|
Plagegeister aller Art und deren Bekämpfung: Und noch ein GVU Angriff :(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.05.2013, 20:12 | #1 |
| Und noch ein GVU Angriff :( Hallo! Nachdem ihr mir beim letzten Mal so SUPER und kompetent beim Entfernen eines Trojaners geholfen habt (hier nochmal ein ausdrückliches DANKE ) möchte ich mich nochmal an euch wenden. Diesmal hat es meine Freundin erwischt. Sie hat sich heute den GVU Trojaner eingefangen (er lässt sogar die im Laptop eingebaute Kamera filmen). Das Betriebssystem ist Windows Vista. Nachdem sie sich den Trojaner eingefangen hat hat sie sofort das Internet ausgemacht. Den Laptop konnte sie danach noch im Abgesicherten Modus starten, da hat noch alles funktioniert. Allerdings hat sie keinerlei Änderungen mehr in den Systemeinstellungen gemacht und den PC wieder runtergefahren. Seitdem nicht mehr hochgefahren und wir hoffen, ihr könnt uns weiterhelfen. Wir würden uns sehr freuen! |
17.05.2013, 20:14 | #2 |
/// Malware-holic | Und noch ein GVU Angriff :( kommst du an nen pc mit brenner?
__________________download: http://filepony.de/download-isoburner/ isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die Textbox. Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe • Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ |
17.05.2013, 21:07 | #3 |
| Und noch ein GVU Angriff :( Hallo Markus,
__________________OTLPENet ist auf CD gebrannt und damit wurde der PC gebootet. Ich habe dann die OTLPE exe gestartet und es kommt nur die Option "choose Windows Directory". Vorausgewählt ist "my Computer" aber wenn ich mit OK bestätige kommt die Meldung "no Windows installations found". Wenn ich einen anderen Ordner wähle kommt die Meldung "Target is not Windows 2000 or later". Was kann ich nun tun? |
17.05.2013, 21:12 | #4 |
/// Malware-holic | Und noch ein GVU Angriff :( alles nacheinander aufklappen, und den ordner wind, bzw WINDOWS suchen und draufklicken und los gehts.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.05.2013, 22:20 | #5 |
| Und noch ein GVU Angriff :( So, das ist erstmal erledigt. Allerdings habe ich nach dem Scan nur ein log bekommen (oder gefunden). Reicht das oder habe ich etwas übersehen? Code:
ATTFilter OTL logfile created on: 5/17/2013 11:26:22 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 217.43 Gb Total Space | 12.50 Gb Free Space | 5.75% Space Free | Partition Type: NTFS Drive D: | 68.72 Gb Total Space | 68.57 Gb Free Space | 99.78% Space Free | Partition Type: NTFS Drive E: | 1.87 Gb Total Space | 1.87 Gb Free Space | 100.00% Space Free | Partition Type: FAT Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2013/05/15 12:23:58 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/06 04:38:23 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013/04/13 15:12:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/03/29 05:48:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/03/29 05:47:17 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/06/02 10:58:20 | 000,246,520 | ---- | M] () [Disabled] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/12/11 19:47:44 | 000,036,352 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2008/01/22 04:35:52 | 000,103,808 | ---- | M] () [Disabled] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007/08/03 07:24:54 | 000,125,496 | ---- | M] () [Disabled] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (VNUSB) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (ipswuio) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2013/03/29 05:48:25 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013/03/29 05:48:25 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013/03/29 05:48:25 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/27 10:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/25 02:14:34 | 000,024,880 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys -- (OXUDIDRV) DRV - [2009/12/11 19:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009/09/28 03:55:38 | 000,052,656 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys -- (OXSDIDRV_x32) Oxford Semi eSATA Filter (x32) DRV - [2009/09/05 00:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/08/28 13:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009/08/04 16:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2009/07/10 06:04:42 | 001,067,008 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009/06/25 23:56:16 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2009/01/14 15:51:50 | 000,230,952 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2008/12/24 04:39:43 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2008/11/03 03:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008/08/10 22:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008/05/29 12:21:04 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby) DRV - [2008/05/23 20:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008/04/07 02:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CRFILTER.sys -- (CRFILTER) DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007/09/10 03:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2007/08/03 00:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=hp&babsrc=lnkry_nt IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 B9 0B 43 9C 29 CB 01 [binary data] IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\Cathrin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Cathrin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/09/07 17:14:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 15:12:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 15:12:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 15:12:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 15:12:13 | 000,000,000 | ---D | M] [2011/06/26 04:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cathrin\AppData\Roaming\Mozilla\Extensions [2012/12/31 07:38:09 | 000,002,101 | ---- | M] () -- C:\Users\Cathrin\AppData\Roaming\Mozilla\Firefox\Profiles\e8w3q7kr.default-1355078513750\searchplugins\googlede.xml [2013/04/13 15:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2013/04/13 15:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@gmx.net [2013/04/13 15:12:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/12/08 09:26:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/12/08 09:26:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/12/08 09:26:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/12/08 09:26:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/12/08 09:26:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/12/08 09:26:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll () O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (UrlHelper Class) - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - C:\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\Cathrin_ON_C..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\Cathrin_ON_C..\Run: [ctfmon.exe] C:\ProgramData\zdhft.dat (Hilgraeve, Inc.) O4 - HKU\Cathrin_ON_C..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\Cathrin_ON_C..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O7 - HKU\Cathrin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\Cathrin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\WI83E4~1\Datamngr\datamngr.dll) - C:\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll (Discordia, LTD) O20 - AppInit_DLLs: (C:\PROGRA~1\WI83E4~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{78f7d924-f8e9-11e0-81ab-00261856b50a}\Shell - "" = AutoRun O33 - MountPoints2\{78f7d924-f8e9-11e0-81ab-00261856b50a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{831e02c7-613b-11e1-b5d6-00261856b50a}\Shell - "" = AutoRun O33 - MountPoints2\{831e02c7-613b-11e1-b5d6-00261856b50a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\AutoRun\command - "" = F:\tvoj/zauvjek.exe O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\explore\command - "" = F:\tvoj/zauvjek.exe O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\open\command - "" = F:\tvoj/zauvjek.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe - (Philips) MsConfig - StartUpReg: ACMON - hkey= - key= - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SearchSettings - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 ========== Files/Folders - Created Within 30 Days ========== [2013/05/17 14:11:44 | 000,131,072 | ---- | C] (Hilgraeve, Inc.) -- C:\ProgramData\zdhft.dat [2013/05/17 14:11:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013/05/08 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Kamera [2013/05/07 01:41:08 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Ejercicios_de_comprensi¾n_de_lectura_y_exprensi¾n_escrita [2013/05/06 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Creating Culture [2011/02/11 04:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2008/11/03 03:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [5 C:\Users\Cathrin\Desktop\*.tmp files -> C:\Users\Cathrin\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/17 15:50:53 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2013/05/17 15:50:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/17 15:50:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/17 15:50:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/17 15:50:43 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/17 14:28:48 | 000,069,632 | ---- | M] () -- C:\Users\Cathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/05/17 14:14:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\tfhdz.pad [2013/05/17 14:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/17 14:11:58 | 000,000,869 | ---- | M] () -- C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013/05/17 14:11:57 | 000,002,610 | ---- | M] () -- C:\ProgramData\tfhdz.js [2013/05/17 14:11:44 | 000,131,072 | ---- | M] (Hilgraeve, Inc.) -- C:\ProgramData\zdhft.dat [2013/05/17 14:11:44 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013/05/17 14:09:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/16 03:42:03 | 000,002,617 | ---- | M] () -- C:\Users\Cathrin\Desktop\Microsoft Word 2010.lnk [2013/05/15 16:29:53 | 000,634,274 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/05/15 16:29:53 | 000,600,832 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/15 16:29:53 | 000,129,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/05/15 16:29:53 | 000,106,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/05/15 12:23:57 