 5180 circlass - ok 21:59:38.0193 5180 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 21:59:38.0213 5180 CLFS - ok 21:59:38.0313 5180 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:59:38.0333 5180 clr_optimization_v2.0.50727_32 - ok 21:59:38.0473 5180 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:59:38.0493 5180 clr_optimization_v4.0.30319_32 - ok 21:59:38.0503 5180 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:59:38.0553 5180 CmBatt - ok 21:59:38.0593 5180 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:59:38.0613 5180 cmdide - ok 21:59:38.0693 5180 [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe 21:59:38.0703 5180 Com4Qlb ( UnsignedFile.Multi.Generic ) - warning 21:59:38.0703 5180 Com4Qlb - detected UnsignedFile.Multi.Generic (1) 21:59:38.0753 5180 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:59:38.0783 5180 Compbatt - ok 21:59:38.0783 5180 COMSysApp - ok 21:59:38.0803 5180 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:59:38.0833 5180 crcdisk - ok 21:59:38.0883 5180 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 21:59:38.0933 5180 Crusoe - ok 21:59:38.0993 5180 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:59:39.0023 5180 CryptSvc - ok 21:59:39.0073 5180 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys 21:59:39.0093 5180 CVirtA - ok 21:59:39.0213 5180 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 21:59:39.0303 5180 CVPND - ok 21:59:39.0383 5180 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys 21:59:39.0393 5180 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 21:59:39.0393 5180 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 21:59:39.0453 5180 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:59:39.0493 5180 DcomLaunch - ok 21:59:39.0523 5180 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:59:39.0543 5180 DfsC - ok 21:59:39.0663 5180 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 21:59:39.0793 5180 DFSR - ok 21:59:39.0853 5180 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 21:59:39.0893 5180 Dhcp - ok 21:59:39.0973 5180 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 21:59:40.0003 5180 disk - ok 21:59:40.0063 5180 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys 21:59:40.0083 5180 DNE - ok 21:59:40.0193 5180 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:59:40.0213 5180 Dnscache - ok 21:59:40.0253 5180 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:59:40.0293 5180 dot3svc - ok 21:59:40.0323 5180 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 21:59:40.0363 5180 DPS - ok 21:59:40.0423 5180 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:59:40.0453 5180 drmkaud - ok 21:59:40.0523 5180 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:59:40.0573 5180 DXGKrnl - ok 21:59:40.0593 5180 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 21:59:40.0633 5180 E1G60 - ok 21:59:40.0663 5180 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 21:59:40.0703 5180 EapHost - ok 21:59:40.0743 5180 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 21:59:40.0763 5180 Ecache - ok 21:59:40.0823 5180 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:59:40.0843 5180 ehRecvr - ok 21:59:40.0863 5180 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 21:59:40.0883 5180 ehSched - ok 21:59:40.0893 5180 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 21:59:40.0913 5180 ehstart - ok 21:59:40.0963 5180 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 21:59:40.0983 5180 elxstor - ok 21:59:41.0043 5180 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 21:59:41.0113 5180 EMDMgmt - ok 21:59:41.0160 5180 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:59:41.0207 5180 ErrDev - ok 21:59:41.0269 5180 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 21:59:41.0316 5180 EventSystem - ok 21:59:41.0363 5180 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 21:59:41.0394 5180 exfat - ok 21:59:41.0441 5180 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:59:41.0472 5180 fastfat - ok 21:59:41.0503 5180 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:59:41.0534 5180 fdc - ok 21:59:41.0565 5180 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 21:59:41.0612 5180 fdPHost - ok 21:59:41.0628 5180 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 21:59:41.0706 5180 FDResPub - ok 21:59:41.0721 5180 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:59:41.0737 5180 FileInfo - ok 21:59:41.0768 5180 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:59:41.0799 5180 Filetrace - ok 21:59:41.0831 5180 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:59:41.0862 5180 flpydisk - ok 21:59:41.0909 5180 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:59:41.0940 5180 FltMgr - ok 21:59:42.0049 5180 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 21:59:42.0111 5180 FontCache - ok 21:59:42.0221 5180 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 21:59:42.0252 5180 FontCache3.0.0.0 - ok 21:59:42.0299 5180 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:59:42.0330 5180 Fs_Rec - ok 21:59:42.0330 5180 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 21:59:42.0361 5180 gagp30kx - ok 21:59:42.0423 5180 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe 21:59:42.0439 5180 GameConsoleService - ok 21:59:42.0501 5180 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 21:59:42.0579 5180 gpsvc - ok 21:59:42.0735 5180 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 21:59:42.0751 5180 gupdate - ok 21:59:42.0782 5180 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 21:59:42.0798 5180 gupdatem - ok 21:59:42.0876 5180 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 21:59:42.0891 5180 gusvc - ok 21:59:42.0923 5180 [ DE15777902A5D9121857D155873A1D1B ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys 21:59:42.0938 5180 HBtnKey - ok 21:59:42.0969 5180 [ A1BE5A64DDCB0880301CF860BE3F0A07 ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys 21:59:42.0985 5180 HdAudAddService - ok 21:59:43.0110 5180 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 21:59:43.0157 5180 HDAudBus - ok 21:59:43.0188 5180 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 21:59:43.0235 5180 HidBth - ok 21:59:43.0266 5180 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 21:59:43.0313 5180 HidIr - ok 21:59:43.0359 5180 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 21:59:43.0375 5180 hidserv - ok 21:59:43.0422 5180 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:59:43.0437 5180 HidUsb - ok 21:59:43.0469 5180 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:59:43.0510 5180 hkmsvc - ok 21:59:43.0580 5180 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 21:59:43.0580 5180 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning 21:59:43.0580 5180 HP Health Check Service - detected UnsignedFile.Multi.Generic (1) 21:59:43.0600 5180 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 21:59:43.0620 5180 HpCISSs - ok 21:59:43.0640 5180 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 21:59:43.0660 5180 HpqKbFiltr - ok 21:59:43.0710 5180 [ F8968C9778F25A90A35755C3C97C7F62 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 21:59:43.0720 5180 hpqwmiex - ok 21:59:43.0760 5180 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 21:59:43.0800 5180 HSFHWAZL - ok 21:59:43.0860 5180 [ 1882827F41DEE51C70E24C567C35BFB5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 21:59:43.0910 5180 HSF_DPV - ok 21:59:43.0940 5180 [ A44DDF3BA83E4664BF4DE9220097578C ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 21:59:43.0960 5180 HSXHWAZL - ok 21:59:44.0020 5180 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:59:44.0100 5180 HTTP - ok 21:59:44.0150 5180 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 21:59:44.0170 5180 i2omp - ok 21:59:44.0230 5180 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 21:59:44.0260 5180 i8042prt - ok 21:59:44.0360 5180 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 21:59:44.0390 5180 IAANTMON - ok 21:59:44.0470 5180 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 21:59:44.0500 5180 iaStor - ok 21:59:44.0540 5180 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 21:59:44.0570 5180 iaStorV - ok 21:59:44.0650 5180 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 21:59:44.0660 5180 IDriverT ( UnsignedFile.Multi.Generic ) - warning 21:59:44.0660 5180 IDriverT - detected UnsignedFile.Multi.Generic (1) 21:59:44.0750 5180 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:59:44.0810 5180 idsvc - ok 21:59:44.0890 5180 [ 04E385059DA704EC6659DDB1526C4193 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 21:59:45.0070 5180 igfx - ok 21:59:45.0130 5180 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 21:59:45.0140 5180 iirsp - ok 21:59:45.0250 5180 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 21:59:45.0290 5180 IKEEXT - ok 21:59:45.0330 5180 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 21:59:45.0350 5180 intelide - ok 21:59:45.0380 5180 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:59:45.0420 5180 intelppm - ok 21:59:45.0450 5180 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:59:45.0490 5180 IPBusEnum - ok 21:59:45.0520 5180 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:59:45.0560 5180 IpFilterDriver - ok 21:59:45.0610 5180 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:59:45.0650 5180 iphlpsvc - ok 21:59:45.0660 5180 IpInIp - ok 21:59:45.0680 5180 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 21:59:45.0720 5180 IPMIDRV - ok 21:59:45.0740 5180 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 21:59:45.0770 5180 IPNAT - ok 21:59:45.0790 5180 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:59:45.0820 5180 IRENUM - ok 21:59:45.0830 5180 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:59:45.0850 5180 isapnp - ok 21:59:45.0900 5180 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 21:59:45.0930 5180 iScsiPrt - ok 21:59:45.0950 5180 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 21:59:45.0970 5180 iteatapi - ok 21:59:46.0000 5180 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 21:59:46.0020 5180 iteraid - ok 21:59:46.0040 5180 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:59:46.0060 5180 kbdclass - ok 21:59:46.0110 5180 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 21:59:46.0140 5180 kbdhid - ok 21:59:46.0190 5180 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 21:59:46.0210 5180 KeyIso - ok 21:59:46.0270 5180 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:59:46.0300 5180 KSecDD - ok 21:59:46.0350 5180 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 21:59:46.0390 5180 KtmRm - ok 21:59:46.0450 5180 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 21:59:46.0480 5180 LanmanServer - ok 21:59:46.0510 5180 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:59:46.0540 5180 LanmanWorkstation - ok 21:59:46.0610 5180 [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 21:59:46.0630 5180 LightScribeService - ok 21:59:46.0660 5180 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:59:46.0700 5180 lltdio - ok 21:59:46.0750 5180 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:59:46.0780 5180 lltdsvc - ok 21:59:46.0800 5180 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:59:46.0860 5180 lmhosts - ok 21:59:46.0890 5180 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 21:59:46.0910 5180 LSI_FC - ok 21:59:46.0940 5180 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 21:59:46.0960 5180 LSI_SAS - ok 21:59:47.0000 5180 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 21:59:47.0010 5180 LSI_SCSI - ok 21:59:47.0050 5180 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 21:59:47.0080 5180 luafv - ok 21:59:47.0120 5180 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 21:59:47.0140 5180 MBAMProtector - ok 21:59:47.0270 5180 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 21:59:47.0290 5180 MBAMScheduler - ok 21:59:47.0390 5180 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 21:59:47.0420 5180 MBAMService - ok 21:59:47.0470 5180 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:59:47.0500 5180 Mcx2Svc - ok 21:59:47.0530 5180 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 21:59:47.0550 5180 mdmxsdk - ok 21:59:47.0580 5180 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 21:59:47.0610 5180 megasas - ok 21:59:47.0630 5180 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 21:59:47.0670 5180 MegaSR - ok 21:59:47.0700 5180 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 21:59:47.0740 5180 MMCSS - ok 21:59:47.0760 5180 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 21:59:47.0800 5180 Modem - ok 21:59:47.0820 5180 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:59:47.0850 5180 monitor - ok 21:59:47.0870 5180 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:59:47.0890 5180 mouclass - ok 21:59:47.0930 5180 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:59:47.0960 5180 mouhid - ok 21:59:48.0000 5180 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 21:59:48.0010 5180 MountMgr - ok 21:59:48.0070 5180 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 21:59:48.0080 5180 MozillaMaintenance - ok 21:59:48.0100 5180 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 21:59:48.0120 5180 mpio - ok 21:59:48.0140 5180 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:59:48.0170 5180 mpsdrv - ok 21:59:48.0220 5180 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 21:59:48.0270 5180 MpsSvc - ok 21:59:48.0290 5180 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 21:59:48.0310 5180 Mraid35x - ok 21:59:48.0370 5180 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:59:48.0390 