| |
| |||||||
Log-Analyse und Auswertung: Falsche Links aus Google/Bing + Sicherheitscenter deaktiviertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.12.2012, 22:21
| #1 |
 |  Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hallo, nachdem ich das Forum durchforstet und einige Beiträge zu ähnlichen Problemen gefunden habe, hoffe ich, dass Ihr es auch in diesem Fall schafft, den Schädling zu besiegen. Problem: Links aus Google oder Bing führen unabhängig vom verwendeten Browser (IE, Chrome) auf falsche Seiten. Links auf anderen Seiten funktionieren fehlerfrei. Als ich die Anleitung "Was muß ich vor meinem ersten Thema beachten?" durchgearbeitet habe, habe ich auch festgestellt, dass sich das Windows Sicherheitscenter nicht aktivieren lässt. Bei der Abarbeitung der Anleitung hat es dann auch Probleme gegeben: - defogger: ok - OTL: ok -> files siehe unten - GMER: Absturz -> siehe Screenshot, vielleicht kann man trotzdem was erkennen Danach habe ich Malewarebytes installiert und die zwei Funde nach Anleitung entfernt -> Report siehe unten. Danach habe ich nochmal GMER gestartet, aber auch dieses mal wieder mit Absturz -> siehe Screenshot. Ein bereits vorher (19.12.) durchgeführter AVIRA-Komplettscan zeigte keinen Befund. Hier die Dateien: OTL.txt Code:
ATTFilter OTL logfile created on: 26.12.2012 22:38:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19393) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,82% Memory free 6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 288,09 Gb Total Space | 204,44 Gb Free Space | 70,97% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32 Computer Name: MARTIN_LAPTOP | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.26 22:14:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2012.11.22 23:51:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe PRC - [2012.11.22 09:45:42 | 001,461,896 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe PRC - [2012.08.08 22:06:20 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:37:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:36:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 21:36:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.07 09:52:55 | 000,060,688 | ---- | M] (ZTE) -- C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe PRC - [2011.11.07 09:52:29 | 000,220,944 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe PRC - [2011.11.07 09:52:00 | 000,036,624 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe PRC - [2011.08.06 02:14:36 | 000,207,360 | ---- | M] (Iomega Corp) -- C:\Programme\Iomega Storage Manager\pCloudd.exe PRC - [2011.08.06 02:12:34 | 002,158,160 | ---- | M] (EMC) -- C:\Programme\Iomega Storage Manager\IomegaStorageManager.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.03 17:53:23 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Programme\Huawei Modems\DataCardMonitor.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.19 23:13:39 | 002,641,920 | ---- | M] (pdfforge hxxp://www.pdfforge.org/) -- C:\Programme\PDFCreator\PDFCreator.exe PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe PRC - [2008.05.08 01:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2008.05.02 21:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe PRC - [2008.04.22 16:42:24 | 001,470,464 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Mouse Driver\V5\KMConfig.exe PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.03.31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2008.01.21 03:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:33:22 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2008.01.21 03:32:50 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.09.25 22:18:54 | 000,561,152 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Mouse Driver\V5\KMProcess.exe PRC - [2007.07.16 10:04:44 | 001,616,424 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007.07.16 10:04:40 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe PRC - [2007.03.06 13:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Mouse Driver\V5\StartAutorun.exe PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.03.02 15:48:42 | 000,217,088 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Programme\CASIO\Photo Loader\Plauto.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Programme\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2012.11.16 20:20:50 | 011,820,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll MOD - [2012.11.16 20:20:42 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll MOD - [2012.11.16 20:20:23 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\79f3661da2402c72b0bba0de1e55f4d1\Accessibility.ni.dll MOD - [2012.11.16 20:18:58 | 005,450,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll MOD - [2012.11.16 20:18:41 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll MOD - [2012.11.16 20:18:31 | 001,592,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll MOD - [2012.11.16 20:17:32 | 007,976,960 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll MOD - [2012.11.16 20:17:21 | 011,492,352 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll MOD - [2011.11.07 09:52:29 | 000,220,944 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe MOD - [2011.11.07 09:52:00 | 000,036,624 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe MOD - [2011.11.07 09:43:33 | 000,020,992 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libctlsvr.dll MOD - [2011.11.07 09:39:08 | 000,099,328 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\itapi.dll MOD - [2011.11.07 09:39:01 | 000,043,008 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\audio.dll MOD - [2011.11.07 09:38:53 | 000,035,840 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libConfig.dll MOD - [2011.11.07 09:38:51 | 000,055,296 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\coder.dll MOD - [2011.11.07 09:38:49 | 000,027,136 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\log.dll MOD - [2011.10.25 18:07:24 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.08.06 02:14:40 | 006,302,208 | ---- | M] () -- C:\Programme\Iomega Storage Manager\wxmsw28u_vc_custom.dll MOD - [2011.05.06 04:03:32 | 000,594,944 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\dbus-1.dll MOD - [2011.05.06 04:02:40 | 000,341,504 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\sqlite3.dll MOD - [2010.10.14 10:37:52 | 000,971,776 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libxml2.dll MOD - [2010.10.14 10:37:52 | 000,080,688 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\zlib1.dll MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 05:42:12 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.01.15 17:20:11 | 001,679,360 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3050.37261__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2009.01.15 17:20:11 | 000,253,952 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3050.37221__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2009.01.15 17:20:11 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3050.37274__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2009.01.15 17:20:11 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3050.37446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2009.01.15 17:20:11 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3050.37411__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2009.01.15 17:20:11 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3050.37253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2009.01.15 17:20:11 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3050.37370__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2009.01.15 17:20:11 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3050.37240__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2009.01.15 17:20:10 | 000,483,328 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3050.37475__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2009.01.15 17:19:50 | 000,352,256 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3050.37419__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:50 | 000,135,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3050.37482__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:50 | 000,090,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3050.37425__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2009.01.15 17:19:50 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3050.37234__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:49 | 000,147,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3050.37474__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:49 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3050.37418__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2009.01.15 17:19:49 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3050.37474__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2009.01.15 17:19:48 | 000,802,816 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3050.37378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:48 | 000,585,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3050.37287__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:48 | 000,438,272 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3050.37241__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:48 | 000,401,408 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3050.37438__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2009.01.15 17:19:48 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3050.37293__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2009.01.15 17:19:48 | 000,217,088 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3050.37281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:48 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3050.37393__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:48 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3050.37378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2009.01.15 17:19:48 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3050.37292__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2009.01.15 17:19:48 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3050.37392__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2009.01.15 17:19:47 | 000,479,232 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3050.37372__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:47 | 000,401,408 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3050.37405__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2009.01.15 17:19:47 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3050.37371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2009.01.15 17:19:47 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3050.37377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2009.01.15 17:19:47 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3050.37404__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2009.01.15 17:19:47 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2009.01.15 17:19:47 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2009.01.15 17:19:47 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2009.01.15 17:19:47 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2009.01.15 17:19:47 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2009.01.15 17:19:47 | 000,006,656 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2009.01.15 17:19:46 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2009.01.15 17:19:46 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2009.01.15 17:19:46 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2009.01.15 17:19:46 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2009.01.15 17:19:46 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2009.01.15 17:19:46 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2009.01.15 17:19:46 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2009.01.15 17:19:46 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2009.01.15 17:19:46 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2009.01.15 17:19:46 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2009.01.15 17:19:46 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2009.01.15 17:19:46 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2009.01.15 17:19:46 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2009.01.15 17:19:46 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2009.01.15 17:19:46 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2009.01.15 17:19:46 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2009.01.15 17:19:46 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2009.01.15 17:19:46 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2009.01.15 17:19:45 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2009.01.15 17:19:45 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2009.01.15 17:19:45 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2009.01.15 17:19:45 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2009.01.15 17:19:45 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2009.01.15 17:19:45 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2009.01.15 17:19:45 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2009.01.15 17:19:45 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.01.15 17:19:35 | 000,102,400 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3050.37467__90ba9c70f846762e\MOM.Implementation.dll MOD - [2009.01.15 17:19:35 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3050.37493__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2009.01.15 17:19:35 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2009.01.15 17:19:35 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2009.01.15 17:19:35 | 000,006,656 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009.01.15 17:19:34 | 001,511,424 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3050.37228__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2009.01.15 17:19:34 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3050.37248__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2009.01.15 17:19:34 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2009.01.15 17:19:34 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3050.37466__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2009.01.15 17:19:34 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2009.01.15 17:19:34 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2009.01.15 17:19:34 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2009.01.15 17:19:34 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2009.01.15 17:19:34 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2009.01.15 17:19:33 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2009.01.15 17:19:33 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009.01.15 17:19:32 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3050.37215__90ba9c70f846762e\ATIDEMOS.dll MOD - [2009.01.15 17:19:32 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3050.37213__90ba9c70f846762e\APM.Server.dll MOD - [2009.01.15 17:19:32 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3050.37213__90ba9c70f846762e\AEM.Server.dll MOD - [2009.01.15 17:19:32 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3050.37467__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009.01.15 17:19:32 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.05.08 10:14:24 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.11.28 18:59:42 | 003,702,784 | ---- | M] () -- C:\Programme\PDFCreator\GS8.61\gs8.61\Bin\gsdll32.dll MOD - [2007.09.09 16:07:00 | 000,151,552 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libexpat.dll MOD - [2007.08.14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.08.05 21:53:32 | 000,053,248 | ---- | M] () -- C:\Programme\Multimedia Mouse Driver\V5\MouseHook.dll MOD - [2007.08.05 20:31:02 | 000,114,688 | ---- | M] () -- C:\Programme\Multimedia Mouse Driver\V5\keydll.dll MOD - [2007.07.12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2007.07.12 15:53:32 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.07.12 15:41:36 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll ========== Services (SafeList) ========== SRV - [2012.12.12 20:21:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.22 23:51:02 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) SRV - [2012.05.08 21:37:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:36:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.06 02:14:36 | 000,207,360 | ---- | M] (Iomega Corp) [Auto | Running] -- C:\Programme\Iomega Storage Manager\pCloudd.exe -- (PCloudd) SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008.01.21 03:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 03:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 03:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Programme\ActivIdentity\ActivClient\accoca.exe -- (accoca) SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.05.08 21:37:01 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 21:37:01 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV - [2011.08.19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV - [2011.08.19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV - [2011.08.19 11:25:25 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2011.08.06 02:14:36 | 000,017,488 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vNICdrv.sys -- (vNICdrv) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.15 03:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.12.15 03:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) DRV - [2009.04.09 12:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.04.09 12:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.04.09 12:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.04.09 12:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.04.09 12:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2008.05.08 13:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008.04.10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.04.07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.04.07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.02.01 15:25:30 | 000,158,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Programme\Mininova-Vuze\tbMini.