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/05/15 12:23:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/05/01 20:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013/04/22 03:21:28 | 000,000,000 | ---- | M] () -- C:\Users\Cathrin\Documents\englischvokabeln [2013/04/21 08:07:40 | 000,483,433 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_2EY6L61831_0.pdf [2013/04/21 07:56:12 | 000,483,467 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_SWUGDP14826_0.pdf [2013/04/21 06:45:03 | 000,000,032 | -H-- | M] () -- C:\Users\Cathrin\Documents\Database.kdb.lock [2013/04/18 03:38:33 | 000,482,372 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_ZAVQQ81831_0.pdf [5 C:\Users\Cathrin\Desktop\*.tmp files -> C:\Users\Cathrin\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/17 14:11:58 | 000,000,869 | ---- | C] () -- C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013/05/17 14:11:57 | 000,002,610 | ---- | C] () -- C:\ProgramData\tfhdz.js [2013/05/17 14:11:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\tfhdz.pad [2013/04/22 03:21:28 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\Documents\englischvokabeln [2013/04/21 08:07:40 | 000,483,433 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_2EY6L61831_0.pdf [2013/04/21 07:56:12 | 000,483,467 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_SWUGDP14826_0.pdf [2013/04/18 03:38:32 | 000,482,372 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_ZAVQQ81831_0.pdf [2013/04/18 03:31:10 | 000,000,032 | -H-- | C] () -- C:\Users\Cathrin\Documents\Database.kdb.lock [2012/01/04 08:38:50 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/10/09 10:44:08 | 000,024,880 | ---- | C] () -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys [2011/07/18 08:17:43 | 000,024,206 | ---- | C] () -- C:\Users\Cathrin\AppData\Roaming\UserTile.png [2011/06/10 03:08:19 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{77189E06-2564-4644-8567-85630887824B} [2011/05/08 16:22:45 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{C5B4F3CF-DF58-4D46-9D68-E894AD10FF5C} [2010/12/31 22:33:17 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2010/12/31 22:33:17 | 000,005,026 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2010/12/31 22:33:17 | 000,000,491 | ---- | C] () -- C:\Windows\cmudaxp.ini [2010/10/27 09:12:02 | 000,001,940 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/08/27 10:34:24 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010/08/25 14:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010/08/25 14:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010/08/25 14:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010/08/25 13:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/01/26 05:54:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009/12/21 10:17:00 | 000,000,680 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\d3d9caps.dat [2009/10/20 15:58:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/10/20 15:58:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/28 03:55:38 | 000,052,656 | ---- | C] () -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys [2009/09/28 03:55:16 | 000,048,688 | ---- | C] () -- C:\Windows\System32\OXSDICIN_x32.dll [2009/09/13 08:22:38 | 000,069,632 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/08 16:36:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/06/26 00:06:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2009/06/25 23:59:24 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2009/06/25 23:58:52 | 000,230,952 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys [2009/06/25 23:56:25 | 000,057,344 | ---- | C] () -- C:\Windows\System32\LogonStart.dll [2009/06/25 23:54:19 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009/06/25 23:10:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/02/25 23:38:39 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2008/12/23 16:36:14 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008/08/10 22:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008/05/11 23:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008/04/16 07:11:34 | 000,634,274 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/04/16 07:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/04/16 07:11:34 | 000,129,426 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/04/16 07:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008/04/16 06:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008/04/07 02:00:45 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll [2007/03/20 11:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,393,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,600,832 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,106,450 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004/07/09 12:31:18 | 000,155,700 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL ========== LOP Check ========== [2012/02/14 20:39:33 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Broad Intelligence [2012/04/11 08:04:37 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Canon [2011/03/01 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Desktopicon [2013/05/17 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Dropbox [2012/10/27 17:07:01 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\DVDVideoSoft [2012/06/16 17:50:29 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers [2011/03/01 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\FreeAudioPack [2011/07/04 08:47:47 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\go [2011/11/11 06:21:36 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\ICQ [2012/11/04 16:14:12 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\KeePass [2012/10/27 17:06:17 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\OpenCandy [2009/09/20 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\OpenOffice.org [2012/04/11 10:21:11 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\pdfforge [2011/07/18 08:17:42 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\PeerNetworking [2009/09/07 17:48:53 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Sony [2011/01/18 09:22:43 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Swiss Academic Software [2011/06/24 04:30:45 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Tific [2011/11/11 06:59:57 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\TP [2012/11/04 16:14:14 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Wise Registry Cleaner [2013/02/22 15:23:22 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2010/12/31 22:20:51 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS [2011/06/26 04:31:24 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess [2010/08/26 06:08:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ [2012/04/11 08:05:12 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ [2011/03/15 18:33:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV [2010/09/13 10:39:52 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX [2010/08/26 07:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJMyPrinter [2012/04/11 08:05:12 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM [2012/04/11 08:04:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan [2010/08/26 07:58:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenu [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2011/07/04 08:48:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011/01/18 09:07:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar [2010/06/17 08:40:27 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2011/09/14 17:53:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations [2010/02/08 07:26:32 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe [2010/07/19 05:40:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus! [2009/11/19 20:58:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster [2013/05/17 23:50:58 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G [2009/09/07 16:50:16 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings [2009/09/07 17:48:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2010/07/19 05:48:17 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM [2011/01/18 09:00:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Swiss Academic Software [2011/06/26 04:22:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp [2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011/02/25 17:42:40 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications [2009/10/26 19:53:20 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch [2012/04/11 06:49:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Xerox [2009/10/04 12:25:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2012/11/04 17:12:51 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job [2012/11/04 17:14:42 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Net4Switch.job [2013/05/03 16:39:31 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009/08/08 14:47:47 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009/06/25 23:56:16 | 000,000,000 | ---D | M] -- C:\ADSM_PData_0150 [2009/06/26 00:06:29 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2011/03/02 15:27:09 | 000,000,000 | ---D | M] -- C:\ATI [2010/01/26 10:30:40 | 000,000,000 | -HSD | M] -- C:\Boot [2012/06/14 03:03:25 | 000,000,000 | ---D | M] -- C:\da29c26338e2dce0904969 [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012/01/05 22:03:00 | 000,000,000 | -HSD | M] -- C:\found.000 [2012/01/06 07:35:07 | 000,000,000 | -HSD | M] -- C:\found.001 [2012/03/02 16:52:35 | 000,000,000 | -HSD | M] -- C:\found.002 [2009/06/25 23:35:50 | 000,000,000 | ---D | M] -- C:\Intel [2012/02/27 10:10:51 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011/03/02 15:41:44 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009/09/20 16:30:45 | 000,000,000 | ---D | M] -- C:\OpenOffice.org 3.1 (de) Installation Files [2008/01/20 22:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2009/09/07 17:02:09 | 000,000,000 | ---D | M] -- C:\Philips [2013/05/14 12:04:39 | 000,000,000 | R--D | M] -- C:\Program Files [2013/05/17 14:14:00 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013/05/17 14:16:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009/09/07 17:15:28 | 000,000,000 | ---D | M] -- C:\temp [2009/08/08 14:34:49 | 000,000,000 | R--D | M] -- C:\Users [2013/05/17 23:50:58 | 000,000,000 | ---D | M] -- C:\Windows [2010/05/18 12:00:09 | 000,000,000 | ---D | M] -- C:\zanic < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009/06/25 23:23:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009/06/25 23:23:19 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009/06/25 23:23:19 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009/06/25 23:23:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2009/02/11 05:11:49 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys [2009/02/11 05:11:49 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys < MD5 for: IASTORV.SYS > [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008/01/20 22:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2009/04/11 02:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\fontext.dll [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\shell32.dll Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:7631EA83 < End of report > |