5180 MRxDAV - ok 21:59:48.0450 5180 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:59:48.0480 5180 mrxsmb - ok 21:59:48.0530 5180 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:59:48.0560 5180 mrxsmb10 - ok 21:59:48.0570 5180 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:59:48.0600 5180 mrxsmb20 - ok 21:59:48.0650 5180 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 21:59:48.0680 5180 msahci - ok 21:59:48.0700 5180 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:59:48.0720 5180 msdsm - ok 21:59:48.0740 5180 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 21:59:48.0770 5180 MSDTC - ok 21:59:48.0810 5180 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:59:48.0840 5180 Msfs - ok 21:59:48.0860 5180 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:59:48.0880 5180 msisadrv - ok 21:59:48.0920 5180 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:59:48.0950 5180 MSiSCSI - ok 21:59:48.0970 5180 msiserver - ok 21:59:48.0990 5180 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:59:49.0020 5180 MSKSSRV - ok 21:59:49.0050 5180 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:59:49.0080 5180 MSPCLOCK - ok 21:59:49.0090 5180 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:59:49.0130 5180 MSPQM - ok 21:59:49.0200 5180 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:59:49.0220 5180 MsRPC - ok 21:59:49.0240 5180 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 21:59:49.0260 5180 mssmbios - ok 21:59:49.0290 5180 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:59:49.0330 5180 MSTEE - ok 21:59:49.0380 5180 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 21:59:49.0400 5180 Mup - ok 21:59:49.0450 5180 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 21:59:49.0490 5180 napagent - ok 21:59:49.0550 5180 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:59:49.0570 5180 NativeWifiP - ok 21:59:49.0650 5180 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:59:49.0690 5180 NDIS - ok 21:59:49.0710 5180 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:59:49.0740 5180 NdisTapi - ok 21:59:49.0780 5180 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:59:49.0820 5180 Ndisuio - ok 21:59:49.0850 5180 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:59:49.0880 5180 NdisWan - ok 21:59:49.0910 5180 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:59:49.0940 5180 NDProxy - ok 21:59:49.0960 5180 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:59:50.0000 5180 NetBIOS - ok 21:59:50.0050 5180 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 21:59:50.0080 5180 netbt - ok 21:59:50.0090 5180 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 21:59:50.0120 5180 Netlogon - ok 21:59:50.0150 5180 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 21:59:50.0200 5180 Netman - ok 21:59:50.0220 5180 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 21:59:50.0260 5180 netprofm - ok 21:59:50.0310 5180 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:59:50.0330 5180 NetTcpPortSharing - ok 21:59:50.0340 5180 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 21:59:50.0360 5180 nfrd960 - ok 21:59:50.0400 5180 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:59:50.0440 5180 NlaSvc - ok 21:59:50.0470 5180 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:59:50.0500 5180 Npfs - ok 21:59:50.0530 5180 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 21:59:50.0570 5180 nsi - ok 21:59:50.0580 5180 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:59:50.0620 5180 nsiproxy - ok 21:59:50.0730 5180 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:59:50.0860 5180 Ntfs - ok 21:59:50.0920 5180 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 21:59:50.0990 5180 ntrigdigi - ok 21:59:51.0010 5180 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 21:59:51.0040 5180 Null - ok 21:59:51.0060 5180 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys 21:59:51.0120 5180 NVENETFD - ok 21:59:51.0150 5180 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:59:51.0170 5180 nvraid - ok 21:59:51.0180 5180 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:59:51.0200 5180 nvstor - ok 21:59:51.0220 5180 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:59:51.0230 5180 nv_agp - ok 21:59:51.0240 5180 NwlnkFlt - ok 21:59:51.0250 5180 NwlnkFwd - ok 21:59:51.0360 5180 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:59:51.0380 5180 odserv - ok 21:59:51.0430 5180 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:59:51.0490 5180 ohci1394 - ok 21:59:51.0510 5180 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:59:51.0530 5180 ose - ok 21:59:51.0590 5180 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 21:59:51.0640 5180 p2pimsvc - ok 21:59:51.0650 5180 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 21:59:51.0700 5180 p2psvc - ok 21:59:51.0750 5180 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 21:59:51.0810 5180 Parport - ok 21:59:51.0850 5180 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:59:51.0870 5180 partmgr - ok 21:59:51.0890 5180 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 21:59:51.0940 5180 Parvdm - ok 21:59:51.0980 5180 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 21:59:52.0000 5180 PcaSvc - ok 21:59:52.0050 5180 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 21:59:52.0070 5180 pci - ok 21:59:52.0080 5180 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 21:59:52.0100 5180 pciide - ok 21:59:52.0120 5180 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 21:59:52.0140 5180 pcmcia - ok 21:59:52.0230 5180 [ 4D2336BF839A5BA5F91BDED952FF0BA1 ] PCSUService C:\Program Files\PC Beschleunigen\PCSUService.exe 21:59:52.0250 5180 PCSUService - ok 21:59:52.0310 5180 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:59:52.0420 5180 PEAUTH - ok 21:59:52.0530 5180 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 21:59:52.0620 5180 pla - ok 21:59:52.0690 5180 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:59:52.0720 5180 PlugPlay - ok 21:59:52.0760 5180 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 21:59:52.0830 5180 PNRPAutoReg - ok 21:59:52.0910 5180 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 21:59:52.0950 5180 PNRPsvc - ok 21:59:53.0020 5180 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:59:53.0060 5180 PolicyAgent - ok 21:59:53.0110 5180 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:59:53.0150 5180 PptpMiniport - ok 21:59:53.0180 5180 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 21:59:53.0220 5180 Processor - ok 21:59:53.0270 5180 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 21:59:53.0300 5180 ProfSvc - ok 21:59:53.0320 5180 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 21:59:53.0340 5180 ProtectedStorage - ok 21:59:53.0400 5180 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 