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7BEB5BB0-9006-4C60-AFE6-513BF461728E}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1978305 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Programme\Mininova-Vuze\tbMini.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{2570EC7A-A142-421E-9058-5BB29E22FFBC}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE492 IE - HKCU\..\SearchScopes\{7BEB5BB0-9006-4C60-AFE6-513BF461728E}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de IE - HKCU\..\SearchScopes\{9C170E9A-1655-4637-94A9-5621333E68D1}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1978305 IE - HKCU\..\SearchScopes\{B066BBC1-5F4C-44D9-A4DA-D7DF0905A37B}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{F6A0A927-9E02-473E-98E3-B52D97CD2EFC}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.100.1:800 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010.04.01 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.11 23:23:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.15 21:39:35 | 000,000,000 | ---D | M] [2010.01.11 23:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2009.06.24 19:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.10.10 23:55:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\bz1fnq20.default\extensions [2010.01.12 00:09:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\bz1fnq20.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.29 06:43:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\bz1fnq20.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.11.01 19:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.25 18:01:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2012.06.18 21:06:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.04 21:10:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.01 19:20:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\windows\system32\npdeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Programme\Mininova-Vuze\tbMini.dll (Conduit Ltd.) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Programme\Mininova-Vuze\tbMini.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Mininova-Vuze Toolbar) - {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - C:\Programme\Mininova-Vuze\tbMini.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation) O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KMConfig] "C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe" KMConfig.exe File not found O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe File not found O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [dqgvdyg] "c:\users\martin\appdata\local\dqgvdyg.exe" dqgvdyg File not found O4 - HKCU..\Run: [GoogleChromeAutoLaunch_B3FBEF5462B7ECF3CF8933E4FE9764B6] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKCU..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spc.lnk = File not found O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD65EA02-71B4-449D-A2E5-6FE2D5588943}: NameServer = 192.168.100.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3A1AFFE-DB71-4D80-B71C-623E305249EC}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\First.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\First.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{051770fc-c975-11de-bb7a-00226464ed65}\Shell - "" = AutoRun O33 - MountPoints2\{051770fc-c975-11de-bb7a-00226464ed65}\Shell\AutoRun\command - "" = H:\TotalLock.exe O33 - MountPoints2\{b58434e5-8134-11de-aa0e-00226464ed65}\Shell - "" = AutoRun O33 - MountPoints2\{b58434e5-8134-11de-aa0e-00226464ed65}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.26 22:14:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2012.12.25 21:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2012.12.25 21:04:52 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2012.12.25 21:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast [2012.12.25 20:52:13 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\TVU Networks [2012.12.25 20:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks [2012.12.02 13:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck [2012.12.02 13:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH [2012.12.02 13:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck [2012.12.02 13:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb ========== Files - Modified Within 30 Days ========== [2012.12.26 22:35:54 | 000,000,000 | ---- | M] () -- C:\Users\Martin\defogger_reenable [2012.12.26 22:35:02 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.26 22:33:58 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.26 22:31:57 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe [2012.12.26 22:31:54 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll [2012.12.26 22:31:51 | 000,000,308 | ---- | M] () -- C:\windows\tasks\IENI.job [2012.12.26 22:31:49 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.26 22:31:49 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.26 22:31:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.12.26 22:31:40 | 3216,261,120 | -HS- | M] () -- C:\hiberfil.sys [2012.12.26 22:30:05 | 000,001,158 | ---- | M] () -- C:\windows\bthservsdp.dat [2012.12.26 22:20:15 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.12.26 22:15:53 | 000,302,592 | ---- | M] () -- C:\Users\Martin\Desktop\mbvld26q.exe [2012.12.26 22:14:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2012.12.26 22:13:18 | 000,050,477 | ---- | M] () -- C:\Users\Martin\Desktop\Defogger.exe [2012.12.26 21:46:52 | 000,000,420 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{CFB1C48B-06E9-45CC-91C8-2B749C42D204}.job [2012.12.25 21:04:53 | 000,000,788 | ---- | M] () -- C:\Users\Martin\Desktop\SopCast.lnk [2012.12.23 16:58:28 | 000,674,832 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.12.23 16:58:28 | 000,634,650 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.12.23 16:58:28 | 000,146,484 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.12.23 16:58:28 | 000,120,214 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.12.22 20:57:30 | 000,498,288 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.12.18 20:52:23 | 000,118,784 | RHS- | M] () -- C:\windows\System32\fdPHosta.dll [2012.12.16 12:48:31 | 000,001,022 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job [2012.12.13 18:38:43 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.13 17:53:35 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012.12.02 13:02:55 | 000,002,023 | ---- | M] () -- C:\Users\Martin\Desktop\Amazon.lnk [2012.12.02 13:02:55 | 000,002,021 | ---- | M] () -- C:\Users\Martin\Desktop\WEB.DE.lnk [2012.12.02 13:02:55 | 000,002,015 | ---- | M] () -- C:\Users\Martin\Desktop\eBay.lnk ========== Files Created - No Company Name ========== [2012.12.26 22:35:54 | 000,000,000 | ---- | C] () -- C:\Users\Martin\defogger_reenable [2012.12.26 22:15:50 | 000,302,592 | ---- | C] () -- C:\Users\Martin\Desktop\mbvld26q.exe [2012.12.26 22:13:16 | 000,050,477 | ---- | C] () -- C:\Users\Martin\Desktop\Defogger.exe [2012.12.25 21:04:53 | 000,000,788 | ---- | C] () -- C:\Users\Martin\Desktop\SopCast.lnk [2012.12.18 20:52:23 | 000,118,784 | RHS- | C] () -- C:\windows\System32\fdPHosta.dll [2012.12.18 20:52:23 | 000,000,308 | ---- | C] () -- C:\windows\tasks\IENI.job [2012.12.14 17:32:43 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.14 17:32:43 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.02 13:02:55 | 000,002,023 | ---- | C] () -- C:\Users\Martin\Desktop\Amazon.lnk [2012.12.02 13:02:55 | 000,002,021 | ---- | C] () -- C:\Users\Martin\Desktop\WEB.DE.lnk [2011.10.30 20:00:19 | 000,012,194 | ---- | C] () -- C:\windows\hpwscr20.dat [2011.10.30 19:59:20 | 000,203,136 | ---- | C] () -- C:\windows\hpwins20.dat [2011.10.30 19:59:20 | 000,002,428 | ---- | C] () -- C:\windows\hpwmdl20.dat [2011.02.09 01:21:49 | 000,758,018 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2011.02.09 01:21:49 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2009.03.16 00:26:04 | 000,000,000 | ---- | C] () -- C:\Users\Martin\AppData\Local\rx_image32.Cache [2009.02.26 20:58:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.02.19 23:13:42 | 000,000,094 | ---- | C] () -- C:\Users\Martin\AppData\Local\fusioncache.dat [2009.02.13 00:27:04 | 000,001,973 | ---- | C] () -- C:\Users\Martin\AppData\Local\dqgvdyg.dat [2009.02.13 00:27:04 | 000,000,319 | ---- | C] () -- C:\Users\Martin\AppData\Local\dqgvdyg_navps.dat [2009.02.13 00:27:04 | 000,000,091 | ---- | C] () -- C:\Users\Martin\AppData\Local\dqgvdyg.bat [2009.02.05 23:25:47 | 000,000,680 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat [2009.01.17 22:42:09 | 000,193,536 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.02 13:02:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\1&1 Mail & Media GmbH [2010.05.04 22:35:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AIMP [2012.09.01 12:04:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Azureus [2009.08.31 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ClipMagic [2012.10.04 21:22:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft [2012.10.04 21:21:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.09 01:21:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GetRightToGo [2009.11.06 01:09:33 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GrabPro [2009.02.17 21:28:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\gtk-2.0 [2012.08.05 17:34:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Internet-Manager [2009.01.17 23:37:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\InterVideo [2009.02.18 20:45:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org [2009.12.02 00:14:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Orbit [2012.01.08 12:10:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sync App Settings [2009.06.24 19:35:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TomTom [2011.03.16 00:13:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\uTorrent [2009.08.04 21:36:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Vodafone [2012.03.07 17:57:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\www.rene-zeidler.de ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.12.2012 22:38:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,82% Memory free
6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 204,44 Gb Free Space | 70,97% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
Computer Name: MARTIN_LAPTOP | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0020B008-A49E-4145-AB73-8586FED6F06F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0A6650B8-6962-421D-8B74-B2210AD3A50A}" = lport=137 | protocol=17 | dir=in | app=system |
"{0E2C8EE5-443D-45A0-BCCD-29A4247FFA03}" = lport=445 | protocol=6 | dir=in | app=system |
"{1C760815-4E0A-47C2-90AA-A2AE2384A5CB}" = rport=139 | protocol=6 | dir=out | app=system |
"{2BA388D9-1C23-4C6C-8D56-00D3AA3A6B50}" = rport=138 | protocol=17 | dir=out | app=system |
"{35A322CF-1B1A-4675-99BF-7E165579378A}" = lport=139 | protocol=6 | dir=in | app=system |
"{39587C2A-8253-4726-BF8C-F07724260929}" = lport=138 | protocol=17 | dir=in | app=system |
"{58199518-708A-46D0-9B50-FB9B502111D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{58602744-7AEC-4527-AC9F-9B38419C8D59}" = rport=445 | protocol=6 | dir=out | app=system |
"{65BB9E6D-3B79-45EF-95D6-DCEECA64EDEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BD4A254-F01D-4745-83C6-E9A524CD356D}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{8F649E0C-C661-4130-B25C-6D23DBA73DD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B2842191-B4B5-4AB2-B9FA-5CC940600620}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B294F02F-DDFC-4BF0-ADA9-D3BB27266840}" = rport=137 | protocol=17 | dir=out | app=system |
"{CBBF6355-AE8D-48A4-B613-1A7B4E5CA472}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CF97E488-143A-4250-B566-C320AD2242D0}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{D4C2355E-D101-48D2-AD4A-C7E145B1CE79}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FD786BA7-71E6-4EC4-82B2-CAAA49D09F71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{132A37D0-7E54-4DAE-838F-C3EF14D70AD7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{24013B47-CAC2-4598-A006-710191C0AC39}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{390FE55A-8592-4D47-A68D-5C8D0C0492FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F4B65E8-5B86-4A28-AE62-529AC999E14A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8651AF78-9688-4FDB-B6FA-4D2813665034}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{AAEEE1DD-7794-4EE8-96D3-538D5DE39432}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{CC32C2CE-D99F-47FE-B1D6-D5821602998D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC693F76-FE24-4168-B70F-F1BEF7AF7421}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1B046871-E829-465C-9173-6F52D479B1A0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{27B854C5-C2F9-4FC4-994D-EAA4E350309F}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{2CC01D4C-C633-47FC-A33D-1DD22CBBE2D6}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{44EA5C30-512E-4FEB-BEDC-1716CB2D11D1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{9A414E43-FF86-4EDE-919A-4FBDE4DC7E8D}\\iconnect\daten\daten\gemeinsame daten\software\tvuplayer_green.v2.5.3.1\tvuplayer.exe" = protocol=6 | dir=in | app=\\iconnect\daten\daten\gemeinsame daten\software\tvuplayer_green.v2.5.3.1\tvuplayer.exe |
"TCP Query User{A800A942-C09E-4A36-A5CB-6D3FB460FA53}C:\program files\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=c:\program files\iomega storage manager\iomegastoragemanager.exe |
"TCP Query User{B3BB22C8-EAC8-493E-A952-346A9F36941F}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{F1621C85-CC33-4A7B-B264-5D96B6C2EBDB}C:\program files\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=c:\program files\iomega storage manager\iomegastoragemanager.exe |