17.05.2013, 22:26 | #6 |
/// Malware-holic | Und noch ein GVU Angriff :( edit
__________________ --> Und noch ein GVU Angriff :( |
17.05.2013, 22:28 | #7 |
/// Malware-holic | Und noch ein GVU Angriff :( hi auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL O4 - Startup: C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O4 - HKU\Cathrin_ON_C..\Run: [ctfmon.exe] C:\ProgramData\zdhft.dat (Hilgraeve, Inc.) [2013/05/17 14:11:58 | 000,000,869 | ---- | C] () -- C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013/05/17 14:11:57 | 000,002,610 | ---- | C] () -- C:\ProgramData\tfhdz.js [2013/05/17 14:11:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\tfhdz.pad :Files :Commands [EMPTYFLASH] [emptytemp] dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.05.2013, 13:55 | #8 |
| Und noch ein GVU Angriff :( Also, ich habe bei OTL den fix eingetragen und durchlaufen lassen. Anschließend wollte er rebooten, nachdem ich das bestätigt habe ist aber nichts passiert. Also habe ich manuell den PC runter- und normal wieder hochgefahren. Die Sperre vom Trojaner ist jetzt weg, allerdings finde ich den Report nicht. Es gibt zwar einen OTL Bericht über C:\ mit dem passenden Änderungsdatum, aber inhaltlich konnte ich auf den ersten Blick keinen Unterschied zum letzten OTL Log sehen. Trotzdem hochladen? Anschließend wollte ich im Ordner _OTL die movedfiles in einen zip komprimierten Ordner packen, aber es kommt die Meldung "Datei nicht gefunden oder keine Leseberechtigung". Gleichzeitig meldet Avira "Zugriff auf Datei...., die ein Virus oder unerwünschtes Programm JS/Agent.480412 enthält, wurde verweigert. EDIT: Beim zweiten Versuch hat das zippen geklappt, die Datei ist hochgeladen. Hat problemlos geklappt Und hier das OTL log bei dem ich mir nicht sicher bin obs das gleiche ist wie gestern: Code:
ATTFilter OTL logfile created on: 5/17/2013 11:26:22 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 217.43 Gb Total Space | 12.50 Gb Free Space | 5.75% Space Free | Partition Type: NTFS Drive D: | 68.72 Gb Total Space | 68.57 Gb Free Space | 99.78% Space Free | Partition Type: NTFS Drive E: | 1.87 Gb Total Space | 1.87 Gb Free Space | 100.00% Space Free | Partition Type: FAT Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2013/05/15 12:23:58 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/06 04:38:23 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013/04/13 15:12:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/03/29 05:48:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/03/29 05:47:17 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/06/02 10:58:20 | 000,246,520 | ---- | M] () [Disabled] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/12/11 19:47:44 | 000,036,352 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2008/01/22 04:35:52 | 000,103,808 | ---- | M] () [Disabled] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007/08/03 07:24:54 | 000,125,496 | ---- | M] () [Disabled] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (VNUSB) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (ipswuio) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2013/03/29 05:48:25 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013/03/29 05:48:25 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013/03/29 05:48:25 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/27 10:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/25 02:14:34 | 000,024,880 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys -- (OXUDIDRV) DRV - [2009/12/11 19:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009/09/28 03:55:38 | 000,052,656 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys -- (OXSDIDRV_x32) Oxford Semi eSATA Filter (x32) DRV - [2009/09/05 00:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/08/28 13:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009/08/04 16:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2009/07/10 06:04:42 | 001,067,008 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009/06/25 23:56:16 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2009/01/14 15:51:50 | 000,230,952 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2008/12/24 04:39:43 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2008/11/03 03:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008/08/10 22:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008/05/29 12:21:04 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby) DRV - [2008/05/23 20:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008/04/07 02:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CRFILTER.sys -- (CRFILTER) DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007/09/10 03:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2007/08/03 00:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=hp&babsrc=lnkry_nt IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 B9 0B 43 9C 29 CB 01 [binary data] IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\Cathrin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Cathrin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/09/07 17:14:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 15:12:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 15:12:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 15:12:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 15:12:13 | 000,000,000 | ---D | M] [2011/06/26 04:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cathrin\AppData\Roaming\Mozilla\Extensions [2012/12/31 07:38:09 | 000,002,101 | ---- | M] () -- C:\Users\Cathrin\AppData\Roaming\Mozilla\Firefox\Profiles\e8w3q7kr.default-1355078513750\searchplugins\googlede.xml [2013/04/13 15:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2013/04/13 15:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@gmx.net [2013/04/13 15:12:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/12/08 09:26:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/12/08 09:26:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/12/08 09:26:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/12/08 09:26:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/12/08 09:26:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/12/08 09:26:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll () O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (UrlHelper Class) - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - C:\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\Cathrin_ON_C..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\Cathrin_ON_C..\Run: [ctfmon.exe] C:\ProgramData\zdhft.dat (Hilgraeve, Inc.) O4 - HKU\Cathrin_ON_C..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\Cathrin_ON_C..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O7 - HKU\Cathrin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\Cathrin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\WI83E4~1\Datamngr\datamngr.dll) - C:\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll (Discordia, LTD) O20 - AppInit_DLLs: (C:\PROGRA~1\WI83E4~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{78f7d924-f8e9-11e0-81ab-00261856b50a}\Shell - "" = AutoRun O33 - MountPoints2\{78f7d924-f8e9-11e0-81ab-00261856b50a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{831e02c7-613b-11e1-b5d6-00261856b50a}\Shell - "" = AutoRun O33 - MountPoints2\{831e02c7-613b-11e1-b5d6-00261856b50a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\AutoRun\command - "" = F:\tvoj/zauvjek.exe O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\explore\command - "" = F:\tvoj/zauvjek.exe O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\open\command - "" = F:\tvoj/zauvjek.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe - (Philips) MsConfig - StartUpReg: ACMON - hkey= - key= - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SearchSettings - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 ========== Files/Folders - Created Within 30 Days ========== [2013/05/17 14:11:44 | 000,131,072 | ---- | C] (Hilgraeve, Inc.) -- C:\ProgramData\zdhft.dat [2013/05/17 14:11:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013/05/08 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Kamera [2013/05/07 01:41:08 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Ejercicios_de_comprensi¾n_de_lectura_y_exprensi¾n_escrita [2013/05/06 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Creating Culture [2011/02/11 04:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2008/11/03 03:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [5 C:\Users\Cathrin\Desktop\*.tmp files -> C:\Users\Cathrin\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/17 15:50:53 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2013/05/17 15:50:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/17 15:50:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/17 15:50:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/17 15:50:43 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/17 14:28:48 | 000,069,632 | ---- | M] () -- C:\Users\Cathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/05/17 14:14:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\tfhdz.pad [2013/05/17 14:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/17 14:11:58 | 000,000,869 | ---- | M] () -- C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013/05/17 14:11:57 | 000,002,610 | ---- | M] () -- C:\ProgramData\tfhdz.js [2013/05/17 14:11:44 | 000,131,072 | ---- | M] (Hilgraeve, Inc.) -- C:\ProgramData\zdhft.dat [2013/05/17 14:11:44 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013/05/17 14:09:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/16 03:42:03 | 000,002,617 | ---- | M] () -- C:\Users\Cathrin\Desktop\Microsoft Word 2010.lnk [2013/05/15 16:29:53 | 000,634,274 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/05/15 16:29:53 | 000,600,832 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/15 16:29:53 | 000,129,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/05/15 16:29:53 | 000,106,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/05/15 12:23:57 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/05/15 12:23:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/05/01 20:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013/04/22 03:21:28 | 000,000,000 | ---- | M] () -- C:\Users\Cathrin\Documents\englischvokabeln [2013/04/21 08:07:40 | 000,483,433 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_2EY6L61831_0.pdf [2013/04/21 07:56:12 | 000,483,467 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_SWUGDP14826_0.pdf [2013/04/21 06:45:03 | 000,000,032 | -H-- | M] () -- C:\Users\Cathrin\Documents\Database.kdb.lock [2013/04/18 03:38:33 | 000,482,372 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_ZAVQQ81831_0.pdf [5 C:\Users\Cathrin\Desktop\*.tmp files -> C:\Users\Cathrin\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/17 14:11:58 | 000,000,869 | ---- | C] () -- C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013/05/17 14:11:57 | 000,002,610 | ---- | C] () -- C:\ProgramData\tfhdz.js [2013/05/17 14:11:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\tfhdz.pad [2013/04/22 03:21:28 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\Documents\englischvokabeln [2013/04/21 08:07:40 | 000,483,433 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_2EY6L61831_0.pdf [2013/04/21 07:56:12 | 000,483,467 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_SWUGDP14826_0.pdf [2013/04/18 03:38:32 | 000,482,372 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_ZAVQQ81831_0.pdf [2013/04/18 03:31:10 | 000,000,032 | -H-- | C] () -- C:\Users\Cathrin\Documents\Database.kdb.lock [2012/01/04 08:38:50 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/10/09 10:44:08 | 000,024,880 | ---- | C] () -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys [2011/07/18 08:17:43 | 000,024,206 | ---- | C] () -- C:\Users\Cathrin\AppData\Roaming\UserTile.png [2011/06/10 03:08:19 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{77189E06-2564-4644-8567-85630887824B} [2011/05/08 16:22:45 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{C5B4F3CF-DF58-4D46-9D68-E894AD10FF5C} [2010/12/31 22:33:17 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2010/12/31 22:33:17 | 000,005,026 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2010/12/31 22:33:17 | 000,000,491 | ---- | C] () -- C:\Windows\cmudaxp.ini [2010/10/27 09:12:02 | 000,001,940 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/08/27 10:34:24 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010/08/25 14:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010/08/25 14:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010/08/25 14:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010/08/25 13:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/01/26 05:54:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009/12/21 10:17:00 | 000,000,680 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\d3d9caps.dat [2009/10/20 15:58:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/10/20 15:58:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/28 03:55:38 | 000,052,656 | ---- | C] () -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys [2009/09/28 03:55:16 | 000,048,688 | ---- | C] () -- C:\Windows\System32\OXSDICIN_x32.dll [2009/09/13 08:22:38 | 000,069,632 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/08 16:36:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/06/26 00:06:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2009/06/25 23:59:24 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2009/06/25 23:58:52 | 000,230,952 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys [2009/06/25 23:56:25 | 000,057,344 | ---- | C] () -- C:\Windows\System32\LogonStart.dll [2009/06/25 23:54:19 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009/06/25 23:10:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/02/25 23:38:39 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2008/12/23 16:36:14 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008/08/10 22:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008/05/11 23:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008/04/16 07:11:34 | 000,634,274 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/04/16 07:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/04/16 07:11:34 | 000,129,426 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/04/16 07:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008/04/16 06:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008/04/07 02:00:45 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll [2007/03/20 11:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,393,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,600,832 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,106,450 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004/07/09 12:31:18 | 000,155,700 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL ========== LOP Check ========== [2012/02/14 20:39:33 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Broad Intelligence [2012/04/11 08:04:37 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Canon [2011/03/01 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Desktopicon [2013/05/17 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Dropbox [2012/10/27 17:07:01 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\DVDVideoSoft [2012/06/16 17:50:29 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers [2011/03/01 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\FreeAudioPack [2011/07/04 08:47:47 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\go [2011/11/11 06:21:36 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\ICQ [2012/11/04 16:14:12 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\KeePass [2012/10/27 17:06:17 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\OpenCandy [2009/09/20 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\OpenOffice.org [2012/04/11 10:21:11 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\pdfforge [2011/07/18 08:17:42 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\PeerNetworking [2009/09/07 17:48:53 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Sony [2011/01/18 09:22:43 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Swiss Academic Software [2011/06/24 04:30:45 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Tific [2011/11/11 06:59:57 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\TP [2012/11/04 16:14:14 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Wise Registry Cleaner [2013/02/22 15:23:22 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2010/12/31 22:20:51 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS [2011/06/26 04:31:24 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess [2010/08/26 06:08:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ [2012/04/11 08:05:12 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ [2011/03/15 18:33:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV [2010/09/13 10:39:52 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX [2010/08/26 07:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJMyPrinter [2012/04/11 08:05:12 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM [2012/04/11 08:04:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan [2010/08/26 07:58:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenu [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2011/07/04 08:48:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011/01/18 09:07:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar [2010/06/17 08:40:27 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2011/09/14 17:53:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations [2010/02/08 07:26:32 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe [2010/07/19 05:40:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus! [2009/11/19 20:58:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster [2013/05/17 23:50:58 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G [2009/09/07 16:50:16 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings [2009/09/07 17:48:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2010/07/19 05:48:17 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM [2011/01/18 09:00:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Swiss Academic Software [2011/06/26 04:22:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp [2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011/02/25 17:42:40 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications [2009/10/26 19:53:20 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch [2012/04/11 06:49:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Xerox [2009/10/04 12:25:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2012/11/04 17:12:51 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job [2012/11/04 17:14:42 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Net4Switch.job [2013/05/03 16:39:31 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009/08/08 14:47:47 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009/06/25 23:56:16 | 000,000,000 | ---D | M] -- C:\ADSM_PData_0150 [2009/06/26 00:06:29 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2011/03/02 15:27:09 | 000,000,000 | ---D | M] -- C:\ATI [2010/01/26 10:30:40 | 000,000,000 | -HSD | M] -- C:\Boot [2012/06/14 03:03:25 | 000,000,000 | ---D | M] -- C:\da29c26338e2dce0904969 [2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012/01/05 22:03:00 | 000,000,000 | -HSD | M] -- C:\found.000 [2012/01/06 07:35:07 | 000,000,000 | -HSD | M] -- C:\found.001 [2012/03/02 16:52:35 | 000,000,000 | -HSD | M] -- C:\found.002 [2009/06/25 23:35:50 | 000,000,000 | ---D | M] -- C:\Intel [2012/02/27 10:10:51 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011/03/02 15:41:44 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009/09/20 16:30:45 | 000,000,000 | ---D | M] -- C:\OpenOffice.org 3.1 (de) Installation Files [2008/01/20 22:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2009/09/07 17:02:09 | 000,000,000 | ---D | M] -- C:\Philips [2013/05/14 12:04:39 | 000,000,000 | R--D | M] -- C:\Program Files [2013/05/17 14:14:00 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013/05/17 14:16:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009/09/07 17:15:28 | 000,000,000 | ---D | M] -- C:\temp [2009/08/08 14:34:49 | 000,000,000 | R--D | M] -- C:\Users [2013/05/17 23:50:58 | 000,000,000 | ---D | M] -- C:\Windows [2010/05/18 12:00:09 | 000,000,000 | ---D | M] -- C:\zanic < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009/06/25 23:23:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009/06/25 23:23:19 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009/06/25 23:23:19 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009/06/25 23:23:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2009/02/11 05:11:49 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys [2009/02/11 05:11:49 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys < MD5 for: IASTORV.SYS > [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008/01/20 22:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2009/04/11 02:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\fontext.dll [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\shell32.dll Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:7631EA83 < End of report > Geändert von Khael (18.05.2013 um 14:37 Uhr) |