21:59:53.0430 5180 PSched - ok 21:59:53.0490 5180 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 21:59:53.0620 5180 ql2300 - ok 21:59:53.0640 5180 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 21:59:53.0670 5180 ql40xx - ok 21:59:53.0730 5180 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 21:59:53.0770 5180 QWAVE - ok 21:59:53.0790 5180 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:59:53.0810 5180 QWAVEdrv - ok 21:59:53.0830 5180 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:59:53.0860 5180 RasAcd - ok 21:59:53.0880 5180 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 21:59:53.0920 5180 RasAuto - ok 21:59:53.0940 5180 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:59:53.0970 5180 Rasl2tp - ok 21:59:54.0030 5180 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 21:59:54.0060 5180 RasMan - ok 21:59:54.0100 5180 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:59:54.0130 5180 RasPppoe - ok 21:59:54.0180 5180 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:59:54.0200 5180 RasSstp - ok 21:59:54.0260 5180 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:59:54.0290 5180 rdbss - ok 21:59:54.0320 5180 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:59:54.0360 5180 RDPCDD - ok 21:59:54.0390 5180 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 21:59:54.0440 5180 rdpdr - ok 21:59:54.0440 5180 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:59:54.0480 5180 RDPENCDD - ok 21:59:54.0540 5180 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:59:54.0560 5180 RDPWD - ok 21:59:54.0620 5180 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:59:54.0650 5180 RemoteAccess - ok 21:59:54.0700 5180 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:59:54.0730 5180 RemoteRegistry - ok 21:59:54.0790 5180 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe 21:59:54.0810 5180 RichVideo - ok 21:59:54.0830 5180 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 21:59:54.0850 5180 RpcLocator - ok 21:59:54.0880 5180 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 21:59:54.0920 5180 RpcSs - ok 21:59:54.0980 5180 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:59:55.0010 5180 rspndr - ok 21:59:55.0060 5180 [ 8DE22FB05E4A0F797B1E442EB4B3B51C ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys 21:59:55.0090 5180 RTL8023xp - ok 21:59:55.0130 5180 [ 68180821FEDEBB2B373D83A2D8E4E16A ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 21:59:55.0140 5180 RTSTOR - ok 21:59:55.0160 5180 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 21:59:55.0180 5180 SamSs - ok 21:59:55.0200 5180 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:59:55.0220 5180 sbp2port - ok 21:59:55.0270 5180 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:59:55.0320 5180 SCardSvr - ok 21:59:55.0410 5180 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 21:59:55.0450 5180 Schedule - ok 21:59:55.0520 5180 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 21:59:55.0560 5180 SCPolicySvc - ok 21:59:55.0600 5180 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:59:55.0630 5180 SDRSVC - ok 21:59:55.0720 5180 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 21:59:55.0750 5180 SeaPort - ok 21:59:55.0780 5180 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:59:55.0880 5180 secdrv - ok 21:59:55.0900 5180 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 21:59:55.0940 5180 seclogon - ok 21:59:55.0950 5180 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 21:59:55.0990 5180 SENS - ok 21:59:56.0040 5180 [ B97E1D0E59A128394F24E9F31E227EF2 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys 21:59:56.0050 5180 Ser2pl - ok 21:59:56.0070 5180 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 21:59:56.0120 5180 Serenum - ok 21:59:56.0140 5180 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 21:59:56.0190 5180 Serial - ok 21:59:56.0220 5180 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 21:59:56.0250 5180 sermouse - ok 21:59:56.0310 5180 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 21:59:56.0350 5180 SessionEnv - ok 21:59:56.0370 5180 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:59:56.0390 5180 sffdisk - ok 21:59:56.0410 5180 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:59:56.0440 5180 sffp_mmc - ok 21:59:56.0470 5180 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:59:56.0510 5180 sffp_sd - ok 21:59:56.0540 5180 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 21:59:56.0590 5180 sfloppy - ok 21:59:56.0640 5180 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:59:56.0680 5180 SharedAccess - ok 21:59:56.0740 5180 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:59:56.0770 5180 ShellHWDetection - ok 21:59:56.0780 5180 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 21:59:56.0800 5180 sisagp - ok 21:59:56.0810 5180 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 21:59:56.0830 5180 SiSRaid2 - ok 21:59:56.0850 5180 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 21:59:56.0870 5180 SiSRaid4 - ok 21:59:57.0000 5180 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 21:59:57.0140 5180 slsvc - ok 21:59:57.0190 5180 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 21:59:57.0220 5180 SLUINotify - ok 21:59:57.0270 5180 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:59:57.0300 5180 Smb - ok 21:59:57.0350 5180 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:59:57.0370 5180 SNMPTRAP - ok 21:59:57.0410 5180 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 21:59:57.0430 5180 spldr - ok 21:59:57.0470 5180 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 21:59:57.0490 5180 Spooler - ok 21:59:57.0550 5180 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 21:59:57.0580 5180 srv - ok 21:59:57.0630 5180 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:59:57.0660 5180 srv2 - ok 21:59:57.0710 5180 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:59:57.0740 5180 srvnet - ok 21:59:57.0790 5180 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:59:57.0830 5180 SSDPSRV - ok 21:59:57.0870 5180 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:59:57.0890 5180 SstpSvc - ok 21:59:57.0960 5180 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 21:59:58.0020 5180 stisvc - ok 21:59:58.0050 5180 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 21:59:58.0070 5180 swenum - ok 21:59:58.0130 5180 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 21:59:58.0180 5180 swprv - ok 21:59:58.0200 5180 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 21:59:58.0220 5180 Symc8xx - ok 21:59:58.0230 5180 SymIMMP - ok 21:59:58.0250 5180 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 21:59:58.0270 5180 Sym_hi - ok 21:59:58.0300 5180 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 21:59:58.0320 5180 Sym_u3 - ok 21:59:58.0510 5180 