"UDP Query User{30ED2A80-D8FB-4C81-87ED-A8FA58EAEAAC}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{323068BE-6FBD-4358-A3BB-443E3BD9A1EE}C:\program files\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=c:\program files\iomega storage manager\iomegastoragemanager.exe |
"UDP Query User{9F68D9A7-8F32-4107-9D45-BECF122543C2}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{A6417135-47ED-41C9-8300-54261BD58BED}C:\program files\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=c:\program files\iomega storage manager\iomegastoragemanager.exe |
"UDP Query User{B70F1DAE-0109-4CE2-A322-C2934CD9908B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{C4F4A600-129B-4A64-85BD-BB05363B2F85}\\iconnect\daten\daten\gemeinsame daten\software\tvuplayer_green.v2.5.3.1\tvuplayer.exe" = protocol=17 | dir=in | app=\\iconnect\daten\daten\gemeinsame daten\software\tvuplayer_green.v2.5.3.1\tvuplayer.exe |
"UDP Query User{C8ADE03B-6A92-4638-AB96-9BDD5B877BEB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E1786252-20E1-4D68-ABE0-85E39BA2E1D6}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5300
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06CB77AB-CDE1-EF6B-175D-85FA59C7F0EE}" = Catalyst Control Center Core Implementation
"{07D78C7B-2AA8-5C02-4238-EE3F39279221}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0AF9C2B7-2E98-8D77-3892-F8512305C6CE}" = CCC Help Turkish
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{164280AB-98C2-FD02-EC0B-5DFBB98E89C1}" = Catalyst Control Center Localization Chinese Standard
"{173317B8-D99E-F58E-CAAE-924D8F26C435}" = CCC Help Czech
"{1779522E-BFC6-738C-E97E-39405E196FA6}" = Catalyst Control Center Localization Spanish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1DB44CB7-D68E-9F09-D656-0FBC7D4D9C00}" = Catalyst Control Center Localization Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FD3DF19-EF58-2A29-222B-A4B6E237D3DD}" = Catalyst Control Center Graphics Previews Vista
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{2EC294E6-2E8C-23A7-C174-4E59532B0E06}" = Catalyst Control Center Localization Korean
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{311BF3BF-6AAB-7859-1E5A-EB46644A6011}" = CCC Help French
"{32063923-8066-18D5-BF07-2B692547AEF5}" = CCC Help Korean
"{323C15C3-6DE1-05E6-B202-6F1D90BB1B06}" = Catalyst Control Center Localization Turkish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3848DCD1-E356-ACB9-93AF-FB93485E1598}" = CCC Help Thai
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3A76F96A-637B-9A0E-F65B-AE595A49DEDA}" = ccc-core-static
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FCFB6B6-B5DE-C5B8-825F-5998C220C24E}" = Catalyst Control Center Localization Russian
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44AFDB86-1509-4CDC-9B2E-1C73B2DEE5F0}" = Mobile Broadband Drivers
"{45BA0F82-FC61-828B-A188-49A24B7B39F4}" = Catalyst Control Center Localization Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4ADB08ED-A385-21BA-3511-00EB170C9CCA}" = Catalyst Control Center Localization Greek
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{500CAC18-1509-AC6C-3E91-A437F9457D5E}" = CCC Help Japanese
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B5494F7-FD30-AFAB-ACD5-345F26B6AAF4}" = Catalyst Control Center Graphics Full Existing
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BF2EC0B-2A01-DDEA-5645-E700BCE9CDA6}" = CCC Help Spanish
"{5EF644FA-3703-3253-7372-AE46FD862588}" = ccc-utility
"{63BABF5E-B142-02F9-85E1-F0A1DBEC6D5D}" = Catalyst Control Center Localization Chinese Traditional
"{647ED1EC-1D53-9886-B5A1-234CE9D7BE3F}" = Catalyst Control Center Localization Danish
"{64F561F5-17B7-0721-8D08-78777BB91382}" = CCC Help Italian
"{65E63D8F-F763-940E-38FA-1A6B2C30ADB2}" = Catalyst Control Center Graphics Light
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6B4591DF-C531-255E-BDE6-25226A5AE115}" = Skins
"{6C4592F5-A803-1740-A708-84F3578DC083}" = Catalyst Control Center Localization German
"{6DF8EB4D-F5E5-369C-38B2-4F7CD0F02AC3}" = Catalyst Control Center Localization Italian
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 3.0G
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BEA3254-8719-4815-9312-69AF21B8D779}" = CCC Help Chinese Traditional
"{8BF85A3B-C2EE-2A32-DF54-B565062FBEC9}" = Catalyst Control Center Localization Japanese
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD39028-8B90-88D8-781A-AB82A9AE6662}" = CCC Help English
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91B26C13-34A4-36FA-E1F0-22664915EED1}" = Catalyst Control Center Localization Dutch
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{968933D6-A9FC-891C-6292-F7E68DB2C7EA}" = CCC Help Finnish
"{96DB55D1-E21F-126C-1ADD-35EAAC852C7C}" = Catalyst Control Center Localization Finnish
"{988B865E-CC06-7B3D-FBC0-52093DB75C9A}" = CCC Help Dutch
"{997F39AA-6CDC-2E23-F9C3-D59AACABAB8F}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{B0704448-6681-607E-D97F-A148C2E2F763}" = CCC Help Danish
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BABEDC2E-5718-1D6D-9E76-93C7EC76BBC4}" = CCC Help Greek
"{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}" = ESU for Microsoft Vista SP1
"{BD5DE09E-3C1C-1DCE-E98D-7B7BBDBE15AD}" = CCC Help Portuguese
"{BFCBCC48-9027-17B7-BD08-5214898494CC}" = CCC Help German
"{C3036710-8564-ECEA-0E19-1B7880111167}" = CCC Help Swedish
"{C7D03B2F-5B3A-A6D8-1C6C-AFCA02DDD3EC}" = Catalyst Control Center Localization Czech
"{C8A33E2B-5DDB-BF2E-24A9-95DFA1CDF56D}" = Catalyst Control Center Localization Polish
"{CA144572-CEAD-5A14-A338-D28B35D9C7FF}" = Catalyst Control Center Localization Hungarian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDC7F188-3A08-45C3-8C3C-99BE32911949}" = Photo Transport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3020D2-1742-19F4-EFB4-4D76097C81D0}" = Catalyst Control Center Localization Portuguese
"{CF755AAE-7801-359C-E9D3-FE8572F8C760}" = Catalyst Control Center Graphics Full New
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC04644B-C7B3-AF77-610C-7F0AF59AC44D}" = ATI Catalyst Install Manager
"{DE80F89F-6132-42A9-1A47-542F6C60E1A2}" = CCC Help Russian
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E979B690-80A7-8E8B-1281-C68DBEDDB491}" = CCC Help Norwegian
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F23DFEB2-A5D1-3B97-FBF3-30DC859411C0}" = CCC Help Hungarian
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F5BF6D6E-C8F1-4FE1-943A-C484696B30C2}" = Guitar Chords
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FBE38124-B7F0-3EEE-98C5-D8C3AE353FF5}" = CCC Help Chinese Standard
"{FD9FAE60-2BF1-C877-9843-AABA9DA06A2B}" = CCC Help Polish
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIMP2" = AIMP2
"Allway Sync_is1" = Allway Sync version 12.0.0
"AP Tuner 3.08" = AP Tuner 3.08
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDex" = CDex extraction audio
"dqgvdyg" = Favorit
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.5.3
"eMule" = eMule
"FastStone Capture" = FastStone Capture 5.3
"Free DVD MP3 Ripper_is1" = Free DVD MP3 Ripper 1.12
"Free Studio_is1" = Free Studio version 5.7.4.918
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Huawei Modems" = Huawei modem
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver
"Iomega Storage Manager" = Iomega Storage Manager
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mininova-Vuze Toolbar" = Mininova-Vuze Toolbar
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Novatel_V20051Installer" = Novatel driver package V2.00.51
"PDF Complete" = PDF Complete
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Vuze" = Vuze
"Winamp" = Winamp
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.12.2012 20:33:38 | Computer Name = Martin_Laptop | Source = EventSystem | ID = 4621
Description =
Error - 08.12.2012 16:09:38 | Computer Name = Martin_Laptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19328 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 10c4 Anfangszeit: 01cdd5705c996a80 Zeitpunkt
der Beendigung: 47
Error - 12.12.2012 16:44:34 | Computer Name = Martin_Laptop | Source = EventSystem | ID = 4621
Description =
Error - 13.12.2012 12:55:23 | Computer Name = Martin_Laptop | Source = MsiInstaller | ID = 11904
Description =
Error - 16.12.2012 13:22:04 | Computer Name = Martin_Laptop | Source = EventSystem | ID = 4621
Description =
Error - 23.12.2012 11:54:25 | Computer Name = Martin_Laptop | Source = EventSystem | ID = 4621
Description =
Error - 23.12.2012 13:33:05 | Computer Name = Martin_Laptop | Source = EventSystem | ID = 4621
Description =
Error - 25.12.2012 16:10:28 | Computer Name = Martin_Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SopCast.exe, Version 3.5.0.1221, Zeitstempel
0x4f503ae3, fehlerhaftes Modul sop.ocx, Version 0.0.0.0, Zeitstempel 0x4f502af7,
Ausnahmecode 0xc0000005, Fehleroffset 0x0013870b, Prozess-ID 0x1fb8, Anwendungsstartzeit
01cde2db334b17e3.
Error - 25.12.2012 16:12:13 | Computer Name = Martin_Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SopCast.exe, Version 3.5.0.1221, Zeitstempel
0x4f503ae3, fehlerhaftes Modul sop.ocx, Version 0.0.0.0, Zeitstempel 0x4f502af7,
Ausnahmecode 0xc0000005, Fehleroffset 0x0013870b, Prozess-ID 0x1820, Anwendungsstartzeit
01cde2dbebaf39b3.
Error - 25.12.2012 16:14:50 | Computer Name = Martin_Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SopCast.exe, Version 3.5.0.1221, Zeitstempel
0x4f503ae3, fehlerhaftes Modul sop.ocx, Version 0.0.0.0, Zeitstempel 0x4f502af7,
Ausnahmecode 0xc0000005, Fehleroffset 0x0013870b, Prozess-ID 0x1314, Anwendungsstartzeit
01cde2dc25f23be3.
[ Credential Manager Events ]
Error - 19.09.2012 12:30:15 | Computer Name = Martin_Laptop | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Simone@Martin_Laptop Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 19.09.2012 12:30:15 | Computer Name = Martin_Laptop | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Simone@Martin_Laptop
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 01.11.2012 20:05:49 | Computer Name = Martin_Laptop | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Martin@Martin_Laptop
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 01.11.2012 20:05:49 | Computer Name = Martin_Laptop | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Martin@Martin_Laptop Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 01.11.2012 20:06:04 | Computer Name = Martin_Laptop | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Martin@Martin_Laptop Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 01.11.2012 20:06:04 | Computer Name = Martin_Laptop | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Martin@Martin_Laptop
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 01.11.2012 20:28:53 | Computer Name = Martin_Laptop | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Simone@Martin_Laptop Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 01.11.2012 20:28:53 | Computer Name = Martin_Laptop | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Simone@Martin_Laptop
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 23.11.2012 17:52:19 | Computer Name = Martin_Laptop | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Ellena@Martin_Laptop Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 23.11.2012 17:52:19 | Computer Name = Martin_Laptop | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Ellena@Martin_Laptop
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
[ System Events ]
Error - 25.12.2012 17:11:09 | Computer Name = Martin_Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 25.12.2012 17:11:33 | Computer Name = Martin_Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 25.12.2012 17:13:45 | Computer Name = Martin_Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 26.12.2012 16:43:11 | Computer Name = Martin_Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 26.12.2012 16:43:34 | Computer Name = Martin_Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 26.12.2012 16:46:05 | Computer Name = Martin_Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 26.12.2012 17:18:50 | Computer Name = Martin_Laptop | Source = Print | ID = 6161
Description = Das Dokument http://www.trojaner-board.de/69886-a...enden-eroeffnu
im Besitz von Martin konnte nicht auf dem Drucker HP Officejet J4680 Series gedruckt
werden. Versuchen Sie erneut, das Dokument zu drucken, oder starten Sie den Druckspooler
erneut. Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes: 6094848. Anzahl
der gedruckten Bytes: 6094848. Gesamtanzahl der Seiten des Dokuments: 5. Anzahl
der gedruckten Seiten: 15. Clientcomputer: \\MARTIN_LAPTOP. Vom Druckprozessor zurückgegebener
Win32-Fehlercode: 0. Der Vorgang wurde erfolgreich beendet.
Error - 26.12.2012 17:33:05 | Computer Name = Martin_Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 26.12.2012 17:33:27 | Computer Name = Martin_Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 26.12.2012 17:36:16 | Computer Name = Martin_Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Screenshot GMER-Absturz: siehe Anlage GMER_01.jpg Malewarebytes Report: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.27.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19393 Martin :: MARTIN_LAPTOP [Administrator] Schutz: Aktiviert 27.12.2012 17:58:03 mbam-log-2012-12-27 (17-58-03).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 312641 Laufzeit: 11 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Martin\AppData\Local\Temp\Temp1_iehv.zip\iehv.exe (PUP.HistoryTool) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) GMER-Absturz: siehe Anlage GMER_03.jpg DANKE! |
|
28.12.2012, 22:24
| #2 |
| /// Malware-holic   | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.12.18 20:52:23 | 000,118,784 | RHS- | M] () -- C:\windows\System32\fdPHosta.dll
[2012.12.18 20:52:23 | 000,000,308 | ---- | C] () -- C:\windows\tasks\IENI.job
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ |
|
28.12.2012, 23:00
| #3 |
| | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hallo Markus,
__________________wow, mit einer so schnellen Antwort habe ich nicht gerechnet. Erst mal herzlichen Dank dafür. Habe laut Deiner Anleitung OTL gestartet - ist aber dann abgestürzt, nachdem Antivir einen Fund gemeldet hat. Habe leider keine Screenshot machen können da alles weg war. In der OTL Textbox war zu diesem Zeitpunkt nur noch die letzte Zeile zu sehen. Hätte Antivir wahrscheinlich voher abschalten sollen ... Soll ich nun die beschriebene Prozedur mit deaktiviertem Antivir noch einmal durchführen? Hallo, auch wenn OTL abgestürzt ist, habe ich die "Movedfiles" hochgeladen. Hier auch die "summary-info.txt" (hat sich durch die Ausführung von OTL nicht verändert): Code:
ATTFilter System volume information: dwHighDateTime = 0x1c8d02d,dwLowDateTime = 0x47e642c5
System32: dwHighDateTime = 0x1c6fe70,dwLowDateTime = 0xa3cd0a16
dwSerialNumber = 0x336d773f
Ist das Datum, das in Deinem Code für OTL angegeben ist der Infektionszeitpunkt? |
|
03.01.2013, 17:08
| #4 |
| /// Malware-holic | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Sorry für die späte Antwort, hatte urlaub genau, der 18.12 ist der zeitpunkt, bzw evtl. 17.12
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.01.2013, 21:00
| #5 |
| | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hallo, hoffe Du hast Dich gut erholt! Gutes Neues Jahr erst mal! Aktueller Status: - Das mit den falschen links ist jetzt weg. - Sicherheitscenter lässt sich aber immer noch nicht aktivieren. ... aber lass langsam angehen, damit die ganze Erholung nicht gleich wieder weg ist. |
|
03.01.2013, 21:11
| #6 |
| /// Malware-holic | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert |
|
03.01.2013, 22:25
| #7 |
| | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hier der TDSS-Killer Report: Code:
ATTFilter 22:16:33.0018 3652 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:16:33.0065 3652 ============================================================
22:16:33.0065 3652 Current date / time: 2013/01/03 22:16:33.0065