19.05.2013, 18:35 | #9 |
/// Malware-holic | Und noch ein GVU Angriff :( Hi kommst du wieder in den normalen Modus? Dann: Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.05.2013, 13:39 | #10 |
| Und noch ein GVU Angriff :( Alles klar, so weit so gut Code:
ATTFilter 14:34:14.0498 5896 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:34:14.0748 5896 ============================================================ 14:34:14.0748 5896 Current date / time: 2013/05/20 14:34:14.0748 14:34:14.0748 5896 SystemInfo: 14:34:14.0748 5896 14:34:14.0748 5896 OS Version: 6.0.6002 ServicePack: 2.0 14:34:14.0748 5896 Product type: Workstation 14:34:14.0748 5896 ComputerName: CATHRINS_LAPPI 14:34:14.0748 5896 UserName: Cathrin 14:34:14.0748 5896 Windows directory: C:\Windows 14:34:14.0748 5896 System windows directory: C:\Windows 14:34:14.0748 5896 Processor architecture: Intel x86 14:34:14.0748 5896 Number of processors: 2 14:34:14.0748 5896 Page size: 0x1000 14:34:14.0748 5896 Boot type: Normal boot 14:34:14.0748 5896 ============================================================ 14:34:15.0731 5896 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:34:15.0731 5896 ============================================================ 14:34:15.0731 5896 \Device\Harddisk0\DR0: 14:34:15.0731 5896 MBR partitions: 14:34:15.0731 5896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x1B2DC400 14:34:15.0762 5896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CABE800, BlocksNum 0x896EEC1 14:34:15.0762 5896 ============================================================ 14:34:15.0840 5896 C: <-> \Device\Harddisk0\DR0\Partition1 14:34:15.0918 5896 D: <-> \Device\Harddisk0\DR0\Partition2 14:34:15.0918 5896 ============================================================ 14:34:15.0918 5896 Initialize success 14:34:15.0918 5896 ============================================================ 14:35:21.0259 1876 ============================================================ 14:35:21.0259 1876 Scan started 14:35:21.0259 1876 Mode: Manual; SigCheck; TDLFS; 14:35:21.0259 1876 ============================================================ 14:35:22.0866 1876 ================ Scan system memory ======================== 14:35:22.0866 1876 System memory - ok 14:35:22.0866 1876 ================ Scan services ============================= 14:35:23.0037 1876 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 14:35:23.0209 1876 ACDaemon - ok 14:35:23.0396 1876 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 14:35:23.0412 1876 ACPI - ok 14:35:23.0505 1876 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 14:35:23.0521 1876 AdobeARMservice - ok 14:35:23.0630 1876 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:35:23.0661 1876 AdobeFlashPlayerUpdateSvc - ok 14:35:23.0708 1876 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:35:23.0755 1876 adp94xx - ok 14:35:23.0786 1876 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:35:23.0817 1876 adpahci - ok 14:35:23.0849 1876 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:35:23.0880 1876 adpu160m - ok 14:35:23.0927 1876 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:35:23.0942 1876 adpu320 - ok 14:35:24.0036 1876 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 14:35:24.0114 1876 ADSMService ( UnsignedFile.Multi.Generic ) - warning 14:35:24.0114 1876 ADSMService - detected UnsignedFile.Multi.Generic (1) 14:35:24.0145 1876 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:35:24.0207 1876 AeLookupSvc - ok 14:35:24.0254 1876 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys 14:35:24.0301 1876 Afc ( UnsignedFile.Multi.Generic ) - warning 14:35:24.0301 1876 Afc - detected UnsignedFile.Multi.Generic (1) 14:35:24.0348 1876 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 14:35:24.0410 1876 AFD - ok 14:35:24.0457 1876 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:35:24.0473 1876 agp440 - ok 14:35:24.0535 1876 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:35:24.0691 1876 aic78xx - ok 14:35:24.0707 1876 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 14:35:24.0819 1876 ALG - ok 14:35:24.0882 1876 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 14:35:24.0897 1876 aliide - ok 14:35:24.0914 1876 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 14:35:24.0945 1876 amdagp - ok 14:35:24.0976 1876 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 14:35:25.0007 1876 amdide - ok 14:35:25.0007 1876 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 14:35:25.0101 1876 AmdK7 - ok 14:35:25.0148 1876 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:35:25.0226 1876 AmdK8 - ok 14:35:25.0429 1876 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 14:35:25.0460 1876 AntiVirSchedulerService - ok 14:35:25.0600 1876 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 14:35:25.0616 1876 AntiVirService - ok 14:35:25.0756 1876 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 14:35:25.0850 1876 AntiVirWebService - ok 14:35:25.0912 1876 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 14:35:26.0131 1876 Appinfo - ok 14:35:26.0287 1876 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:35:26.0505 1876 Apple Mobile Device - ok 14:35:26.0567 1876 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 14:35:26.0583 1876 arc - ok 14:35:26.0614 1876 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:35:26.0645 1876 arcsas - ok 14:35:26.0661 1876 [ 104DB777372411C55850C4A2AE6877EF ] AsDsm C:\Windows\system32\drivers\AsDsm.sys 14:35:26.0677 1876 AsDsm - ok 14:35:26.0723 1876 [ EB1807795CD3EEAA3288B4A30DE254E8 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe 14:35:26.0723 1876 ASLDRService - ok 14:35:26.0755 1876 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys 14:35:26.0786 1876 ASMMAP - ok 14:35:26.0817 1876 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:35:26.0864 1876 AsyncMac - ok 14:35:27.0004 1876 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 14:35:27.0020 1876 atapi - ok 14:35:27.0207 1876 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys 14:35:27.0628 1876 athr - ok 14:35:27.0659 1876 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe 14:35:27.0691 1876 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning 14:35:27.0691 1876 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1) 14:35:27.0769 1876 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:35:27.0862 1876 AudioEndpointBuilder - ok 14:35:27.0893 1876 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 14:35:27.0925 1876 Audiosrv - ok 14:35:28.0003 1876 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 14:35:28.0034 1876 avgntflt - ok 14:35:28.0065 1876 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 14:35:28.0096 1876 avipbb - ok 14:35:28.0174 1876 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 14:35:28.0517 1876 avkmgr - ok 14:35:28.0564 1876 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 14:35:28.0642 1876 Beep - ok 14:35:28.0720 1876 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 14:35:28.0829 1876 BFE - ok 14:35:28.0970 1876 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 14:35:29.0157 1876 BITS - ok 14:35:29.0219 1876 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 14:35:29.0297 1876 blbdrive - ok 14:35:29.0469 1876 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 14:35:29.0516 1876 Bonjour Service - ok 14:35:29.0594 1876 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:35:29.0719 1876 bowser - ok 14:35:29.0781 1876 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:35:29.0828 1876 BrFiltLo - ok 14:35:29.0844 1876 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:35:29.0920 1876 BrFiltUp - ok 14:35:29.0951 1876 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 14:35:30.0029 1876 Browser - ok 14:35:30.0076 1876 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 14:35:30.0295 1876 Brserid - ok 14:35:30.0388 1876 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:35:30.0513 1876 BrSerWdm - ok 14:35:30.0591 1876 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:35:30.0700 1876 BrUsbMdm - ok 14:35:30.0731 1876 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:35:30.0825 1876 BrUsbSer - ok 14:35:30.0872 1876 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:35:30.0950 1876 BTHMODEM - ok 14:35:30.0981 1876 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:35:31.0090 1876 cdfs - ok 14:35:31.0121 1876 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:35:31.0199 1876 cdrom - ok 14:35:31.0231 1876 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 14:35:31.0371 1876 CertPropSvc - ok 14:35:31.0449 1876 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 14:35:31.0511 1876 circlass - ok 14:35:31.0527 1876 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 14:35:31.0574 1876 CLFS - ok 14:35:31.0683 1876 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:35:31.0777 1876 clr_optimization_v2.0.50727_32 - ok 14:35:31.0964 1876 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:35:32.0307 1876 clr_optimization_v4.0.30319_32 - ok 14:35:32.0338 1876 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 14:35:32.0385 1876 CmBatt - ok 14:35:32.0416 