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 21:59:58.0560 5180 SysMain - ok 21:59:58.0620 5180 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:59:58.0650 5180 TabletInputService - ok 21:59:58.0720 5180 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:59:58.0760 5180 TapiSrv - ok 21:59:58.0790 5180 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 21:59:58.0830 5180 TBS - ok 21:59:58.0890 5180 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:59:58.0960 5180 Tcpip - ok 21:59:59.0030 5180 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 21:59:59.0080 5180 Tcpip6 - ok 21:59:59.0110 5180 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:59:59.0130 5180 tcpipreg - ok 21:59:59.0170 5180 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:59:59.0210 5180 TDPIPE - ok 21:59:59.0260 5180 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:59:59.0300 5180 TDTCP - ok 21:59:59.0350 5180 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:59:59.0380 5180 tdx - ok 21:59:59.0450 5180 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 21:59:59.0470 5180 TermDD - ok 21:59:59.0520 5180 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 21:59:59.0630 5180 TermService - ok 21:59:59.0690 5180 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 21:59:59.0710 5180 Themes - ok 21:59:59.0750 5180 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 21:59:59.0780 5180 THREADORDER - ok 21:59:59.0830 5180 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 21:59:59.0870 5180 TrkWks - ok 21:59:59.0930 5180 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:59:59.0960 5180 TrustedInstaller - ok 22:00:00.0010 5180 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:00:00.0050 5180 tssecsrv - ok 22:00:00.0100 5180 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 22:00:00.0120 5180 tunmp - ok 22:00:00.0170 5180 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:00:00.0190 5180 tunnel - ok 22:00:00.0230 5180 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:00:00.0250 5180 uagp35 - ok 22:00:00.0290 5180 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:00:00.0330 5180 udfs - ok 22:00:00.0390 5180 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:00:00.0440 5180 UI0Detect - ok 22:00:00.0460 5180 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:00:00.0480 5180 uliagpkx - ok 22:00:00.0540 5180 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 22:00:00.0560 5180 uliahci - ok 22:00:00.0580 5180 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 22:00:00.0610 5180 UlSata - ok 22:00:00.0630 5180 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 22:00:00.0660 5180 ulsata2 - ok 22:00:00.0680 5180 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:00:00.0730 5180 umbus - ok 22:00:00.0760 5180 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 22:00:00.0830 5180 upnphost - ok 22:00:00.0860 5180 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:00:00.0890 5180 usbccgp - ok 22:00:00.0920 5180 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:00:00.0990 5180 usbcir - ok 22:00:01.0020 5180 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:00:01.0050 5180 usbehci - ok 22:00:01.0100 5180 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:00:01.0130 5180 usbhub - ok 22:00:01.0160 5180 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 22:00:01.0200 5180 usbohci - ok 22:00:01.0240 5180 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys 22:00:01.0290 5180 usbprint - ok 22:00:01.0310 5180 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:00:01.0350 5180 USBSTOR - ok 22:00:01.0380 5180 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:00:01.0410 5180 usbuhci - ok 22:00:01.0450 5180 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 22:00:01.0490 5180 usbvideo - ok 22:00:01.0550 5180 [ C5B70A6AA947667CE0E5FC84A05EC8B6 ] usnjsvc C:\Program Files\MSN Messenger\usnsvc.exe 22:00:01.0570 5180 usnjsvc - ok 22:00:01.0630 5180 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 22:00:01.0660 5180 UxSms - ok 22:00:01.0720 5180 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 22:00:01.0770 5180 vds - ok 22:00:01.0800 5180 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:00:01.0840 5180 vga - ok 22:00:01.0870 5180 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 22:00:01.0910 5180 VgaSave - ok 22:00:01.0940 5180 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 22:00:01.0960 5180 viaagp - ok 22:00:01.0980 5180 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 22:00:02.0020 5180 ViaC7 - ok 22:00:02.0030 5180 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 22:00:02.0050 5180 viaide - ok 22:00:02.0070 5180 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:00:02.0090 5180 volmgr - ok 22:00:02.0140 5180 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:00:02.0160 5180 volmgrx - ok 22:00:02.0220 5180 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:00:02.0240 5180 volsnap - ok 22:00:02.0390 5180 [ 9C2F3A9B54316C0A3F53E3272484B17C ] vseamps C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe 22:00:02.0420 5180 vseamps - ok 22:00:02.0470 5180 [ 00D15FF1E8363F7876396970D913CF26 ] vsedsps C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe 22:00:02.0480 5180 vsedsps - ok 22:00:02.0520 5180 [ 68CC16E23F3B71918C0A003A046CEF47 ] vseqrts C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe 22:00:02.0540 5180 vseqrts - ok 22:00:02.0620 5180 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:00:02.0640 5180 vsmraid - ok 22:00:02.0720 5180 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 22:00:02.0800 5180 VSS - ok 22:00:02.0860 5180 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 22:00:02.0900 5180 W32Time - ok 22:00:02.0930 5180 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:00:02.0980 5180 WacomPen - ok 22:00:03.0010 5180 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 22:00:03.0030 5180 Wanarp - ok 22:00:03.0040 5180 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:00:03.0070 5180 Wanarpv6 - ok 22:00:03.0100 5180 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:00:03.0180 5180 wcncsvc - ok 22:00:03.0230 5180 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:00:03.0260 5180 WcsPlugInService - ok 22:00:03.0300 5180 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 22:00:03.0310 5180 Wd - ok 22:00:03.0370 5180 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:00:03.0430 5180 Wdf01000 - ok 22:00:03.0480 5180 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:00:03.0510 5180 WdiServiceHost - ok 22:00:03.0530 5180 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:00:03.0580 5180 WdiSystemHost - ok 22:00:03.0660 5180 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 22:00:03.0690 5180 WebClient - ok 22:00:03.0800 5180 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:00:03.0830 5180 