22:16:33.0065 3652 SystemInfo:
22:16:33.0065 3652
22:16:33.0065 3652 OS Version: 6.0.6002 ServicePack: 2.0
22:16:33.0065 3652 Product type: Workstation
22:16:33.0065 3652 ComputerName: MARTIN_LAPTOP
22:16:33.0065 3652 UserName: Martin
22:16:33.0065 3652 Windows directory: C:\windows
22:16:33.0065 3652 System windows directory: C:\windows
22:16:33.0065 3652 Processor architecture: Intel x86
22:16:33.0065 3652 Number of processors: 2
22:16:33.0065 3652 Page size: 0x1000
22:16:33.0065 3652 Boot type: Normal boot
22:16:33.0065 3652 ============================================================
22:16:33.0486 3652 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:16:33.0486 3652 ============================================================
22:16:33.0486 3652 \Device\Harddisk0\DR0:
22:16:33.0486 3652 MBR partitions:
22:16:33.0486 3652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2402CFC1
22:16:33.0486 3652 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x2402D000, BlocksNum 0x200800
22:16:33.0486 3652 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2422DAB0, BlocksNum 0x1201000
22:16:33.0486 3652 ============================================================
22:16:33.0502 3652 C: <-> \Device\Harddisk0\DR0\Partition1
22:16:33.0533 3652 D: <-> \Device\Harddisk0\DR0\Partition3
22:16:33.0548 3652 F: <-> \Device\Harddisk0\DR0\Partition2
22:16:33.0548 3652 ============================================================
22:16:33.0548 3652 Initialize success
22:16:33.0548 3652 ============================================================
22:17:19.0740 7956 ============================================================
22:17:19.0740 7956 Scan started
22:17:19.0740 7956 Mode: Manual; SigCheck; TDLFS;
22:17:19.0740 7956 ============================================================
22:17:19.0943 7956 ================ Scan system memory ========================
22:17:19.0943 7956 System memory - ok
22:17:19.0943 7956 ================ Scan services =============================
22:17:20.0114 7956 [ A9B917777841B76F299E2EA946E03ADF ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
22:17:20.0208 7956 Accelerometer - ok
22:17:20.0286 7956 [ EC4A5D4E36A8E49261CD823450E0BA51 ] accoca c:\Program Files\ActivIdentity\ActivClient\accoca.exe
22:17:20.0302 7956 accoca - ok
22:17:20.0348 7956 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\windows\system32\drivers\acpi.sys
22:17:20.0364 7956 ACPI - ok
22:17:20.0411 7956 [ 364A903711E84EB1386FA04106681B7A ] ADIHdAudAddService C:\windows\system32\drivers\ADIHdAud.sys
22:17:20.0473 7956 ADIHdAudAddService - ok
22:17:20.0536 7956 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:17:20.0536 7956 AdobeARMservice - ok
22:17:20.0614 7956 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:17:20.0629 7956 AdobeFlashPlayerUpdateSvc - ok
22:17:20.0676 7956 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
22:17:20.0707 7956 adp94xx - ok
22:17:20.0707 7956 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\windows\system32\drivers\adpahci.sys
22:17:20.0738 7956 adpahci - ok
22:17:20.0754 7956 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\windows\system32\drivers\adpu160m.sys
22:17:20.0770 7956 adpu160m - ok
22:17:20.0770 7956 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\windows\system32\drivers\adpu320.sys
22:17:20.0785 7956 adpu320 - ok
22:17:20.0832 7956 [ 585F5793BB5D79C8754EE63BCBAF2B3A ] AEADIFilters C:\windows\system32\AEADISRV.EXE
22:17:20.0848 7956 AEADIFilters - ok
22:17:20.0879 7956 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:17:20.0957 7956 AeLookupSvc - ok
22:17:21.0019 7956 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\windows\system32\drivers\afd.sys
22:17:21.0082 7956 AFD - ok
22:17:21.0128 7956 [ 8ED60797908FD394EEE0D6949F493224 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
22:17:21.0160 7956 AgereModemAudio - ok
22:17:21.0206 7956 [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
22:17:21.0331 7956 AgereSoftModem - ok
22:17:21.0362 7956 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\windows\system32\drivers\agp440.sys
22:17:21.0378 7956 agp440 - ok
22:17:21.0394 7956 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\windows\system32\drivers\djsvs.sys
22:17:21.0409 7956 aic78xx - ok
22:17:21.0425 7956 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\windows\System32\alg.exe
22:17:21.0534 7956 ALG - ok
22:17:21.0565 7956 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\windows\system32\drivers\aliide.sys
22:17:21.0581 7956 aliide - ok
22:17:21.0612 7956 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\windows\system32\drivers\amdagp.sys
22:17:21.0612 7956 amdagp - ok
22:17:21.0628 7956 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\windows\system32\drivers\amdide.sys
22:17:21.0643 7956 amdide - ok
22:17:21.0659 7956 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\windows\system32\drivers\amdk7.sys
22:17:21.0706 7956 AmdK7 - ok
22:17:21.0721 7956 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
22:17:21.0752 7956 AmdK8 - ok
22:17:21.0830 7956 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:17:21.0846 7956 AntiVirSchedulerService - ok
22:17:21.0877 7956 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:17:21.0893 7956 AntiVirService - ok
22:17:21.0924 7956 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\windows\System32\appinfo.dll
22:17:21.0986 7956 Appinfo - ok
22:17:22.0002 7956 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\windows\system32\drivers\arc.sys
22:17:22.0018 7956 arc - ok
22:17:22.0049 7956 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\windows\system32\drivers\arcsas.sys
22:17:22.0049 7956 arcsas - ok
22:17:22.0127 7956 [ 46BA50DE5ADD62AA4CE173EDA629245A ] ASBroker c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
22:17:22.0127 7956 ASBroker - ok
22:17:22.0142 7956 [ 7BEC093B781A2AC8B270EBD4695ADC97 ] ASChannel c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll
22:17:22.0158 7956 ASChannel - ok
22:17:22.0236 7956 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:17:22.0252 7956 aspnet_state - ok
22:17:22.0283 7956 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:17:22.0314 7956 AsyncMac - ok
22:17:22.0345 7956 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\windows\system32\drivers\atapi.sys
22:17:22.0361 7956 atapi - ok
22:17:22.0408 7956 [ 098C7CE10A929C9E101468377609882D ] Ati External Event Utility C:\windows\system32\Ati2evxx.exe
22:17:22.0470 7956 Ati External Event Utility - ok
22:17:22.0610 7956 [ 2DC63AFB58A1B166CF1D1B5A9F144135 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
22:17:22.0782 7956 atikmdag - ok
22:17:22.0844 7956 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:17:22.0876 7956 AudioEndpointBuilder - ok
22:17:22.0891 7956 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\windows\System32\Audiosrv.dll
22:17:22.0907 7956 Audiosrv - ok
22:17:22.0954 7956 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
22:17:22.0969 7956 avgntflt - ok
22:17:23.0032 7956 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
22:17:23.0047 7956 avipbb - ok
22:17:23.0063 7956 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
22:17:23.0078 7956 avkmgr - ok
22:17:23.0110 7956 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
22:17:23.0141 7956 b57nd60x - ok
22:17:23.0188 7956 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\windows\system32\drivers\Beep.sys
22:17:23.0234 7956 Beep - ok
22:17:23.0297 7956 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\windows\System32\bfe.dll
22:17:23.0344 7956 BFE - ok
22:17:23.0390 7956 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\windows\System32\qmgr.dll
22:17:23.0437 7956 BITS - ok
22:17:23.0468 7956 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
22:17:23.0515 7956 blbdrive - ok
22:17:23.0578 7956 [ 70CD6D71FC48BBBD1385D7B35AEADECC ] BMLoad C:\windows\system32\drivers\BMLoad.sys
22:17:23.0609 7956 BMLoad ( UnsignedFile.Multi.Generic ) - warning
22:17:23.0609 7956 BMLoad - detected UnsignedFile.Multi.Generic (1)
22:17:23.0640 7956 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:17:23.0687 7956 bowser - ok
22:17:23.0718 7956 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\drivers\brfiltlo.sys
22:17:23.0749 7956 BrFiltLo - ok
22:17:23.0749 7956 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\drivers\brfiltup.sys
22:17:23.0780 7956 BrFiltUp - ok
22:17:23.0812 7956 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\windows\System32\browser.dll
22:17:23.0858 7956 Browser - ok
22:17:23.0890 7956 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\windows\system32\drivers\brserid.sys
22:17:24.0061 7956 Brserid - ok
22:17:24.0092 7956 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\system32\drivers\brserwdm.sys
22:17:24.0155 7956 BrSerWdm - ok
22:17:24.0170 7956 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\system32\drivers\brusbmdm.sys
22:17:24.0217 7956 BrUsbMdm - ok
22:17:24.0248 7956 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\system32\drivers\brusbser.sys
22:17:24.0295 7956 BrUsbSer - ok
22:17:24.0342 7956 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
22:17:24.0373 7956 BthEnum - ok
22:17:24.0404 7956 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
22:17:24.0451 7956 BTHMODEM - ok
22:17:24.0467 7956 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
22:17:24.0514 7956 BthPan - ok
22:17:24.0592 7956 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
22:17:24.0670 7956 BTHPORT - ok
22:17:24.0701 7956 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\windows\System32\bthserv.dll
22:17:24.0732 7956 BthServ - ok
22:17:24.0779 7956 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
22:17:24.0810 7956 BTHUSB - ok
22:17:24.0857 7956 [ E6F8C2B62B9EB57D41C0B2C5FD3078A0 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
22:17:24.0872 7956 btwaudio - ok
22:17:24.0904 7956 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\windows\system32\drivers\btwavdt.sys
22:17:24.0904 7956 btwavdt - ok
22:17:25.0028 7956 [ 43EBEF8F9328FB6F81E51744167315B9 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
22:17:25.0060 7956 btwdins - ok
22:17:25.0091 7956 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
22:17:25.0106 7956 btwrchid - ok
22:17:25.0138 7956 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:17:25.0184 7956 cdfs - ok
22:17:25.0231 7956 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:17:25.0262 7956 cdrom - ok
22:17:25.0309 7956 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\windows\System32\certprop.dll
22:17:25.0340 7956 CertPropSvc - ok
22:17:25.0372 7956 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\windows\system32\drivers\circlass.sys
22:17:25.0387 7956 circlass - ok
22:17:25.0434 7956 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\windows\system32\CLFS.sys
22:17:25.0465 7956 CLFS - ok
22:17:25.0481 7956 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:17:25.0496 7956 clr_optimization_v2.0.50727_32 - ok
22:17:25.0559 7956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:17:25.0574 7956 clr_optimization_v4.0.30319_32 - ok
22:17:25.0621 7956 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:17:25.0652 7956 CmBatt - ok
22:17:25.0668 7956 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\windows\system32\drivers\cmdide.sys
22:17:25.0668 7956 cmdide - ok
22:17:25.0730 7956 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:17:25.0746 7956 Com4QLBEx - ok
22:17:25.0746 7956 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
22:17:25.0762 7956 Compbatt - ok
22:17:25.0762 7956 COMSysApp - ok
22:17:25.0777 7956 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
22:17:25.0793 7956 crcdisk - ok
22:17:25.0808 7956 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\windows\system32\drivers\crusoe.sys
22:17:25.0855 7956 Crusoe - ok
22:17:25.0902 7956 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\windows\system32\cryptsvc.dll
22:17:25.0933 7956 CryptSvc - ok
22:17:25.0996 7956 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\windows\system32\rpcss.dll
22:17:26.0042 7956 DcomLaunch - ok
22:17:26.0074 7956 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:17:26.0105 7956 DfsC - ok
22:17:26.0183 7956 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\windows\system32\DFSR.exe
22:17:26.0292 7956 DFSR - ok
22:17:26.0354 7956 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\windows\System32\dhcpcsvc.dll
22:17:26.0401 7956 Dhcp - ok
22:17:26.0432 7956 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\windows\system32\drivers\disk.sys
22:17:26.0448 7956 disk - ok
22:17:26.0495 7956 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\windows\System32\dnsrslvr.dll
22:17:26.0526 7956 Dnscache - ok
22:17:26.0573 7956 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\windows\System32\dot3svc.dll
22:17:26.0604 7956 dot3svc - ok
22:17:26.0635 7956 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\windows\system32\dps.dll
22:17:26.0666 7956 DPS - ok
22:17:26.0698 7956 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:17:26.0729 7956 drmkaud - ok
22:17:26.0776 7956 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:17:26.0838 7956 DXGKrnl - ok
22:17:26.0916 7956 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\windows\system32\DRIVERS\E1G60I32.sys
22:17:26.0947 7956 E1G60 - ok
22:17:26.0963 7956 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\windows\System32\eapsvc.dll
22:17:27.0010 7956 EapHost - ok
22:17:27.0041 7956 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\windows\system32\drivers\ecache.sys
22:17:27.0056 7956 Ecache - ok
22:17:27.0103 7956 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\windows\system32\drivers\elxstor.sys
22:17:27.0119 7956 elxstor - ok
22:17:27.0166 7956 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\windows\system32\emdmgmt.dll
22:17:27.0228 7956 EMDMgmt - ok
22:17:27.0244 7956 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\windows\system32\drivers\errdev.sys
22:17:27.0275 7956 ErrDev - ok
22:17:27.0306 7956 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\windows\system32\es.dll
22:17:27.0353 7956 EventSystem - ok
22:17:27.0415 7956 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\windows\system32\drivers\exfat.sys
22:17:27.0446 7956 exfat - ok
22:17:27.0478 7956 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\windows\system32\drivers\fastfat.sys
22:17:27.0509 7956 fastfat - ok
22:17:27.0556 7956 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\windows\system32\DRIVERS\fdc.sys
22:17:27.0587 7956 fdc - ok
22:17:27.0618 7956 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\windows\system32\fdPHost.dll
22:17:27.0634 7956 fdPHost - ok
22:17:27.0665 7956 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\windows\system32\fdrespub.dll
22:17:27.0696 7956 FDResPub - ok
22:17:27.0712 7956 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:17:27.0727 7956 FileInfo - ok
22:17:27.0743 7956 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:17:27.0774 7956 Filetrace - ok
22:17:27.0790 7956 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
22:17:27.0821 7956 flpydisk - ok
22:17:27.0868 7956 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:17:27.0883 7956 FltMgr - ok
22:17:27.0961 7956 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\windows\system32\FntCache.dll
22:17:28.0008 7956 FontCache - ok
22:17:28.0086 7956 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:17:28.0102 7956 FontCache3.0.0.0 - ok
22:17:28.0133 7956 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:17:28.0164 7956 Fs_Rec - ok
22:17:28.0195 7956 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
22:17:28.0195 7956 gagp30kx - ok
22:17:28.0242 7956 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\windows\System32\gpsvc.dll
22:17:28.0336 7956 gpsvc - ok
22:17:28.0414 7956 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:17:28.0429 7956 gupdate - ok
22:17:28.0429 7956 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:17:28.0445 7956 gupdatem - ok