1876 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:35:32.0432 1876 cmdide - ok 14:35:32.0463 1876 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 14:35:32.0479 1876 Compbatt - ok 14:35:32.0479 1876 COMSysApp - ok 14:35:32.0525 1876 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:35:32.0541 1876 crcdisk - ok 14:35:32.0603 1876 [ D18893845AE1C5833B5B2EA9B7F5C670 ] CRFILTER C:\Windows\system32\DRIVERS\CRFILTER.sys 14:35:32.0713 1876 CRFILTER - ok 14:35:32.0759 1876 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 14:35:32.0947 1876 Crusoe - ok 14:35:33.0009 1876 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:35:33.0103 1876 CryptSvc - ok 14:35:33.0259 1876 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:35:33.0321 1876 DcomLaunch - ok 14:35:33.0383 1876 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:35:33.0446 1876 DfsC - ok 14:35:33.0758 1876 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 14:35:34.0569 1876 DFSR - ok 14:35:34.0616 1876 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:35:34.0678 1876 Dhcp - ok 14:35:34.0725 1876 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 14:35:34.0741 1876 disk - ok 14:35:34.0819 1876 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:35:34.0912 1876 Dnscache - ok 14:35:34.0929 1876 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:35:35.0013 1876 dot3svc - ok 14:35:35.0091 1876 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 14:35:35.0169 1876 DPS - ok 14:35:35.0247 1876 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:35:35.0341 1876 drmkaud - ok 14:35:35.0419 1876 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:35:35.0512 1876 DXGKrnl - ok 14:35:35.0575 1876 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 14:35:35.0684 1876 E1G60 - ok 14:35:35.0715 1876 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 14:35:35.0762 1876 EapHost - ok 14:35:35.0809 1876 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 14:35:35.0840 1876 Ecache - ok 14:35:36.0058 1876 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:35:36.0230 1876 ehRecvr - ok 14:35:36.0261 1876 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 14:35:36.0339 1876 ehSched - ok 14:35:36.0355 1876 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 14:35:36.0386 1876 ehstart - ok 14:35:36.0511 1876 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:35:36.0589 1876 elxstor - ok 14:35:36.0698 1876 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:35:36.0745 1876 EMDMgmt - ok 14:35:36.0807 1876 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:35:36.0901 1876 ErrDev - ok 14:35:36.0932 1876 [ 3C1D6B99320C64EB3423E229128D5182 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 14:35:36.0948 1876 ETD - ok 14:35:37.0166 1876 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 14:35:37.0228 1876 EventSystem - ok 14:35:37.0275 1876 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 14:35:37.0400 1876 exfat - ok 14:35:37.0416 1876 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:35:37.0462 1876 fastfat - ok 14:35:37.0525 1876 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:35:37.0603 1876 fdc - ok 14:35:37.0634 1876 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 14:35:37.0650 1876 fdPHost - ok 14:35:37.0696 1876 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 14:35:37.0774 1876 FDResPub - ok 14:35:37.0790 1876 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:35:37.0837 1876 FileInfo - ok 14:35:37.0868 1876 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:35:38.0024 1876 Filetrace - ok 14:35:38.0024 1876 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:35:38.0086 1876 flpydisk - ok 14:35:38.0133 1876 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:35:38.0164 1876 FltMgr - ok 14:35:38.0289 1876 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 14:35:38.0430 1876 FontCache - ok 14:35:38.0508 1876 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:35:38.0523 1876 FontCache3.0.0.0 - ok 14:35:38.0586 1876 [ 491E9D9A26A745F6AE7D570849F4BD87 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 14:35:38.0601 1876 fssfltr - ok 14:35:38.0976 1876 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 14:35:39.0272 1876 fsssvc - ok 14:35:39.0319 1876 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:35:39.0381 1876 Fs_Rec - ok 14:35:39.0444 1876 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:35:39.0475 1876 gagp30kx - ok 14:35:39.0522 1876 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:35:39.0553 1876 GEARAspiWDM - ok 14:35:39.0756 1876 [ 31B40F40E09513ADDC460F6A297AD474 ] ghaio C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 14:35:39.0787 1876 ghaio - ok 14:35:39.0818 1876 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 14:35:39.0896 1876 gpsvc - ok 14:35:40.0005 1876 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 14:35:40.0021 1876 gupdate - ok 14:35:40.0021 1876 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 14:35:40.0022 1876 gupdatem - ok 14:35:40.0098 1876 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 14:35:40.0129 1876 gusvc - ok 14:35:40.0176 1876 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:35:40.0269 1876 HdAudAddService - ok 14:35:40.0363 1876 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:35:40.0441 1876 HDAudBus - ok 14:35:40.0472 1876 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:35:40.0534 1876 HidBth - ok 14:35:40.0675 1876 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 14:35:40.0737 1876 HidIr - ok 14:35:40.0846 1876 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 14:35:41.0034 1876 hidserv - ok 14:35:41.0252 1876 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:35:41.0314 1876 HidUsb - ok 14:35:41.0361 1876 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:35:41.0455 1876 hkmsvc - ok 14:35:41.0470 1876 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:35:41.0517 1876 HpCISSs - ok 14:35:41.0595 1876 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:35:41.0845 1876 HTTP - ok 14:35:41.0892 1876 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:35:41.0985 1876 i2omp - ok 14:35:42.0001 1876 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:35:42.0094 1876 i8042prt - ok 14:35:42.0141 1876 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 14:35:42.0188 1876 iaStor - ok 14:35:42.0235 1876 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:35:42.0266 1876 iaStorV - ok 14:35:42.0360 1876 [ 5C7D72EAB04B1DF8C5D2ACC6551FDE49 ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe 14:35:42.0391 1876 ICQ Service - ok 14:35:42.0484 1876 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:35:42.0656 1876 idsvc - ok 14:35:43.0483 1876 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 14:35:47.0373 1876 igfx - ok 14:35:47.0404 1876 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:35:47.0435 1876 iirsp - ok 14:35:47.0575 1876 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE 14:35:47.0607 1876 IJPLMSVC - ok 14:35:47.0794 1876 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 14:35:47.0903 1876 IKEEXT - ok 14:35:47.0981 1876 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 14:35:47.0997 1876 intelide - ok 14:35:48.0043 1876 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:35:48.0106 1876 intelppm - ok 14:35:48.0153 1876 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:35:48.0199 1876 IPBusEnum - ok 14:35:48.0293 1876 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:35:48.0355 1876 IpFilterDriver - ok 14:35:48.0480 1876 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:35:48.0527 1876 iphlpsvc - ok 14:35:48.0527 1876 IpInIp - ok 14:35:48.0574 1876 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:35:48.0621 1876 IPMIDRV - ok 14:35:48.0667 1876 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:35:48.0699 1876 IPNAT - ok 14:35:48.0901 1876 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 14:35:48.0933 1876 iPod Service - ok 14:35:48.0933 1876 ipswuio - ok 14:35:48.0964 1876 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:35:48.0995 1876 IRENUM - ok 14:35:49.0042 1876 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:35:49.0073 1876 isapnp - ok 14:35:49.0291 1876 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:35:49.0307 1876 iScsiPrt - ok 14:35:49.0354 1876 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:35:49.0385 1876 iteatapi - ok 14:35:49.0432 1876 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:35:49.0447 1876 iteraid - ok 14:35:49.0479 1876 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:35:49.0510 1876 kbdclass - ok 14:35:49.0588 1876 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:35:49.0650 1876 kbdhid - ok 14:35:49.0681 1876 [ 7F2B8D0B31FB4A797E5786EF124C5A80 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 14:35:49.0697 1876 kbfiltr - ok 14:35:49.0728 1876 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 14:35:49.0837 1876 KeyIso - ok 14:35:49.0931 1876 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:35:50.0025 1876 KSecDD - ok 14:35:50.0118 1876 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 14:35:50.0226 1876 KtmRm - ok 14:35:50.0387 1876 [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E C:\Windows\system32\DRIVERS\L1E60x86.sys 14:35:50.0402 1876 L1E - ok 14:35:50.0605 1876 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 14:35:50.0667 1876 LanmanServer - ok 14:35:50.0699 1876 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:35:50.0792 1876 LanmanWorkstation - ok 14:35:50.0870 1876 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 14:35:50.0933 1876 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 14:35:50.0933 1876 LightScribeService - detected UnsignedFile.Multi.Generic (1) 14:35:50.0979 1876 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:35:51.0057 1876 lltdio - ok 14:35:51.0151 1876 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:35:51.0229 1876 lltdsvc - ok 14:35:51.0260 1876 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:35:51.0307 1876 lmhosts - ok 14:35:51.0354 1876 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:35:51.0385 1876 LSI_FC - ok 14:35:51.0401 1876 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:35:51.0432 1876 LSI_SAS - ok 14:35:51.0463 1876 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:35:51.0479 1876 LSI_SCSI - ok 14:35:51.0557 1876 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 14:35:51.0603 1876 luafv - ok 