Wecsvc - ok 22:00:03.0880 5180 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:00:03.0940 5180 wercplsupport - ok 22:00:04.0000 5180 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 22:00:04.0040 5180 WerSvc - ok 22:00:04.0110 5180 [ E096FFB754F1E45AE1BDDAC1275AE2C5 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 22:00:04.0190 5180 winachsf - ok 22:00:04.0280 5180 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 22:00:04.0300 5180 WinDefend - ok 22:00:04.0320 5180 WinHttpAutoProxySvc - ok 22:00:04.0420 5180 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:00:04.0470 5180 Winmgmt - ok 22:00:04.0550 5180 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 22:00:04.0670 5180 WinRM - ok 22:00:04.0800 5180 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 22:00:04.0870 5180 Wlansvc - ok 22:00:05.0060 5180 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:00:05.0170 5180 wlidsvc - ok 22:00:05.0210 5180 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 22:00:05.0250 5180 WmiAcpi - ok 22:00:05.0300 5180 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:00:05.0350 5180 wmiApSrv - ok 22:00:05.0420 5180 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 22:00:05.0520 5180 WMPNetworkSvc - ok 22:00:05.0590 5180 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:00:05.0630 5180 WPCSvc - ok 22:00:05.0660 5180 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:00:05.0690 5180 WPDBusEnum - ok 22:00:05.0860 5180 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 22:00:05.0890 5180 WPFFontCache_v0400 - ok 22:00:05.0940 5180 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:00:05.0980 5180 ws2ifsl - ok 22:00:06.0030 5180 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 22:00:06.0060 5180 wscsvc - ok 22:00:06.0060 5180 WSearch - ok 22:00:06.0180 5180 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 22:00:06.0300 5180 wuauserv - ok 22:00:06.0360 5180 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:00:06.0390 5180 WudfPf - ok 22:00:06.0440 5180 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:00:06.0460 5180 WUDFRd - ok 22:00:06.0500 5180 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:00:06.0520 5180 wudfsvc - ok 22:00:06.0600 5180 wxpSvc - ok 22:00:06.0620 5180 [ 19E7C173B6242AD7521E537AE54768BF ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 22:00:06.0640 5180 XAudio - ok 22:00:06.0670 5180 [ CDA0BC78672B50C43649FF34E1FD0FF8 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 22:00:06.0730 5180 XAudioService - ok 22:00:06.0750 5180 ================ Scan global =============================== 22:00:06.0800 5180 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 22:00:06.0950 5180 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 22:00:06.0970 5180 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 22:00:07.0100 5180 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 22:00:07.0110 5180 [Global] - ok 22:00:07.0110 5180 ================ Scan MBR ================================== 22:00:07.0120 5180 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0 22:00:07.0740 5180 \Device\Harddisk0\DR0 - ok 22:00:07.0740 5180 ================ Scan VBR ================================== 22:00:07.0740 5180 [ 83C4F0D5C1003CCA96D18448FC1FAAA3 ] \Device\Harddisk0\DR0\Partition1 22:00:07.0740 5180 \Device\Harddisk0\DR0\Partition1 - ok 22:00:07.0750 5180 [ 87AE72A3D459BF4980D9A6BFED93C958 ] \Device\Harddisk0\DR0\Partition2 22:00:07.0750 5180 \Device\Harddisk0\DR0\Partition2 - ok 22:00:07.0750 5180 ============================================================ 22:00:07.0750 5180 Scan finished 22:00:07.0750 5180 ============================================================ 22:00:07.0770 3700 Detected object count: 4 22:00:07.0770 3700 Actual detected object count: 4 22:00:17.0893 3700 Com4Qlb ( UnsignedFile.Multi.Generic ) - skipped by user 22:00:17.0893 3700 Com4Qlb ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:00:17.0893 3700 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 22:00:17.0893 3700 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:00:17.0908 3700 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:00:17.0908 3700 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:00:17.0908 3700 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 22:00:17.0908 3700 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip Hi, ich glaube, es sieht ganz gut aus, danke knut1418 |
|
14.12.2012, 13:44
| #8 |
| /// Malware-holic | Exploit.Drop.GS, blockierte Websiten Ist Comodo jetzt deinstaliert?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.12.2012, 19:08
| #9 |
| | Exploit.Drop.GS, blockierte Websiten Hi , comodo ist jetzt deinstalliert. Gruß und nochmals danke knut1418 |
|
14.12.2012, 19:17
| #10 | |
| /// Malware-holic | Exploit.Drop.GS, blockierte Websiten Das nächste mal, bitte einfach mal lesen, hab das schon 3 mal geschrieben mit Comodo. :-( combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.12.2012, 19:58
| #11 |
| | Exploit.Drop.GS, blockierte Websiten Hi, anbei das Logfile Gruß knut1418 Combofix Logfile: Code:
ATTFilter ComboFix 12-12-14.01 - lappi 14.12.2012 19:29:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3061.1604 [GMT 1:00]
ausgeführt von:: c:\users\lappi\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\KBL.LOG
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-14 bis 2012-12-14 ))))))))))))))))))))))))))))))
.
.
2012-12-14 18:39 . 2012-12-14 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-14 18:16 . 2012-12-14 18:16 -------- d-----w- c:\programdata\McAfee Security Scan
2012-12-14 18:16 . 2012-12-14 18:16 -------- d-----w- c:\program files\McAfee Security Scan
2012-12-14 10:30 . 2012-12-14 10:30 -------- d-----w- c:\programdata\WindowsSearch
2012-12-14 08:51 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C506D07-D4BD-4F20-8B6A-44C373F72251}\mpengine.dll
2012-12-13 19:44 . 2012-12-13 20:40 -------- d-----w- C:\_OTL
2012-12-13 07:38 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 07:38 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 07:38 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 07:38 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 16:35 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 16:35 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 16:35 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 16:35 . 2012-11-08 03:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 16:35 . 2012-11-08 01:36 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 20:46 . 2012-12-11 20:46 -------- d-----w- c:\users\lappi\AppData\Local\Macromedia
2012-12-11 20:44 . 2012-12-11 20:56 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 19:58 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-11 19:55 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-12-11 19:54 . 2012-12-11 19:54 -------- d-----w- c:\program files\AVAST Software