22:17:28.0507 7956 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:17:28.0523 7956 gusvc - ok
22:17:28.0538 7956 [ 88A78635B41ED4B261365FADEB28FE81 ] HBtnKey C:\windows\system32\DRIVERS\cpqbttn.sys
22:17:28.0570 7956 HBtnKey - ok
22:17:28.0616 7956 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:17:28.0679 7956 HdAudAddService - ok
22:17:28.0741 7956 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
22:17:28.0772 7956 HDAudBus - ok
22:17:28.0804 7956 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\windows\system32\drivers\hidbth.sys
22:17:28.0850 7956 HidBth - ok
22:17:28.0897 7956 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\windows\system32\drivers\hidir.sys
22:17:28.0944 7956 HidIr - ok
22:17:29.0006 7956 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\windows\system32\hidserv.dll
22:17:29.0038 7956 hidserv - ok
22:17:29.0084 7956 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:17:29.0116 7956 HidUsb - ok
22:17:29.0162 7956 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\windows\system32\kmsvc.dll
22:17:29.0194 7956 hkmsvc - ok
22:17:29.0256 7956 [ D13E6BFD7E9189D26A42E94CB2447044 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
22:17:29.0256 7956 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
22:17:29.0256 7956 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
22:17:29.0303 7956 [ 07A85D6C053A0999FF450BBCA9825FB2 ] HP ProtectTools Service c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
22:17:29.0318 7956 HP ProtectTools Service - ok
22:17:29.0334 7956 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\windows\system32\drivers\hpcisss.sys
22:17:29.0350 7956 HpCISSs - ok
22:17:29.0396 7956 [ 3520A74FCA88A5AEFBBE7B937BEA75F7 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
22:17:29.0396 7956 hpdskflt - ok
22:17:29.0443 7956 [ EB734EF9D7C4D02760F2D1342331BA41 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
22:17:29.0459 7956 HpFkCryptService - ok
22:17:29.0490 7956 [ EF55CD76A05A0675FE930036B7773943 ] HPFSService C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
22:17:29.0506 7956 HPFSService ( UnsignedFile.Multi.Generic ) - warning
22:17:29.0506 7956 HPFSService - detected UnsignedFile.Multi.Generic (1)
22:17:29.0615 7956 [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:17:29.0646 7956 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:17:29.0646 7956 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:17:29.0677 7956 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:17:29.0693 7956 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:17:29.0693 7956 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:17:29.0724 7956 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
22:17:29.0771 7956 HpqKbFiltr - ok
22:17:29.0802 7956 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
22:17:29.0818 7956 hpqwmiex - ok
22:17:29.0880 7956 [ 75F122CDCA3C71BD09089F2CA824B796 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:17:29.0927 7956 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:17:29.0927 7956 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:17:29.0958 7956 [ 3E940775A4970410F094E428BA94BBB7 ] hpsrv C:\windows\system32\Hpservice.exe
22:17:29.0958 7956 hpsrv - ok
22:17:30.0052 7956 [ 65D37BD167DD35C3663F4F097174E891 ] HSPADataCardusbmdm C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys
22:17:30.0083 7956 HSPADataCardusbmdm - ok
22:17:30.0130 7956 [ 65D37BD167DD35C3663F4F097174E891 ] HSPADataCardusbnmea C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys
22:17:30.0145 7956 HSPADataCardusbnmea - ok
22:17:30.0176 7956 [ 65D37BD167DD35C3663F4F097174E891 ] HSPADataCardusbser C:\windows\system32\DRIVERS\HSPADataCardusbser.sys
22:17:30.0192 7956 HSPADataCardusbser - ok
22:17:30.0254 7956 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:17:30.0286 7956 HTTP - ok
22:17:30.0317 7956 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\windows\system32\drivers\i2omp.sys
22:17:30.0332 7956 i2omp - ok
22:17:30.0379 7956 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
22:17:30.0410 7956 i8042prt - ok
22:17:30.0473 7956 [ 3AD7614C487C948ADD435662265750FB ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:17:30.0488 7956 IAANTMON - ok
22:17:30.0520 7956 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\windows\system32\drivers\iastor.sys
22:17:30.0535 7956 iaStor - ok
22:17:30.0551 7956 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\windows\system32\drivers\iastorv.sys
22:17:30.0566 7956 iaStorV - ok
22:17:30.0613 7956 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:17:30.0629 7956 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:17:30.0629 7956 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:17:30.0691 7956 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:17:30.0738 7956 idsvc - ok
22:17:30.0754 7956 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\windows\system32\drivers\iirsp.sys
22:17:30.0769 7956 iirsp - ok
22:17:30.0832 7956 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\windows\System32\ikeext.dll
22:17:30.0878 7956 IKEEXT - ok
22:17:30.0894 7956 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\windows\system32\drivers\intelide.sys
22:17:30.0910 7956 intelide - ok
22:17:30.0941 7956 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
22:17:30.0972 7956 intelppm - ok
22:17:31.0003 7956 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:17:31.0019 7956 IPBusEnum - ok
22:17:31.0034 7956 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:17:31.0081 7956 IpFilterDriver - ok
22:17:31.0112 7956 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:17:31.0144 7956 iphlpsvc - ok
22:17:31.0144 7956 IpInIp - ok
22:17:31.0175 7956 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\windows\system32\drivers\ipmidrv.sys
22:17:31.0222 7956 IPMIDRV - ok
22:17:31.0237 7956 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\windows\system32\DRIVERS\ipnat.sys
22:17:31.0268 7956 IPNAT - ok
22:17:31.0268 7956 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\windows\system32\drivers\irenum.sys
22:17:31.0315 7956 IRENUM - ok
22:17:31.0331 7956 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:17:31.0331 7956 isapnp - ok
22:17:31.0378 7956 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
22:17:31.0393 7956 iScsiPrt - ok
22:17:31.0409 7956 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\windows\system32\drivers\iteatapi.sys
22:17:31.0424 7956 iteatapi - ok
22:17:31.0440 7956 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\windows\system32\drivers\iteraid.sys
22:17:31.0456 7956 iteraid - ok
22:17:31.0502 7956 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
22:17:31.0518 7956 IviRegMgr - ok
22:17:31.0534 7956 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:17:31.0534 7956 kbdclass - ok
22:17:31.0580 7956 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
22:17:31.0612 7956 kbdhid - ok
22:17:31.0627 7956 [ A3E186B4B935905B829219502557314E ] KeyIso C:\windows\system32\lsass.exe
22:17:31.0658 7956 KeyIso - ok
22:17:31.0721 7956 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:17:31.0752 7956 KSecDD - ok
22:17:31.0799 7956 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\windows\system32\msdtckrm.dll
22:17:31.0830 7956 KtmRm - ok
22:17:31.0877 7956 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\windows\system32\srvsvc.dll
22:17:31.0924 7956 LanmanServer - ok
22:17:32.0002 7956 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:17:32.0048 7956 LanmanWorkstation - ok
22:17:32.0095 7956 [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:17:32.0111 7956 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:17:32.0111 7956 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:17:32.0126 7956 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:17:32.0173 7956 lltdio - ok
22:17:32.0204 7956 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\windows\System32\lltdsvc.dll
22:17:32.0251 7956 lltdsvc - ok
22:17:32.0282 7956 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\windows\System32\lmhsvc.dll
22:17:32.0314 7956 lmhosts - ok
22:17:32.0329 7956 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
22:17:32.0345 7956 LSI_FC - ok
22:17:32.0360 7956 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
22:17:32.0376 7956 LSI_SAS - ok
22:17:32.0376 7956 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
22:17:32.0392 7956 LSI_SCSI - ok
22:17:32.0407 7956 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\windows\system32\drivers\luafv.sys
22:17:32.0438 7956 luafv - ok
22:17:32.0470 7956 [ D5673785903639D186DC345FF86F423F ] massfilter C:\windows\system32\DRIVERS\massfilter.sys
22:17:32.0485 7956 massfilter - ok
22:17:32.0532 7956 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
22:17:32.0548 7956 MBAMProtector - ok
22:17:32.0579 7956 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:17:32.0594 7956 MBAMScheduler - ok
22:17:32.0626 7956 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:17:32.0657 7956 MBAMService - ok
22:17:32.0688 7956 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\windows\system32\drivers\megasas.sys
22:17:32.0704 7956 megasas - ok
22:17:32.0719 7956 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\windows\system32\drivers\megasr.sys
22:17:32.0797 7956 MegaSR - ok
22:17:32.0813 7956 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\windows\system32\mmcss.dll
22:17:32.0860 7956 MMCSS - ok
22:17:32.0875 7956 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\windows\system32\drivers\modem.sys
22:17:32.0906 7956 Modem - ok
22:17:32.0938 7956 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:17:32.0969 7956 monitor - ok
22:17:32.0984 7956 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:17:33.0000 7956 mouclass - ok
22:17:33.0016 7956 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:17:33.0047 7956 mouhid - ok
22:17:33.0078 7956 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\windows\system32\drivers\mountmgr.sys
22:17:33.0094 7956 MountMgr - ok
22:17:33.0109 7956 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\windows\system32\drivers\mpio.sys
22:17:33.0125 7956 mpio - ok
22:17:33.0125 7956 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:17:33.0172 7956 mpsdrv - ok
22:17:33.0203 7956 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\windows\system32\mpssvc.dll
22:17:33.0234 7956 MpsSvc - ok
22:17:33.0265 7956 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\windows\system32\drivers\mraid35x.sys
22:17:33.0265 7956 Mraid35x - ok
22:17:33.0312 7956 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:17:33.0328 7956 MRxDAV - ok
22:17:33.0359 7956 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:17:33.0390 7956 mrxsmb - ok
22:17:33.0421 7956 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:17:33.0452 7956 mrxsmb10 - ok
22:17:33.0468 7956 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:17:33.0484 7956 mrxsmb20 - ok
22:17:33.0499 7956 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\windows\system32\drivers\msahci.sys
22:17:33.0499 7956 msahci - ok
22:17:33.0530 7956 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:17:33.0546 7956 msdsm - ok
22:17:33.0562 7956 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\windows\System32\msdtc.exe
22:17:33.0608 7956 MSDTC - ok
22:17:33.0624 7956 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:17:33.0671 7956 Msfs - ok
22:17:33.0686 7956 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:17:33.0702 7956 msisadrv - ok
22:17:33.0733 7956 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:17:33.0780 7956 MSiSCSI - ok
22:17:33.0780 7956 msiserver - ok
22:17:33.0796 7956 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:17:33.0842 7956 MSKSSRV - ok
22:17:33.0858 7956 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:17:33.0905 7956 MSPCLOCK - ok
22:17:33.0920 7956 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:17:33.0967 7956 MSPQM - ok
22:17:33.0998 7956 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:17:34.0014 7956 MsRPC - ok
22:17:34.0030 7956 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
22:17:34.0045 7956 mssmbios - ok
22:17:34.0061 7956 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:17:34.0092 7956 MSTEE - ok
22:17:34.0108 7956 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\windows\system32\Drivers\mup.sys
22:17:34.0108 7956 Mup - ok
22:17:34.0154 7956 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\windows\system32\qagentRT.dll
22:17:34.0186 7956 napagent - ok
22:17:34.0217 7956 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:17:34.0248 7956 NativeWifiP - ok
22:17:34.0279 7956 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\windows\system32\drivers\ndis.sys
22:17:34.0310 7956 NDIS - ok
22:17:34.0326 7956 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:17:34.0357 7956 NdisTapi - ok
22:17:34.0373 7956 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:17:34.0404 7956 Ndisuio - ok
22:17:34.0420 7956 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:17:34.0451 7956 NdisWan - ok
22:17:34.0451 7956 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:17:34.0482 7956 NDProxy - ok
22:17:34.0529 7956 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
22:17:34.0544 7956 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:17:34.0544 7956 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:17:34.0576 7956 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:17:34.0607 7956 NetBIOS - ok
22:17:34.0638 7956 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\windows\system32\DRIVERS\netbt.sys
22:17:34.0669 7956 netbt - ok
22:17:34.0685 7956 [ A3E186B4B935905B829219502557314E ] Netlogon C:\windows\system32\lsass.exe
22:17:34.0700 7956 Netlogon - ok
22:17:34.0732 7956 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\windows\System32\netman.dll
22:17:34.0778 7956 Netman - ok
22:17:34.0794 7956 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\windows\System32\netprofm.dll
22:17:34.0841 7956 netprofm - ok
22:17:34.0872 7956 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:17:34.0888 7956 NetTcpPortSharing - ok
22:17:35.0028 7956 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\windows\system32\DRIVERS\NETw5v32.sys
22:17:35.0231 7956 NETw5v32 - ok
22:17:35.0246 7956 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
22:17:35.0262 7956 nfrd960 - ok
22:17:35.0293 7956 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\windows\System32\nlasvc.dll
22:17:35.0340 7956 NlaSvc - ok
22:17:35.0356 7956 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\windows\system32\drivers\Npfs.sys
22:17:35.0371 7956 Npfs - ok
22:17:35.0387 7956 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\windows\system32\nsisvc.dll
22:17:35.0418 7956 nsi - ok
22:17:35.0434 7956 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:17:35.0465 7956 nsiproxy - ok
22:17:35.0512 7956 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:17:35.0558 7956 Ntfs - ok
22:17:35.0636 7956 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\windows\system32\drivers\ntrigdigi.sys
22:17:35.0683 7956 ntrigdigi - ok
22:17:35.0699 7956 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\windows\system32\drivers\Null.sys
22:17:35.0714 7956 Null - ok
22:17:35.0730 7956 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\windows\system32\drivers\nvraid.sys
22:17:35.0746 7956 nvraid - ok
22:17:35.0761 7956 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\windows\system32\drivers\nvstor.sys
22:17:35.0777 7956 nvstor - ok
22:17:35.0792 7956 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:17:35.0808 7956 nv_agp - ok
22:17:35.0870 7956 [ AA62BA29EF342D805555196F46FCAA4E ] NWADI C:\windows\system32\DRIVERS\NWADIenum.sys
22:17:35.0902 7956 NWADI - ok
22:17:35.0917 7956 NwlnkFlt - ok
22:17:35.0917 7956 NwlnkFwd - ok
22:17:35.0933 7956 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
22:17:35.0980 7956 ohci1394 - ok
22:17:36.0011 7956 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\windows\system32\p2psvc.dll