14:35:51.0650 1876 [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys 14:35:51.0666 1876 lullaby - ok 14:35:51.0713 1876 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:35:51.0915 1876 Mcx2Svc - ok 14:35:51.0962 1876 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 14:35:51.0993 1876 megasas - ok 14:35:52.0040 1876 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 14:35:52.0196 1876 MegaSR - ok 14:35:52.0243 1876 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 14:35:52.0305 1876 MMCSS - ok 14:35:52.0337 1876 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 14:35:52.0430 1876 Modem - ok 14:35:52.0555 1876 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:35:52.0617 1876 monitor - ok 14:35:52.0742 1876 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:35:52.0758 1876 mouclass - ok 14:35:52.0789 1876 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:35:52.0945 1876 mouhid - ok 14:35:52.0961 1876 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:35:52.0992 1876 MountMgr - ok 14:35:53.0101 1876 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 14:35:53.0132 1876 MozillaMaintenance - ok 14:35:53.0163 1876 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 14:35:53.0195 1876 mpio - ok 14:35:53.0210 1876 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:35:53.0288 1876 mpsdrv - ok 14:35:53.0351 1876 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 14:35:53.0507 1876 MpsSvc - ok 14:35:53.0553 1876 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:35:53.0585 1876 Mraid35x - ok 14:35:53.0631 1876 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:35:53.0663 1876 MRxDAV - ok 14:35:53.0803 1876 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:35:53.0834 1876 mrxsmb - ok 14:35:53.0928 1876 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:35:53.0975 1876 mrxsmb10 - ok 14:35:54.0053 1876 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:35:54.0146 1876 mrxsmb20 - ok 14:35:54.0193 1876 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 14:35:54.0224 1876 msahci - ok 14:35:54.0427 1876 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:35:54.0458 1876 msdsm - ok 14:35:54.0474 1876 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 14:35:54.0552 1876 MSDTC - ok 14:35:54.0645 1876 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:35:54.0677 1876 Msfs - ok 14:35:54.0723 1876 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:35:54.0739 1876 msisadrv - ok 14:35:54.0770 1876 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:35:54.0848 1876 MSiSCSI - ok 14:35:54.0864 1876 msiserver - ok 14:35:54.0895 1876 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:35:54.0957 1876 MSKSSRV - ok 14:35:54.0973 1876 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:35:55.0051 1876 MSPCLOCK - ok 14:35:55.0098 1876 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:35:55.0145 1876 MSPQM - ok 14:35:55.0176 1876 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:35:55.0238 1876 MsRPC - ok 14:35:55.0285 1876 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:35:55.0285 1876 mssmbios - ok 14:35:55.0316 1876 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:35:55.0371 1876 MSTEE - ok 14:35:55.0403 1876 [ BB16693616427EAC1A436E106EA8D318 ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys 14:35:55.0418 1876 MTsensor - ok 14:35:55.0449 1876 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 14:35:55.0465 1876 Mup - ok 14:35:55.0512 1876 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 14:35:55.0590 1876 napagent - ok 14:35:55.0683 1876 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:35:55.0933 1876 NativeWifiP - ok 14:35:55.0980 1876 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:35:56.0011 1876 NDIS - ok 14:35:56.0042 1876 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:35:56.0089 1876 NdisTapi - ok 14:35:56.0151 1876 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:35:56.0214 1876 Ndisuio - ok 14:35:56.0245 1876 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:35:56.0292 1876 NdisWan - ok 14:35:56.0354 1876 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:35:56.0385 1876 NDProxy - ok 14:35:56.0432 1876 [ 29C45722E20572B6440B57E3359E73EE ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys 14:35:56.0448 1876 Netaapl ( UnsignedFile.Multi.Generic ) - warning 14:35:56.0448 1876 Netaapl - detected UnsignedFile.Multi.Generic (1) 14:35:56.0510 1876 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:35:56.0573 1876 NetBIOS - ok 14:35:56.0619 1876 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:35:56.0682 1876 netbt - ok 14:35:56.0713 1876 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 14:35:56.0729 1876 Netlogon - ok 14:35:56.0807 1876 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 14:35:56.0869 1876 Netman - ok 14:35:56.0900 1876 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 14:35:56.0994 1876 netprofm - ok 14:35:57.0072 1876 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:35:57.0087 1876 NetTcpPortSharing - ok 14:35:57.0134 1876 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:35:57.0150 1876 nfrd960 - ok 14:35:57.0197 1876 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:35:57.0243 1876 NlaSvc - ok 14:35:57.0290 1876 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:35:57.0353 1876 Npfs - ok 14:35:57.0384 1876 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 14:35:57.0431 1876 nsi - ok 14:35:57.0477 1876 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:35:57.0540 1876 nsiproxy - ok 14:35:57.0602 1876 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:35:57.0696 1876 Ntfs - ok 14:35:57.0743 1876 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 14:35:57.0821 1876 ntrigdigi - ok 14:35:57.0852 1876 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 14:35:58.0179 1876 Null - ok 14:35:58.0242 1876 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:35:58.0289 1876 nvraid - ok 14:35:58.0320 1876 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:35:58.0335 1876 nvstor - ok 14:35:58.0398 1876 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:35:58.0429 1876 nv_agp - ok 14:35:58.0429 1876 NwlnkFlt - ok 14:35:58.0445 1876 NwlnkFwd - ok 14:35:58.0476 1876 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 14:35:58.0507 1876 ohci1394 - ok 14:35:58.0585 1876 [ CCAF7108859B6B1698A4223E2760B578 ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe 14:35:58.0616 1876 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning 14:35:58.0616 1876 OpenVPNService - detected UnsignedFile.Multi.Generic (1) 14:35:58.0679 1876 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:35:58.0694 1876 ose - ok 14:35:58.0881 1876 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:35:59.0115 1876 osppsvc - ok 14:35:59.0147 1876 [ 257190D58444732B68919C573368B64D ] OXSDIDRV_x32 C:\Windows\system32\DRIVERS\OXSDIDRV_x32.sys 14:35:59.0162 1876 OXSDIDRV_x32 - ok 14:35:59.0240 1876 [ 8F534A8630F6BABA92E14531F96906CD ] OXUDIDRV C:\Windows\system32\Drivers\OXUDIDRV_X32.sys 14:35:59.0256 1876 OXUDIDRV - ok 14:35:59.0318 1876 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:35:59.0443 1876 p2pimsvc - ok 14:35:59.0505 1876 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 14:35:59.0537 1876 p2psvc - ok 14:35:59.0630 1876 [ 81A0921E2A3FDCF840E43AF64BF96EA2 ] PAC7302 C:\Windows\system32\DRIVERS\PAC7302.SYS 14:35:59.0739 1876 PAC7302 - ok 14:35:59.0786 1876 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 14:35:59.0895 1876 Parport - ok 14:35:59.0958 1876 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:35:59.0973 1876 partmgr - ok 14:36:00.0005 1876 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 14:36:00.0083 1876 Parvdm - ok 14:36:00.0114 1876 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 14:36:00.0192 1876 PcaSvc - ok 14:36:00.0239 1876 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 14:36:00.0270 1876 pci - ok 14:36:00.0301 1876 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 14:36:00.0332 1876 pciide - ok 14:36:00.0363 1876 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:36:00.0395 1876 pcmcia - ok 14:36:00.0430 1876 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:36:00.0593 1876 PEAUTH - ok 14:36:00.0780 1876 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 14:36:01.0061 1876 pla - ok 14:36:01.0154 1876 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:36:01.0217 1876 PlugPlay - ok 14:36:01.0248 1876 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:36:01.0263 1876 PNRPAutoReg - ok 14:36:01.0373 1876 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:36:01.0404 1876 PNRPsvc - ok 14:36:01.0482 1876 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:36:01.0544 1876 PolicyAgent - ok 14:36:01.0591 1876 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:36:01.0653 1876 PptpMiniport - ok 14:36:01.0685 1876 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 14:36:01.0747 1876 Processor - ok 14:36:01.0794 1876 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 14:36:01.0841 1876 ProfSvc - ok 14:36:01.0872 1876 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 14:36:01.0903 1876 ProtectedStorage - ok 14:36:01.0934 1876 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 14:36:01.0981 1876 PSched - ok 14:36:02.0012 1876 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 14:36:02.0059 1876 PxHelp20 - ok 14:36:02.0121 1876 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:36:02.0277 1876 ql2300 - ok 14:36:02.0355 1876 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:36:02.0387 1876 ql40xx - ok 14:36:02.0465 1876 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 14:36:02.0543 1876 QWAVE - ok 14:36:02.0589 1876 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:36:02.0636 1876 QWAVEdrv - ok 14:36:02.0667 1876 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:36:02.0730 1876 RasAcd - ok 14:36:02.0761 1876 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 14:36:02.0839 1876 RasAuto - ok 14:36:02.0886 1876 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:36:02.0933 1876 Rasl2tp - ok 14:36:02.0979 1876 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 14:36:03.0011 1876 RasMan - ok 14:36:03.0042 1876 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:36:03.0104 1876 RasPppoe - ok 14:36:03.0151 1876 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:36:03.0198 1876 RasSstp - ok 14:36:03.0229 1876 