2012-12-11 19:53 . 2012-12-11 19:54 -------- d-----w- c:\programdata\AVAST Software
2012-12-11 18:32 . 2012-12-11 20:43 -------- d-----w- c:\programdata\CPA_VA
2012-12-11 18:23 . 2012-12-11 18:54 -------- d-----w- c:\programdata\Comodo
2012-12-11 18:23 . 2012-12-11 18:23 -------- d-----w- c:\users\lappi\AppData\Local\Comodo
2012-12-11 18:23 . 2012-12-13 19:09 -------- d-----w- c:\program files\Comodo
2012-12-11 18:23 . 2012-12-11 18:23 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-11 15:45 . 2012-12-11 15:45 -------- d-----w- c:\users\lappi\AppData\Roaming\Malwarebytes
2012-12-11 15:45 . 2012-12-11 15:45 -------- d-----w- c:\programdata\Malwarebytes
2012-12-11 15:45 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 15:45 . 2012-12-11 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-11 15:43 . 2012-12-11 18:46 -------- d-----w- c:\program files\PC Beschleunigen
2012-12-10 22:37 . 2012-12-10 22:37 -------- d-----w- c:\users\lappi\AppData\Local\Mozilla
2012-12-10 22:37 . 2012-12-11 18:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-12-10 22:36 . 2012-12-10 22:36 -------- d-----w- c:\windows\system32\Extensions
2012-12-10 22:36 . 2012-12-10 22:36 -------- d-----w- c:\windows\system32\searchplugins
2012-12-10 22:35 . 2012-12-10 22:35 -------- d-----w- c:\users\lappi\AppData\Local\Wajam
2012-12-10 22:35 . 2012-12-10 22:35 -------- d-----w- c:\programdata\Babylon
2012-12-10 22:35 . 2012-12-12 16:56 -------- d-----w- c:\programdata\Tarma Installer
2012-12-10 22:35 . 2012-12-10 22:35 -------- d-----w- c:\users\lappi\AppData\Roaming\Babylon
2012-12-08 15:44 . 2012-12-08 16:14 -------- d-----w- c:\users\lappi\AppData\Roaming\DVD Flick
2012-12-08 15:43 . 2008-08-31 12:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2012-12-08 15:43 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2012-12-08 15:43 . 2004-03-08 23:00 609824 ----a-w- c:\windows\system32\comctl32.ocx
2012-12-08 15:43 . 1998-06-23 23:00 164144 ----a-w- c:\windows\system32\comct232.ocx
2012-12-08 15:43 . 2012-12-08 15:43 -------- d-----w- c:\program files\DVD Flick
2012-12-08 15:43 . 2004-03-08 23:00 212240 ----a-w- c:\windows\system32\richtx32.ocx
2012-12-08 14:44 . 2011-09-28 08:20 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-12-08 14:44 . 2011-09-28 08:20 15360 ----a-w- c:\windows\system32\inetfr.DLL
2012-12-08 14:44 . 2011-09-28 08:20 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2012-12-08 14:44 . 2011-09-28 08:20 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-12-08 14:44 . 2011-09-28 08:20 115920 ----a-w- c:\windows\system32\msinet.OCX
2012-12-08 14:43 . 2012-12-08 15:15 -------- d-----w- c:\users\lappi\AppData\Roaming\FreeBurner
2012-12-08 14:43 . 2011-09-28 08:20 484352 ----a-w- c:\windows\system32\lame_enc.dll
2012-12-08 14:43 . 2012-12-08 14:43 -------- d-----w- c:\program files\Searchqu Toolbar
2012-12-08 14:42 . 2012-12-08 14:44 -------- d-----w- c:\program files\Free Easy CD DVD Burner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 20:56 . 2011-09-02 07:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 01:57 . 2012-12-13 07:42 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:48 . 2012-12-13 07:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-13 01:36 . 2012-12-12 16:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 01:29 . 2012-12-12 16:35 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-30 22:51 . 2009-10-25 09:16 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-10-25 09:16 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-10-25 09:16 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-10-25 09:16 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2009-10-25 09:16 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:50 . 2009-10-25 09:16 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-25 16:19 . 2012-11-17 10:07 75776 ----a-w- c:\windows\system32\synceng.dll
2012-12-11 18:05 . 2012-12-10 22:37 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
2012-10-17 17:54 89288 ----a-w- c:\progra~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}"= "c:\progra~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-10-17 89288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\lappi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2012-7-23 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 20:56]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd6c2f2285597f.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:02]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd6c2f230aa67f.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 5.0\resources\de-de\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\lappi\AppData\Roaming\Mozilla\Firefox\Profiles\b0lct98e.default\
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: 2012-12-11 20:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
WebBrowser-{DD662A0C-12FE-4B38-BA53-247F7EC82F46} - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-RRK32.EXE - c:\windows\unin0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-12-14 19:44
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\lappi\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3584)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\McAfee Security Scan\3.0.285\McUicnt.exe
c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-14 19:54:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-14 18:54
.
Vor Suchlauf: 13 Verzeichnis(se), 147.206.840.320 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 146.694.942.720 Bytes frei
.
- - End Of File - - D99DA38C547F20F17A1E6E21171D3E5A
|
|
14.12.2012, 20:08
| #12 |
| /// Malware-holic | Exploit.Drop.GS, blockierte Websiten hi lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.12.2012, 23:05
| #13 |
| | Exploit.Drop.GS, blockierte Websiten Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 12.12.2012 14,0MB UNBEKANNT Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.12.2012 11.5.502.135 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 11.5.502.135 notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 14.12.2012 120MB 10.1.4 notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. 