22:17:36.0058 7956 p2pimsvc - ok
22:17:36.0073 7956 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\windows\system32\p2psvc.dll
22:17:36.0104 7956 p2psvc - ok
22:17:36.0167 7956 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\windows\system32\DRIVERS\parport.sys
22:17:36.0198 7956 Parport - ok
22:17:36.0245 7956 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\windows\system32\drivers\partmgr.sys
22:17:36.0260 7956 partmgr - ok
22:17:36.0276 7956 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
22:17:36.0323 7956 Parvdm - ok
22:17:36.0338 7956 PCASp50 - ok
22:17:36.0370 7956 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\windows\System32\pcasvc.dll
22:17:36.0401 7956 PcaSvc - ok
22:17:36.0448 7956 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\windows\system32\drivers\pci.sys
22:17:36.0463 7956 pci - ok
22:17:36.0479 7956 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\windows\system32\drivers\pciide.sys
22:17:36.0494 7956 pciide - ok
22:17:36.0572 7956 [ E3993FD134812E55FC8885D924D46D58 ] PCloudd C:\Program Files\Iomega Storage Manager\pCloudd.exe
22:17:36.0588 7956 PCloudd ( UnsignedFile.Multi.Generic ) - warning
22:17:36.0588 7956 PCloudd - detected UnsignedFile.Multi.Generic (1)
22:17:36.0619 7956 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
22:17:36.0635 7956 pcmcia - ok
22:17:36.0666 7956 pdfcDispatcher - ok
22:17:36.0713 7956 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:17:36.0791 7956 PEAUTH - ok
22:17:36.0869 7956 [ B1689DF169143F57053F795390C99DB3 ] pla C:\windows\system32\pla.dll
22:17:36.0994 7956 pla - ok
22:17:37.0025 7956 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:17:37.0056 7956 PlugPlay - ok
22:17:37.0103 7956 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
22:17:37.0118 7956 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:17:37.0118 7956 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:17:37.0134 7956 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\windows\system32\p2psvc.dll
22:17:37.0243 7956 PNRPAutoReg - ok
22:17:37.0259 7956 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\windows\system32\p2psvc.dll
22:17:37.0274 7956 PNRPsvc - ok
22:17:37.0337 7956 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:17:37.0368 7956 PolicyAgent - ok
22:17:37.0399 7956 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:17:37.0430 7956 PptpMiniport - ok
22:17:37.0446 7956 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\windows\system32\drivers\processr.sys
22:17:37.0462 7956 Processor - ok
22:17:37.0493 7956 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\windows\system32\profsvc.dll
22:17:37.0508 7956 ProfSvc - ok
22:17:37.0524 7956 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\windows\system32\lsass.exe
22:17:37.0540 7956 ProtectedStorage - ok
22:17:37.0571 7956 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\windows\system32\DRIVERS\pacer.sys
22:17:37.0602 7956 PSched - ok
22:17:37.0649 7956 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
22:17:37.0664 7956 PxHelp20 - ok
22:17:37.0727 7956 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\windows\system32\drivers\ql2300.sys
22:17:37.0789 7956 ql2300 - ok
22:17:37.0805 7956 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\windows\system32\drivers\ql40xx.sys
22:17:37.0820 7956 ql40xx - ok
22:17:37.0867 7956 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\windows\system32\qwave.dll
22:17:37.0898 7956 QWAVE - ok
22:17:37.0930 7956 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:17:37.0945 7956 QWAVEdrv - ok
22:17:38.0008 7956 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
22:17:38.0054 7956 RapiMgr - ok
22:17:38.0070 7956 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:17:38.0101 7956 RasAcd - ok
22:17:38.0117 7956 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\windows\System32\rasauto.dll
22:17:38.0164 7956 RasAuto - ok
22:17:38.0179 7956 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:17:38.0210 7956 Rasl2tp - ok
22:17:38.0242 7956 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\windows\System32\rasmans.dll
22:17:38.0273 7956 RasMan - ok
22:17:38.0288 7956 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:17:38.0320 7956 RasPppoe - ok
22:17:38.0351 7956 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:17:38.0366 7956 RasSstp - ok
22:17:38.0398 7956 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:17:38.0429 7956 rdbss - ok
22:17:38.0460 7956 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:17:38.0491 7956 RDPCDD - ok
22:17:38.0507 7956 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\windows\system32\drivers\rdpdr.sys
22:17:38.0538 7956 rdpdr - ok
22:17:38.0554 7956 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:17:38.0585 7956 RDPENCDD - ok
22:17:38.0616 7956 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:17:38.0647 7956 RDPWD - ok
22:17:38.0678 7956 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\windows\System32\mprdim.dll
22:17:38.0694 7956 RemoteAccess - ok
22:17:38.0741 7956 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\windows\system32\regsvc.dll
22:17:38.0772 7956 RemoteRegistry - ok
22:17:38.0803 7956 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
22:17:38.0850 7956 RFCOMM - ok
22:17:38.0912 7956 [ EEC7EE5675294B03E88AA868540007C1 ] RMCAST C:\windows\system32\DRIVERS\RMCAST.sys
22:17:38.0944 7956 RMCAST - ok
22:17:39.0068 7956 [ 5C13017FC008F8492D03143634A479CE ] RoxMediaDB10 c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
22:17:39.0115 7956 RoxMediaDB10 - ok
22:17:39.0146 7956 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\windows\system32\locator.exe
22:17:39.0193 7956 RpcLocator - ok
22:17:39.0256 7956 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\windows\system32\rpcnet.exe
22:17:39.0271 7956 rpcnet - ok
22:17:39.0302 7956 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\windows\system32\rpcss.dll
22:17:39.0349 7956 RpcSs - ok
22:17:39.0396 7956 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:17:39.0427 7956 rspndr - ok
22:17:39.0458 7956 [ 3BEEFE509C414F3A6E55E5C7C4024581 ] RsvLock C:\windows\system32\drivers\RsvLock.sys
22:17:39.0474 7956 RsvLock - ok
22:17:39.0474 7956 [ 2A5EEDCB22A5D6BB0231E38A38E7A7D9 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
22:17:39.0474 7956 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2A5EEDCB22A5D6BB0231E38A38E7A7D9
22:17:39.0474 7956 SafeBoot ( LockedFile.Multi.Generic ) - warning
22:17:39.0474 7956 SafeBoot - detected LockedFile.Multi.Generic (1)
22:17:39.0490 7956 [ A3E186B4B935905B829219502557314E ] SamSs C:\windows\system32\lsass.exe
22:17:39.0505 7956 SamSs - ok
22:17:39.0505 7956 [ 52DCDE2D1787217E15FFDCA1CBF8CCE9 ] SbAlg C:\windows\system32\drivers\SbAlg.sys
22:17:39.0521 7956 SbAlg - ok
22:17:39.0536 7956 [ 69A5AF9CE49A0982E7AE7C7D62BDB2B1 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys
22:17:39.0552 7956 SbFsLock - ok
22:17:39.0552 7956 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:17:39.0568 7956 sbp2port - ok
22:17:39.0599 7956 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\windows\System32\SCardSvr.dll
22:17:39.0614 7956 SCardSvr - ok
22:17:39.0661 7956 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\windows\system32\schedsvc.dll
22:17:39.0724 7956 Schedule - ok
22:17:39.0755 7956 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\windows\System32\certprop.dll
22:17:39.0770 7956 SCPolicySvc - ok
22:17:39.0817 7956 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:17:39.0864 7956 SDRSVC - ok
22:17:39.0895 7956 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:17:39.0942 7956 secdrv - ok
22:17:39.0958 7956 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\windows\system32\seclogon.dll
22:17:40.0004 7956 seclogon - ok
22:17:40.0020 7956 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\windows\System32\sens.dll
22:17:40.0067 7956 SENS - ok
22:17:40.0082 7956 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\windows\system32\drivers\serenum.sys
22:17:40.0129 7956 Serenum - ok
22:17:40.0145 7956 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\windows\system32\drivers\serial.sys
22:17:40.0207 7956 Serial - ok
22:17:40.0254 7956 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\windows\system32\drivers\sermouse.sys
22:17:40.0270 7956 sermouse - ok
22:17:40.0316 7956 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\windows\system32\sessenv.dll
22:17:40.0348 7956 SessionEnv - ok
22:17:40.0363 7956 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:17:40.0379 7956 sffdisk - ok
22:17:40.0394 7956 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:17:40.0441 7956 sffp_mmc - ok
22:17:40.0457 7956 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:17:40.0472 7956 sffp_sd - ok
22:17:40.0488 7956 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
22:17:40.0535 7956 sfloppy - ok
22:17:40.0582 7956 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\windows\System32\ipnathlp.dll
22:17:40.0628 7956 SharedAccess - ok
22:17:40.0660 7956 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:17:40.0691 7956 ShellHWDetection - ok
22:17:40.0722 7956 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\windows\system32\drivers\sisagp.sys
22:17:40.0722 7956 sisagp - ok
22:17:40.0753 7956 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\windows\system32\drivers\sisraid2.sys
22:17:40.0769 7956 SiSRaid2 - ok
22:17:40.0784 7956 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
22:17:40.0800 7956 SiSRaid4 - ok
22:17:40.0925 7956 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\windows\system32\SLsvc.exe
22:17:41.0143 7956 slsvc - ok
22:17:41.0174 7956 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\windows\system32\SLUINotify.dll
22:17:41.0221 7956 SLUINotify - ok
22:17:41.0252 7956 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:17:41.0268 7956 Smb - ok
22:17:41.0299 7956 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:17:41.0299 7956 SNMPTRAP - ok
22:17:41.0377 7956 [ CF9CDE12FBC19DBA8DE528B7511A2F4F ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys
22:17:41.0533 7956 SNP2UVC - ok
22:17:41.0549 7956 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\windows\system32\drivers\spldr.sys
22:17:41.0564 7956 spldr - ok
22:17:41.0580 7956 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\windows\System32\spoolsv.exe
22:17:41.0611 7956 Spooler - ok
22:17:41.0658 7956 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\windows\system32\DRIVERS\srv.sys
22:17:41.0705 7956 srv - ok
22:17:41.0736 7956 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:17:41.0767 7956 srv2 - ok
22:17:41.0783 7956 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:17:41.0814 7956 srvnet - ok
22:17:41.0845 7956 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:17:41.0876 7956 SSDPSRV - ok
22:17:41.0908 7956 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
22:17:41.0923 7956 ssmdrv - ok
22:17:41.0954 7956 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\windows\system32\sstpsvc.dll
22:17:41.0970 7956 SstpSvc - ok
22:17:42.0017 7956 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\windows\system32\DRIVERS\serscan.sys
22:17:42.0048 7956 StillCam - ok
22:17:42.0079 7956 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\windows\System32\wiaservc.dll
22:17:42.0095 7956 stisvc - ok
22:17:42.0157 7956 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:17:42.0157 7956 stllssvr - ok
22:17:42.0188 7956 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\windows\system32\DRIVERS\swenum.sys
22:17:42.0188 7956 swenum - ok
22:17:42.0235 7956 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\windows\System32\swprv.dll
22:17:42.0266 7956 swprv - ok
22:17:42.0282 7956 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\windows\system32\drivers\symc8xx.sys
22:17:42.0298 7956 Symc8xx - ok
22:17:42.0313 7956 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\windows\system32\drivers\sym_hi.sys
22:17:42.0313 7956 Sym_hi - ok
22:17:42.0329 7956 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\windows\system32\drivers\sym_u3.sys
22:17:42.0344 7956 Sym_u3 - ok
22:17:42.0407 7956 [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
22:17:42.0422 7956 SynTP - ok
22:17:42.0485 7956 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\windows\system32\sysmain.dll
22:17:42.0532 7956 SysMain - ok
22:17:42.0547 7956 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\windows\System32\TabSvc.dll
22:17:42.0594 7956 TabletInputService - ok
22:17:42.0625 7956 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\windows\System32\tapisrv.dll
22:17:42.0656 7956 TapiSrv - ok
22:17:42.0672 7956 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\windows\System32\tbssvc.dll
22:17:42.0703 7956 TBS - ok
22:17:42.0766 7956 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:17:42.0812 7956 Tcpip - ok
22:17:42.0828 7956 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\windows\system32\DRIVERS\tcpip.sys
22:17:43.0015 7956 Tcpip6 - ok
22:17:43.0062 7956 [ 74905EBCBB8CBDB1F3C0B1778BBCB4BC ] tcpipBM C:\windows\system32\drivers\tcpipBM.sys
22:17:43.0078 7956 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
22:17:43.0078 7956 tcpipBM - detected UnsignedFile.Multi.Generic (1)
22:17:43.0093 7956 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:17:43.0124 7956 tcpipreg - ok
22:17:43.0156 7956 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:17:43.0187 7956 TDPIPE - ok
22:17:43.0202 7956 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:17:43.0234 7956 TDTCP - ok
22:17:43.0265 7956 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:17:43.0280 7956 tdx - ok
22:17:43.0312 7956 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
22:17:43.0327 7956 TermDD - ok
22:17:43.0343 7956 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\windows\System32\termsrv.dll
22:17:43.0374 7956 TermService - ok
22:17:43.0390 7956 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\windows\system32\shsvcs.dll
22:17:43.0405 7956 Themes - ok
22:17:43.0436 7956 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\windows\system32\mmcss.dll
22:17:43.0452 7956 THREADORDER - ok
22:17:43.0499 7956 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\windows\system32\drivers\tpm.sys
22:17:43.0499 7956 TPM - ok
22:17:43.0530 7956 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\windows\System32\trkwks.dll
22:17:43.0546 7956 TrkWks - ok
22:17:43.0608 7956 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:17:43.0639 7956 TrustedInstaller - ok
22:17:43.0655 7956 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:17:43.0702 7956 tssecsrv - ok
22:17:43.0733 7956 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\windows\system32\DRIVERS\tunmp.sys
22:17:43.0764 7956 tunmp - ok
22:17:43.0795 7956 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:17:43.0811 7956 tunnel - ok
22:17:43.0842 7956 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\windows\system32\drivers\uagp35.sys
22:17:43.0858 7956 uagp35 - ok
22:17:43.0889 7956 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:17:43.0904 7956 udfs - ok
22:17:43.0982 7956 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\windows\system32\UI0Detect.exe
22:17:44.0045 7956 UI0Detect - ok
22:17:44.0060 7956 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:17:44.0076 7956 uliagpkx - ok
22:17:44.0092 7956 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\windows\system32\drivers\uliahci.sys
22:17:44.0107 7956 uliahci - ok
22:17:44.0123 7956 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\windows\system32\drivers\ulsata.sys
22:17:44.0138 7956 UlSata - ok
22:17:44.0138 7956 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\windows\system32\drivers\ulsata2.sys
22:17:44.0154 7956 ulsata2 - ok
22:17:44.0170 7956 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\windows\system32\DRIVERS\umbus.sys
22:17:44.0216 7956 umbus - ok
22:17:44.0248 7956 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\windows\System32\upnphost.dll
22:17:44.0279 7956 upnphost - ok
22:17:44.0294 7956 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:17:44.0310 7956 usbccgp - ok
22:17:44.0326 7956 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\windows\system32\drivers\usbcir.sys
22:17:44.0372 7956 usbcir - ok
22:17:44.0404 7956 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
22:17:44.0435 7956 usbehci - ok
22:17:44.0482 7956 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:17:44.0528 7956 usbhub - ok
22:17:44.0560 7956 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
22:17:44.0591 7956 usbohci - ok
22:17:44.0606 7956 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\windows\system32\drivers\usbprint.sys
22:17:44.0653 7956 usbprint - ok
22:17:44.0716 7956 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:17:44.0762 7956 USBSTOR - ok
22:17:44.0778 7956 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
22:17:44.0794 7956 usbuhci - ok
22:17:44.0840 7956 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
22:17:44.0887 7956 usbvideo - ok
22:17:44.0918 7956 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys
22:17:44.0950 7956 usb_rndisx - ok
22:17:44.0996 7956 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\windows\System32\uxsms.dll
22:17:45.0028 7956 UxSms - ok
22:17:45.0059 7956 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\windows\System32\vds.exe
22:17:45.0106 7956 vds - ok
22:17:45.0152 7956 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:17:45.0168 7956 vga - ok
22:17:45.0199 7956 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\windows\System32\drivers\vga.sys
22:17:45.0230 7956 VgaSave - ok
22:17:45.0246 7956 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\windows\system32\drivers\viaagp.sys
22:17:45.0262 7956 viaagp - ok
22:17:45.0277 7956 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\windows\system32\drivers\viac7.sys
22:17:45.0308 7956 ViaC7 - ok
22:17:45.0324 7956 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\windows\system32\drivers\viaide.sys
22:17:45.0324 7956 viaide - ok
22:17:45.0371 7956 [ EEDEF70F54E4BAB9D7A8D79F3418B3F1 ] vNICdrv C:\windows\system32\DRIVERS\vNICdrv.sys
22:17:45.0418 7956 vNICdrv - ok
22:17:45.0433 7956 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:17:45.0449 7956 volmgr - ok
22:17:45.0480 7956 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:17:45.0496 7956 volmgrx - ok
22:17:45.0589 7956 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\windows\system32\drivers\volsnap.sys
22:17:45.0636 7956 volsnap - ok
22:17:45.0652 7956 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
22:17:45.0667 7956 vsmraid - ok
22:17:45.0714 7956 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\windows\system32\vssvc.exe
22:17:45.0776 7956 VSS - ok
22:17:45.0808 7956 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\windows\system32\w32time.dll
22:17:45.0839 7956 W32Time - ok
22:17:45.0854 7956 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\windows\system32\drivers\wacompen.sys
22:17:45.0886 7956 WacomPen - ok
22:17:45.0948 7956 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
22:17:45.0979 7956 Wanarp - ok
22:17:45.0995 7956 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:17:46.0010 7956 Wanarpv6 - ok
22:17:46.0073 7956 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
22:17:46.0104 7956 WcesComm - ok
22:17:46.0229 7956 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\windows\System32\wcncsvc.dll
22:17:46.0291 7956 wcncsvc - ok
22:17:46.0322 7956 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:17:46.0354 7956 WcsPlugInService - ok
22:17:46.0369 7956 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\windows\system32\drivers\wd.sys
22:17:46.0385 7956 Wd - ok
22:17:46.0494 7956 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:17:46.0525 7956 Wdf01000 - ok
22:17:46.0541 7956 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\windows\system32\wdi.dll
22:17:46.0588 7956 WdiServiceHost - ok
22:17:46.0588 7956 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\windows\system32\wdi.dll
22:17:46.0619 7956 WdiSystemHost - ok
22:17:46.0634 7956 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\windows\System32\webclnt.dll
22:17:46.0681 7956 WebClient - ok
22:17:46.0712 7956 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\windows\system32\wecsvc.dll
22:17:46.0744 7956 Wecsvc - ok
22:17:46.0759 7956 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\windows\System32\wercplsupport.dll
22:17:46.0790 7956 wercplsupport - ok
22:17:46.0822 7956 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\windows\System32\WerSvc.dll
22:17:46.0853 7956 WerSvc - ok
22:17:46.0900 7956 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:17:46.0915 7956 WinDefend - ok
22:17:46.0931 7956 WinHttpAutoProxySvc - ok
22:17:46.0978 7956 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:17:46.0993 7956 Winmgmt - ok
22:17:47.0056 7956 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\windows\system32\WsmSvc.dll
22:17:47.0243 7956 WinRM - ok
22:17:47.0274 7956 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\windows\System32\wlansvc.dll
22:17:47.0352 7956 Wlansvc - ok
22:17:47.0368 7956 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
22:17:47.0399 7956 WmiAcpi - ok
22:17:47.0430 7956 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:17:47.0446 7956 wmiApSrv - ok
22:17:47.0524 7956 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:17:47.0555 7956 WMPNetworkSvc - ok
22:17:47.0602 7956 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\windows\System32\wpcsvc.dll
22:17:47.0633 7956 WPCSvc - ok
22:17:47.0680 7956 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:17:47.0695 7956 WPDBusEnum - ok
22:17:47.0742 7956 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\windows\system32\DRIVERS\wpdusb.sys
22:17:47.0758 7956 WpdUsb - ok
22:17:47.0867 7956 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:17:47.0898 7956 WPFFontCache_v0400 - ok
22:17:47.0945 7956 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:17:47.0976 7956 ws2ifsl - ok
22:17:48.0023 7956 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\windows\System32\wscsvc.dll
22:17:48.0054 7956 wscsvc - ok
22:17:48.0054 7956 WSearch - ok
22:17:48.0148 7956 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
22:17:48.0257 7956 wuauserv - ok
22:17:48.0319 7956 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:17:48.0335 7956 WudfPf - ok
22:17:48.0382 7956 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
22:17:48.0413 7956 WUDFRd - ok
22:17:48.0460 7956 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:17:48.0475 7956 wudfsvc - ok
22:17:48.0538 7956 [ F72D4BFFA37E857D195048C498AFC61B ] yukonwlh C:\windows\system32\DRIVERS\yk60x86.sys
22:17:48.0569 7956 yukonwlh - ok
22:17:48.0616 7956 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:17:48.0647 7956 ZTEusbmdm6k - ok
22:17:48.0694 7956 [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet C:\windows\system32\DRIVERS\ZTEusbnet.sys
22:17:48.0709 7956 ZTEusbnet - ok
22:17:48.0772 7956 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys
22:17:48.0803 7956 ZTEusbnmea - ok
22:17:48.0818 7956 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys
22:17:48.0818 7956 ZTEusbser6k - ok
22:17:48.0850 7956 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice C:\windows\system32\DRIVERS\ZTEusbvoice.sys
22:17:48.0865 7956 ZTEusbvoice - ok
22:17:48.0896 7956 ================ Scan global ===============================
22:17:48.0912 7956 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\windows\system32\basesrv.dll
22:17:48.0959 7956 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\windows\system32\winsrv.dll
22:17:48.0974 7956 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\windows\system32\winsrv.dll
22:17:49.0021 7956 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\windows\system32\services.exe
22:17:49.0021 7956 [Global] - ok
22:17:49.0021 7956 ================ Scan MBR ==================================
22:17:49.0021 7956 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:17:49.0286 7956 \Device\Harddisk0\DR0 - ok
22:17:49.0286 7956 ================ Scan VBR ==================================
22:17:49.0286 7956 [ D862C8573F8B1F08CE5F73EC39D43BF3 ] \Device\Harddisk0\DR0\Partition1
22:17:49.0286 7956 \Device\Harddisk0\DR0\Partition1 - ok
22:17:49.0318 7956 [ E427449B4FB1A776F31B37969FC15A6C ] \Device\Harddisk0\DR0\Partition2
22:17:49.0318 7956 \Device\Harddisk0\DR0\Partition2 - ok
22:17:49.0333 7956 [ CAFF4F8285231C663915BDF7695816A4 ] \Device\Harddisk0\DR0\Partition3
22:17:49.0333 7956 \Device\Harddisk0\DR0\Partition3 - ok
22:17:49.0333 7956 ============================================================
22:17:49.0333 7956 Scan finished
22:17:49.0333 7956 ============================================================
22:17:49.0349 7560 Detected object count: 13
22:17:49.0349 7560 Actual detected object count: 13
22:18:56.0320 7560 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0320 7560 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0320 7560 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0320 7560 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0320 7560 HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0320 7560 HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0320 7560 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0320 7560 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0320 7560 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0320 7560 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0320 7560 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0320 7560 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0320 7560 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0320 7560 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0320 7560 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0320 7560 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0320 7560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0320 7560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0335 7560 PCloudd ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0335 7560 PCloudd ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0335 7560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0335 7560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:56.0335 7560 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
22:18:56.0335 7560 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
22:18:56.0335 7560 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:56.0335 7560 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
03.01.2013, 22:46
| #8 | |
| /// Malware-holic | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 15:47
| #9 |
| | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hallo, habe Combofix heruntergeladen und nach Deaktivierung von Antivir ausgeführt. Beim Starten kam dann die Meldung, dass Antivir noch aktiv ist, also habe ich im Antivir Desktop nochmal gecheckt, und dann "ok" gedrückt - worauf aber wieder die gleiche Meldung kam. Da in dem Combofix Fenster nur ein "ok"-Button war und ich vorher nochmal nachfragen wollte, habe ich das Fenster mit dem "x" geschlossen, worauf Combofix nicht abgerochen wurde, sondern begonnen hat. Hier der Report von Combofix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 13-01-03.05 - Martin 03.01.2013 23:20:55.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.3066.1441 [GMT 1:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martin\AppData\Local\dqgvdyg.dat
c:\users\Martin\AppData\Local\dqgvdyg_navps.dat
c:\windows\System32\msvcr70.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-03 bis 2013-01-03 ))))))))))))))))))))))))))))))
.
.
2013-01-03 22:29 . 2013-01-03 22:29 -------- d-----w- c:\users\Simone\AppData\Local\temp
2013-01-03 22:29 . 2013-01-03 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-03 22:29 . 2013-01-03 22:29 -------- d-----w- c:\users\Jakob\AppData\Local\temp
2013-01-03 22:10 . 2013-01-03 22:10 710504 ----a-w- c:\windows\is-L40GM.exe
2012-12-28 21:38 . 2012-12-29 19:51 -------- d-----w- C:\_OTL
2012-12-26 23:19 . 2012-12-26 23:19 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-12-26 23:19 . 2012-12-26 23:19 -------- d-----w- c:\programdata\Malwarebytes
2012-12-26 23:19 . 2013-01-03 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-26 23:19 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-25 20:04 . 2012-12-25 20:05 -------- d-----w- c:\program files\SopCast
2012-12-25 19:52 . 2012-12-25 19:52 -------- d-----w- c:\users\Martin\AppData\Local\TVU Networks
2012-12-25 19:52 . 2012-12-25 19:52 -------- d-----w- c:\programdata\TVU Networks
2012-12-22 19:39 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 19:39 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-18 16:49 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDBDCC28-74D9-49EB-B0DB-60E1F137137B}\mpengine.dll
2012-12-14 16:32 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-14 16:32 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-14 16:32 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-14 16:32 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-14 16:32 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-14 16:32 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-14 16:32 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-14 16:32 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-14 16:32 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-14 16:32 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-14 16:32 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 17:02 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 17:02 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 17:02 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 17:02 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 17:01 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-03 22:44 . 2009-09-29 05:32 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-01-03 22:44 . 2009-09-29 05:37 58288 ----a-w- c:\windows\system32\rpcnet.dll
2013-01-03 22:41 . 2009-05-06 18:44 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2013-01-03 22:10 . 2013-01-03 22:10 710504 ----a-w- c:\windows\isRS-000.tmp
2013-01-01 21:46 . 2012-04-30 17:56 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-01 21:46 . 2012-01-10 18:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-22 22:51 . 2009-09-29 05:37 58288 ------w- c:\windows\system32\rpcnet.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMini.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2008-09-15 05:47 1784856 ----a-w- c:\program files\Mininova-Vuze\tbMini.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMini.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\tbMini.dll" [2008-09-15 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408]
"GoogleChromeAutoLaunch_B3FBEF5462B7ECF3CF8933E4FE9764B6"="c:\program files\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 11\Register\registration.exe" [2005-02-17 315392]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"DataCardMonitor"="c:\program files\Huawei Modems\DataCardMonitor.exe" [2009-08-03 249856]
"KMConfig"="c:\program files\Multimedia Mouse Driver\V5\StartAutorun.exe" [2007-03-06 212992]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2012-11-22 1461896]
.
c:\users\Ellena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Spc.lnk - c:\program files\Smart PC Solutions\Smart Parental Control\SPC.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-16 727592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Iomega Storage Manager.lnk - c:\program files\Iomega Storage Manager\IomegaStorageManager.exe [2011-8-6 2158160]
MCtlSvc.lnk - c:\program files\congstar\Internet-Manager\Bin\mcserver.exe [2012-8-5 60688]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2009-2-19 2641920]
Photo Loader resident.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2012-4-7 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 21:46]
.