12.12.2012 21,6MB 11.5.2.602 notwendig Amazon Kindle Amazon 15.10.2012 85,6MB notwendig AOL Toolbar 5.0 AOL 12.12.2012 2,62MB 5.0.67.2 UNNÖTIG Apple Application Support Apple Inc. 01.09.2010 42,8MB 1.3.1 UNBEKANNT Apple Software Update Apple Inc. 07.09.2011 2,38MB 2.1.3.127 UNBEKANNT Ask Toolbar Ask.com 19.01.2011 1,62MB 1.6.6.0 UNBEKANNT Atheros Driver Installation Program Atheros 09.08.2008 4,00KB 7.1 UNBEKANNT avast! Free Antivirus AVAST Software 12.12.2012 289MB 7.0.1474.0 notwendig Bing Bar Microsoft Corporation 12.12.2012 680KB 6.3.2380.0 UNBEKANNT calibre Kovid Goyal 16.10.2012 136MB 0.9.2 notwendig CCleaner Piriform 25.11.2012 5,05MB 3.25 notwendig Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 23.07.2012 11,5MB 5.0.6 UNBEKANNT Compatibility Pack für 2007 Office System Microsoft Corporation 13.12.2012 64,0MB 12.0.6612.1000 UNNÖTIG Conexant HD Audio Conexant 12.12.2012 1,09MB 4.31.2.0 UNBEKANNT CyberLink YouCam CyberLink Corp. 09.08.2008 36,7MB 1.0.1005 UNBEKANNT Debut Video Capture Software NCH Software 12.12.2012 2,60MB UNBEKANNT DIE SIEDLER - Das Erbe der Könige - Gold Edition Blue Byte 23.09.2009 2,05GB 1.00.0000 UNNÖTIG Die Sims™ Lebensgeschichten Electronic Arts 20.08.2009 2,65GB 1.00.0000 UNNÖTIG DVD Flick 1.3.0.7 Dennis Meuwissen 08.12.2012 43,1MB 1.3.0.7 UNNÖTIG DVD Suite CyberLink Corp. 12.12.2012 48,1MB 5.5.1030 UNBEKANNT EA Link Electronic Arts 20.08.2009 7,84MB 3.1.1.4 UNBEKANNT ElsterFormular Landesfinanzdirektion Thüringen 12.12.2012 141MB 11.5.1.4843 unnötig Formula V3 v2.28 12.12.2012 8,19MB UNBEKANNT Free Easy Burner V 5.1 Koyote soft 08.12.2012 7,80MB 5.1.0.0 UNBEKANNT Free RAR Extract Frog Philipp Winterberg 12.12.2012 1,91MB 2.10 UNNÖTIG Google Chrome Google Inc. 11.12.2012 213MB 23.0.1271.97 UNNÖTIG Google Earth Google 20.11.2011 92,7MB 6.1.0.5001 NOTWENDIG Google Toolbar for Internet Explorer Google Inc. 12.12.2012 10,2MB 7.4.3230.2052 UNNÖTIG HDAUDIO Soft Data Fax Modem with SmartCP 12.12.2012 1,06MB UNBEKANNT HP Active Support Library Hewlett-Packard 04.03.2008 11,9MB 2.3.0.2 UNBEKANNT HP Customer Experience Enhancements Hewlett-Packard 04.03.2008 0,98MB 5.4.0.2430 NOTWENDIG HP DVD Play 3.6 12.12.2012 7,87MB NOTWENDIG HP Easy Setup - Frontend Hewlett-Packard 04.03.2008 1,92MB 5.4.0.2430 UNBEKANNT HP Games WildTangent 12.12.2012 952MB 1.0.0.80 UNBEKANNT HP Help and Support Hewlett-Packard 04.03.2008 49,2MB 1.5.1 UNBEKANNT HP Quick Launch Buttons 6.40 B2 Hewlett-Packard 09.08.2008 17,1MB 6.40 B2 UNBEKANNT HP Total Care Advisor Hewlett-Packard 04.03.2008 30,1MB 1.4.19.2433 UNBEKANNT HP Update Hewlett-Packard 04.03.2008 3,48MB 4.000.009.002 UNBEKANNT HP Wireless Assistant Hewlett-Packard 04.03.2008 3,95MB 3.00 H3 UNBEKANNT Humax_toolbox_v.1.1 scorpion-team 19.01.2011 26,0MB 1.0.0 nOTWENDIG Intel(R) Graphics Media Accelerator Driver 12.12.2012 UNBEKANNT Intel(R) Matrix Storage Manager 12.12.2012 3,77MB UNBEKANNT Intel(R) TV Wizard 12.12.2012 UNBEKANNT Java(TM) 6 Update 2 Sun Microsystems, Inc. 04.03.2008 168MB 1.6.0.20 UNBEKANNT Java(TM) 6 Update 21 Sun Microsystems, Inc. 23.09.2009 94,9MB 6.0.210 UNBEKANNT LabelPrint CyberLink Corp. 12.12.2012 229MB 2.20.2230 UNBEKANNT Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 11.12.2012 12,7MB 1.65.1.1000 nOTWENDIG McAfee Security Scan Plus McAfee, Inc. 14.12.2012 2,67MB 3.0.285.6 uNNÖTIG Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 12.12.2012 36,9MB UNBEKANNT Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 12.12.2012 36,9MB UNBEKANNT Microsoft .NET Framework 4 Client Profile Microsoft Corporation 12.12.2012 120MB 4.0.30319 UNBEKANNT Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.12.2012 24,5MB 4.0.30319 UNBEKANNT Microsoft Office 97, Professional Edition 12.12.2012 387MB notwendig Microsoft Office File Validation Add-In Microsoft Corporation 17.09.2011 7,95MB 14.0.5130.5003 UNBEKANNT Microsoft Office Home and Student 2007 Microsoft Corporation 12.12.2012 387MB 12.0.6612.1000 UNBEKANNT Microsoft Office Live Add-in 1.5 Microsoft Corporation 01.06.2012 506KB 2.0.4024.1 UNBEKANNT Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 18.11.2012 88,9MB 12.0.6612.1000 UNBEKANNT Microsoft Silverlight Microsoft Corporation 11.05.2012 48,6MB 4.1.10329.0 UNBEKANNT Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.11.2010 251KB 8.0.50727.4053 UNBEKANNT Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 294KB 8.0.61001 UNBEKANNT Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.11.2010 199KB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 25.10.2009 590KB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.12.2012 225KB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 594KB 9.0.30729.6161 UNBEKANNT Microsoft Works Microsoft Corporation 11.10.2012 378MB 9.7.0621 UNBEKANNT Mobipocket Creator 4.2 Mobipocket.com 16.10.2012 16,1MB 4.2.41 UNBEKANNT Mozilla Firefox 17.0.1 (x86 en-US) Mozilla 12.12.2012 41,8MB 17.0.1 notwendig Mozilla Maintenance Service Mozilla 12.12.2012 224KB 17.0.1 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 29.08.2009 1,27MB 4.20.9870.0 UNBEKANNT MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,33MB 4.20.9876.0 UNBEKANNT NCH Toolbox NCH Software 12.12.2012 496KB UNBEKANNT NetWaiting BVRP Software, Inc 09.08.2008 5,23MB 2.5.48 UNBEKANNT PL-2303 Vista Driver Installer Prolific 19.01.2011 3.2.0.0 nOTWENDIG PMCTool v 0.1.4.0 KaenGuruH 12.12.2012 1,41MB UNBEKANNT Power2Go CyberLink Corp. 12.12.2012 166MB 5.6.3430 UNBEKANNT PowerDirector CyberLink Corp. 04.03.2008 356MB 6.5.2230 UNBEKANNT QuickPlay SlingPlayer 0.4.6 SlingMedia 12.12.2012 178MB 0.4.6 UNBEKANNT QuickTime Apple Inc. 01.09.2010 73,7MB 7.67.75.0 UNBEKANNT Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista Realtek 09.08.2008 628KB 1.00.0000 UNBEKANNT Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 09.08.2008 2,93MB UNBEKANNT Search-Results Toolbar APN LLC 12.12.2012 4,23MB 1.0.0.12 UNBEKANNT Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 27.09.2009 32,5MB 8.0.0 UNBEKANNT TeamSpeak 2 RC2 Dominating Bytes Design 12.12.2012 2.0.32.60 uNNÖTIG Touch Pad Driver 12.12.2012 UNBEKANNT VLC media player 2.0.1 VideoLAN 12.12.2012 90,1MB 2.0.1 UNBEKANNT Windows Live ID Sign-in Assistant Microsoft Corporation 21.11.2010 4,68MB 6.500.3165.0 UNBEKANNT Windows Live Messenger Microsoft Corporation 04.03.2008 29,0MB 8.1.0178.00 UNBEKANNT WinRAR 4.01 (32-Bit) win.rar GmbH 12.12.2012 4,02MB 4.01.0 notwendig |
|
15.12.2012, 16:09
| #14 |
| /// Malware-holic | Exploit.Drop.GS, blockierte Websiten deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AOL Ask Bing Compatibility CyberLink DIE SIEDLER Die Sims™ DVD : beide ElsterFormular Formula Free Easy Free RAR Google : alle als unnötig gekennzeichneten. Java: beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: LabelPrint Mobipocket NCH Power2Go PowerDirector Search-Results Spelling TeamSpeak Windows Live : alle von dir nicht verwendeten Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.12.2012, 19:18
| #15 |
| | Exploit.Drop.GS, blockierte Websiten Hi, habe Probelen beim deinstallieren. ASK Java Updates 2+21 Mobipocket Spelling Es erscheint die Meldung: Fehler beim Öffnen der Protokolldatei......... Was soll ich tun?? Gruß knut1418 |
|
| Themen zu Exploit.Drop.GS, blockierte Websiten |
| anhänge, anti, avast, comodo, einfügen, entdeck, erwischt, firewall, forum, googel, lösch, mail, malware, melde, nervt, problem, quarantäne, runter, schonmal, starte, version, wahrscheinlich, website, wechsel, windows |
Linear-Darstellung