2013-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 19:32]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 20:54]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 20:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyServer = 192.168.100.1:800
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{AD65EA02-71B4-449D-A2E5-6FE2D5588943}: NameServer = 192.168.100.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1fnq20.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-dqgvdyg - c:\users\martin\appdata\local\dqgvdyg.exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
HKLM-Run-WatchDog - c:\program files\InterVideo\DVD Check\DVDCheck.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-eMule - c:\program files\eMule\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-03 23:47
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\Huawei Modems\DataCardMonitor.exe?MD;.VBS;.VBE;.JS;.JSE??\L????(;??p???Platform=BNB?PROCESSOR_Ae??e7???(;??????PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel?PROCESSOR_LEVEL=6?PROCESSOR_REVISION=0f0d?ProgramData=C:\Pr
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4840)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Hpservice.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\lpksetup.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Iomega Storage Manager\pCloudd.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\windows\system32\rpcnet.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\rundll32.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Multimedia Mouse Driver\V5\KMConfig.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Multimedia Mouse Driver\V5\KMProcess.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\congstar\Internet-Manager\Bin\dbus-daemon.exe
c:\program files\FastStone Capture\FSCapture.exe
c:\program files\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-03 23:52:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-03 22:52
.
Vor Suchlauf: 10 Verzeichnis(se), 218.253.852.672 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 220.269.088.768 Bytes frei
.
- - End Of File - - BEDAEDA8095C7837278E569F8F812719
Also Combofix den Rechner für den Neustart heruntergefahren hat, kam folgende Windows-Meldung: - LogonUI - Komponente nicht gefunden Die Anwendung konnte nicht gestartet werden, weil MSVCR70.dll nicht gefunden wurde. Neuinstallation könnte das Problem beheben. Diese Meldung kommt jetzt auch jedes mal beim Start des Rechners. Nachdem man diese dreimal weggedrückt hat, kommt aber doch der Windows Anmeldescreen mit den Pictogrammen der User (sieht aber anders aus als vorher). Beim Neustart kam nochmal eine Fehlermeldung, die jetzt ebenfalls nach jedem Start aufpoppt, aber keine für mich spürbare Auswirkung hat. Siehe Anlage "after_combofix.jpg". Aktueller Status: - Umleitung (falsche links) ist weg - Nach Combofix ist auch das Sicherheitscenter wieder aktiv - Meldungen wie oben beschrieben nach Combofix Sieht schon deutlich besser aus, als noch vor ein paar Tagen - Danke! |
|
05.01.2013, 17:40
| #10 |
| /// Malware-holic | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hi was steht auf der Grafik, bitte mal als text posten. bitte auch mal instalieren (x86 version) http://www.microsoft.com/de-de/downl....aspx?id=30679 neustarten, testen, ob sich was gebessert hatt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 18:30
| #11 |
| | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hallo, hier der Inhalt der zweiten Meldung: Fenstername: RunDLL Fenstertext: Fehler beim Laden von C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll Das angegebene Modul wurde nicht gefunden. UPDATE: - Keine Änderung nach Installation von Microsoft C++ Kit - Die MSVCR70.dll wurde von Combofix gelöscht. Eine Datei MSVCR70.dll.vir ist im Verzeichnis C:\Qoobox\Quarantine\C\Windows - Die ASTSVCC.dll war laut OTL im Verzeichnis C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll Laut combofix war die ASTSVCC.dll ebenfalls in diesem Verzeichnis "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848] Aktuell befindet sich eine ASTSVCC.dll aber nur in C:\Swsetup\HPTools\PTCRM_4.0.3.1208_APSHook\Program Files\Bin |
|
05.01.2013, 20:09
| #12 |
| /// Malware-holic | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hi, ja hatte ich gesehen, dann müssen wirs mal manuell versuchen. die Datei aus der combofix quarantäne: mach mal nen rechtsklick, umbenennen, nimm das .vir weg so das nur noch .dll da steht. dann verschiebe die Dll an den original ort. die von hp aus C:\Swsetup\HPTools\PTCRM_4.0.3.1208_APSHook\Program Files\Bin nach C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll verschieben, neustarten, testen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 20:55
| #13 |
| | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hallo, habe jetzt die MSVCR70.dll, die von Combofix gesperrt wurde, in System32 kopiert. An- und Abmeldung funktionieren jetzt wieder. Die ASTSVCC.dll war schon im richtigen Verzeichnis - keine Ahnung warum die Fehlermeldung kam - aber die ist jetzt auch weg. Ist das Problem damit gelöst? |
|
07.01.2013, 16:49
| #14 |
| /// Malware-holic | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.01.2013, 22:57
| #15 |
| | Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert Hallo, hier die Datei, habe in Deutsch installiert und die Datei heißt install.txt (nicht uninstall.txt) - sieht aber so aus, als ob das die ist, die Du gemeint hast. Code:
ATTFilter 7-Zip 4.65 26.03.2009 3,13MB notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 15.04.2010 10.0.45.2 unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 01.01.2013 11.5.502.135 notwendig Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 15.07.2012 121MB 10.1.3 notwendig Agere Systems HDA Modem Agere Systems 17.06.2008 notwendig AIMP2 AIMP DevTeam 17.01.2009 5,90MB notwendig Allway Sync version 12.0.0 Botkind Inc 07.01.2012 26,6MB notwendig AP Tuner 3.08 05.01.2010 2,72MB notwendig ATI Catalyst Install Manager ATI Technologies, Inc. 15.01.2009 13,8MB 3.0.664.0 unbekannt Avira Free Antivirus Avira 14.11.2012 61,1MB 12.1.9.1236 notwendig BIOS Configuration for HP ProtectTools Hewlett-Packard 16.06.2008 3,19MB 4.00 A7 unbekannt CCleaner Piriform 19.12.2012 5,08MB 3.26 notwendig CDex extraction audio 16.03.2009 3,29MB unnötig congstar Internet-Manager ZTE CORPORATION 05.08.2012 79,1MB 1.0.0.3 notwendig CorelDRAW Graphics Suite 11 Corel Corporation 21.01.2009 242MB 11 notwendig DivX Codec DivX, Inc. 15.04.2009 1,30MB 6.8.5 unbekannt DivX Player DivX, Inc. 15.04.2009 8,41MB 7.1.0 unbekannt DVD Audio Extractor 4.5.3 Computer Application Studio 16.04.2009 2,15MB unnötig ESU for Microsoft Vista SP1 Hewlett-Packard 16.06.2008 10,8MB 1.00.2.1 unbekannt FastStone Capture 5.3 FastStone Soft 07.03.2012 1,40MB 5.3 notwendig Favorit 13.02.2009 unbekannt File Sanitizer For HP ProtectTools Hewlett-Packard 16.06.2008 28,9MB 1.0.0.18 unbekannt Free DVD MP3 Ripper 1.12 Jodix Technologies Ltd. 15.04.2009 2,82MB unnötig Free Studio version 5.7.4.918 DVDVideoSoft Ltd. 04.10.2012 65,5MB 5.7.4.918 notwendig Free Video to Mp3 Converter version 3.1 DVD Video Soft Limited. 12.02.2009 2,49MB unnötig Free YouTube Download 2.2 DVDVideoSoft Limited. 18.02.2009 2,31MB unnötig Free YouTube to Mp3 Converter version 3.1 DVDVideoSoft Limited. 02.07.2009 2,2 unnötig Google Chrome Google Inc. 15.07.2012 952MB 23.0.1271.97 notwendig Google Earth Google 25.11.2011 92,7MB 6.1.0.5001 unnötig Google Updater Google Inc. 07.09.2011 3,90MB 2.4.2432.1652 unnötig Guitar Chords Ginsh John 05.01.2010 2,10MB 2.2 notwendig Guitar Explorer 1.0 05.01.2010 2,71MB unnötig HP 3D DriveGuard Hewlett-Packard 16.06.2008 2,29MB 3.10 A7 unbekannt HP Customer Experience Enhancements Hewlett-Packard 16.06.2008 0,98MB 5.4.0.2423 unbekannt HP Customer Participation Program 10.0 HP 30.10.2011 240MB 10.0 unbekannt HP Document Manager 1.0 HP 30.10.2011 3,20MB 1.0 notwendig HP Easy Setup - Frontend Hewlett-Packard 16.06.2008 1,57MB 5.4.0.2423 unbekannt HP Help and Support Hewlett-Packard 16.06.2008 14,2MB 2.0.9.0 unbekannt HP Imaging Device Functions 10.0 HP 30.10.2011 3,21MB 10.0 unbekannt HP Officejet All-In-One Series HP 30.10.2011 24,8MB 1.0 notwendig HP ProtectTools Security Manager Suite Hewlett-Packard 16.06.2008 29,2MB 04.00.01.0026 unbekannt HP Quick Launch Buttons 6.40 E1 Hewlett-Packard 16.06.2008 26,4MB 6.40 E1 unbekannt HP Smart Web Printing HP 30.10.2011 8,28MB 3.5 unbekannt HP Software Setup 5.00.A.7 Hewlett-Packard Company 15.01.2009 3,21MB 5.00.A.7 unbekanntU HP Solution Center 10.0 HP 30.10.2011 3,20MB 10.0 notwendig HP Update Hewlett-Packard 09.01.2012 3,92MB 5.003.001.001 unbekannt HP Wallpaper Hewlett-Packard 16.06.2008 72,3MB 1.0.1.4 unnötig HP Webcam Sonix 15.01.2009 5,39MB 5.8.39004.0 unbekannt HP Webcam Application Chicony Electronics Co.,Ltd. 15.01.2009 15,2MB 1.0.020.0418 unbekannt HP Wireless Assistant Hewlett-Packard 16.06.2008 3,85MB 3.00 K1 unbekannt Huawei modem 03.08.2009 3,51MB notwendig Intel® Matrix Storage Manager Intel Corporation 15.01.2009 37,0MB unbekannt Internet Explorer Toolbar 4.7 by SweetPacks SweetIM Technologies Ltd. 07.01.2013 4,62MB 4.7.0002 unnötig InterVideo WinDVD InterVideo Inc. 15.01.2009 46,5MB 5.0-B11.1248 unnötig Iomega Storage Manager EMC 25.12.2011 32,1MB 1.2.4.48286 notwendig iWisoft Free Video Converter 1.2 www.easy-video-converter.com 09.02.2011 21,4MB 1.2 unnötig Java(TM) 6 Update 37 Oracle 18.06.2012 95,6MB 6.0.370 unbekannt Java(TM) 6 Update 6 Sun Microsystems, Inc. 16.06.2008 171MB 1.6.0.60 unbekannt LightScribe System Software 1.12.37.1 LightScribe 16.06.2008 20,8MB 1.12.37.1 unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 03.01.2013 12,3MB 1.70.0.1100 notwendig Microsoft .NET Framework 1.1 20.01.2009 unbekannt Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 25.08.2009 36,9MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.03.2009 27,8MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 14.01.2011 120MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 14.01.2011 24,5MB 4.0.30319 unbekannt Microsoft Office Suite Activation Assistant Microsoft Corporation 16.06.2008 8,36MB 2.7 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.01.2009 2,37MB 8.0.50727.42 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.03.2009 590KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.06.2010 590KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 07.01.2012 11,1MB 10.0.40219 unbekannt Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Corporation 05.01.2013 452KB 11.0.51106.1 unbekannt Mobile Broadband Drivers Novatel Wireless 03.08.2009 2,05MB 2.00.51.13 unbekannt Mozilla Firefox (3.5.7) Mozilla 11.01.2010 25,6MB 3.5.7 (de) unnötig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.01.2009 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 28.04.2010 1,33MB 4.20.9876.0 unbekannt Multimedia Mouse Driver Ihr Firmenname 08.09.2009 6,34MB 2.0 unbekannt Novatel driver package V2.00.51 03.08.2009 unbekannt OCR Software by I.R.I.S. 10.0 HP 30.10.2011 3,20MB 10.0 unbekannt OpenOffice.org 3.3 OpenOffice.org 25.10.2011 432MB 3.3.9567 notwendig PDF Complete PDF Complete, Inc. 15.01.2009 35,2MB 3.5.30 notwendig PDFCreator Frank Heindörfer, Philip Chinery 19.02.2009 34,0MB 0.9.5 notwendig Photo Loader 3.0G 07.04.2012 840KB notwendig Roxio Creator Business Roxio 15.01.2009 376MB 10.1 unbekannt Shop for HP Supplies HP 30.10.2011 240MB 10.0 unnötig SoundMAX Analog Devices 15.01.2009 5,73MB 6.10.1.5820 notwendig Sweetpacks Bundle Uninstaller SweetPacks LTD 07.01.2013 368KB 1.0.0.0 unnötig Synaptics Pointing Device Driver Synaptics 17.06.2008 13,9MB 11.0.7.0 notwendig Uninstall 1.0.0.1 20.10.2010 17,5MB unbekannt Vista Default Settings Hewlett-Packard 16.06.2008 282KB 1.0.6.1 unbekannt VLC media player 2.0.1 VideoLAN 07.04.2012 60,4MB 2.0.1 notwendig WIDCOMM Bluetooth Software 6.0.1.5300 Broadcom Corporation 19.09.2011 40,8MB 6.0.1.5300 notwendig Winamp Nullsoft, Inc 22.10.2009 35,2MB 5.56 unnötig |
|
| Themen zu Falsche Links aus Google/Bing + Sicherheitscenter deaktiviert |
| .com, 32 bit, 7-zip, absturz, anlage, antivir, bho, browser, converter, error, excel, failed, firefox, flash player, google, helper, home, iexplore.exe, install.exe, launch, logfile, mp3, msiinstaller, officejet, origin, plug-in, pup.historytool, scan, schädling, security, software, starten, svchost.exe, vista, windows, wörter |
Linear-Darstellung