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:36:03.0291 1876 rdbss - ok 14:36:03.0354 1876 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:36:03.0401 1876 RDPCDD - ok 14:36:03.0432 1876 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 14:36:03.0479 1876 rdpdr - ok 14:36:03.0494 1876 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:36:03.0541 1876 RDPENCDD - ok 14:36:03.0572 1876 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:36:03.0650 1876 RDPWD - ok 14:36:03.0681 1876 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:36:03.0744 1876 RemoteAccess - ok 14:36:03.0791 1876 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:36:03.0837 1876 RemoteRegistry - ok 14:36:03.0884 1876 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 14:36:03.0962 1876 RpcLocator - ok 14:36:04.0087 1876 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 14:36:04.0290 1876 RpcSs - ok 14:36:04.0337 1876 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:36:04.0383 1876 rspndr - ok 14:36:04.0415 1876 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 14:36:04.0446 1876 SamSs - ok 14:36:04.0461 1876 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:36:04.0493 1876 sbp2port - ok 14:36:04.0524 1876 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:36:04.0555 1876 SCardSvr - ok 14:36:04.0617 1876 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 14:36:04.0664 1876 Schedule - ok 14:36:04.0695 1876 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:36:04.0711 1876 SCPolicySvc - ok 14:36:04.0773 1876 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 14:36:04.0836 1876 sdbus - ok 14:36:04.0883 1876 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:36:04.0929 1876 SDRSVC - ok 14:36:04.0961 1876 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:36:05.0039 1876 secdrv - ok 14:36:05.0070 1876 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 14:36:05.0117 1876 seclogon - ok 14:36:05.0148 1876 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 14:36:05.0210 1876 SENS - ok 14:36:05.0257 1876 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 14:36:05.0304 1876 Serenum - ok 14:36:05.0335 1876 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 14:36:05.0413 1876 Serial - ok 14:36:05.0444 1876 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:36:05.0475 1876 sermouse - ok 14:36:05.0508 1876 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 14:36:05.0564 1876 SessionEnv - ok 14:36:05.0579 1876 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:36:05.0626 1876 sffdisk - ok 14:36:05.0673 1876 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:36:05.0720 1876 sffp_mmc - ok 14:36:05.0767 1876 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:36:05.0845 1876 sffp_sd - ok 14:36:05.0891 1876 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 14:36:06.0032 1876 sfloppy - ok 14:36:06.0110 1876 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:36:06.0172 1876 SharedAccess - ok 14:36:06.0250 1876 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:36:06.0328 1876 ShellHWDetection - ok 14:36:06.0359 1876 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 14:36:06.0391 1876 sisagp - ok 14:36:06.0484 1876 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 14:36:06.0515 1876 SiSRaid2 - ok 14:36:06.0625 1876 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:36:06.0656 1876 SiSRaid4 - ok 14:36:06.0734 1876 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 14:36:06.0749 1876 SkypeUpdate - ok 14:36:06.0859 1876 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 14:36:07.0077 1876 slsvc - ok 14:36:07.0139 1876 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 14:36:07.0202 1876 SLUINotify - ok 14:36:07.0264 1876 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:36:07.0295 1876 Smb - ok 14:36:07.0436 1876 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys 14:36:07.0592 1876 smserial - ok 14:36:07.0654 1876 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:36:07.0841 1876 SNMPTRAP - ok 14:36:07.0919 1876 [ 060F51141B20B8156804446A04AB8B2A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 14:36:08.0200 1876 SNP2UVC - ok 14:36:08.0231 1876 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 14:36:08.0247 1876 spldr - ok 14:36:08.0341 1876 [ 739DB668DBD812285ECC553E64A5E212 ] spmgr C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 14:36:08.0372 1876 spmgr - ok 14:36:08.0419 1876 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 14:36:08.0497 1876 Spooler - ok 14:36:08.0559 1876 [ 43E8E8238FF52A807D5C17F1AE5CC49C ] SRS_PremiumSound_Service C:\Windows\system32\drivers\srs_PremiumSound_i386.sys 14:36:08.0590 1876 SRS_PremiumSound_Service - ok 14:36:08.0653 1876 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 14:36:08.0715 1876 srv - ok 14:36:08.0746 1876 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:36:08.0840 1876 srv2 - ok 14:36:08.0887 1876 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:36:08.0933 1876 srvnet - ok 14:36:08.0980 1876 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:36:09.0027 1876 SSDPSRV - ok 14:36:09.0058 1876 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 14:36:09.0074 1876 ssmdrv - ok 14:36:09.0089 1876 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:36:09.0121 1876 SstpSvc - ok 14:36:09.0199 1876 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 14:36:09.0245 1876 StillCam - ok 14:36:09.0292 1876 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 14:36:09.0339 1876 stisvc - ok 14:36:09.0370 1876 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:36:09.0401 1876 swenum - ok 14:36:09.0433 1876 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 14:36:09.0495 1876 swprv - ok 14:36:09.0526 1876 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 14:36:09.0542 1876 Symc8xx - ok 14:36:09.0573 1876 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 14:36:09.0589 1876 Sym_hi - ok 14:36:09.0620 1876 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 14:36:09.0635 1876 Sym_u3 - ok 14:36:09.0682 1876 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 14:36:09.0760 1876 SysMain - ok 14:36:09.0807 1876 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:36:09.0838 1876 TabletInputService - ok 14:36:09.0885 1876 [ 5C7C939BBD03784FE58C80578D065CC9 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 14:36:09.0932 1876 tap0901 - ok 14:36:09.0979 1876 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:36:10.0025 1876 TapiSrv - ok 14:36:10.0072 1876 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 14:36:10.0103 1876 TBS - ok 14:36:10.0166 1876 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:36:10.0259 1876 Tcpip - ok 14:36:10.0353 1876 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 14:36:10.0384 1876 Tcpip6 - ok 14:36:10.0415 1876 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:36:10.0447 1876 tcpipreg - ok 14:36:10.0525 1876 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:36:10.0588 1876 TDPIPE - ok 14:36:10.0614 1876 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:36:10.0688 1876 TDTCP - ok 14:36:10.0719 1876 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:36:10.0781 1876 tdx - ok 14:36:10.0813 1876 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:36:10.0844 1876 TermDD - ok 14:36:10.0891 1876 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 14:36:10.0922 1876 TermService - ok 14:36:10.0953 1876 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 14:36:10.0984 1876 Themes - ok 14:36:10.0984 1876 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 14:36:11.0015 1876 THREADORDER - ok 14:36:11.0047 1876 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 14:36:11.0109 1876 TrkWks - ok 14:36:11.0249 1876 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:36:11.0312 1876 TrustedInstaller - ok 14:36:11.0374 1876 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:36:11.0421 1876 tssecsrv - ok 14:36:11.0468 1876 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 14:36:11.0515 1876 tunmp - ok 14:36:11.0608 1876 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:36:11.0702 1876 tunnel - ok 14:36:11.0749 1876 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:36:11.0780 1876 uagp35 - ok 14:36:11.0827 1876 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:36:11.0889 1876 udfs - ok 14:36:11.0920 1876 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:36:11.0983 1876 UI0Detect - ok 14:36:12.0014 1876 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:36:12.0061 1876 uliagpkx - ok 14:36:12.0076 1876 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 14:36:12.0139 1876 uliahci - ok 14:36:12.0170 1876 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 14:36:12.0201 1876 UlSata - ok 14:36:12.0232 1876 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 14:36:12.0248 1876 ulsata2 - ok 14:36:12.0279 1876 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:36:12.0326 1876 umbus - ok 14:36:12.0357 1876 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 14:36:12.0419 1876 upnphost - ok 14:36:12.0513 1876 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 14:36:12.0575 1876 USBAAPL - ok 14:36:12.0622 1876 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 14:36:12.0669 1876 usbaudio - ok 14:36:12.0700 1876 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:36:12.0763 1876 usbccgp - ok 14:36:12.0809 1876 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:36:12.0903 1876 usbcir - ok 14:36:12.0934 1876 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:36:12.0981 1876 usbehci - ok 14:36:13.0028 1876 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:36:13.0059 1876 usbhub - ok 14:36:13.0090 1876 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:36:13.0168 1876 usbohci - ok 14:36:13.0246 1876 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:36:13.0309 1876 usbprint - ok 14:36:13.0355 1876 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 14:36:13.0449 1876 usbscan - ok 14:36:13.0480 1876 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:36:13.0543 1876 USBSTOR - ok 14:36:13.0574 1876 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:36:13.0636 1876 usbuhci - ok 14:36:13.0683 1876 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 14:36:13.0745 1876 usbvideo - ok 14:36:13.0792 1876 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 14:36:13.0839 1876 UxSms - ok 14:36:13.0901 1876 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 14:36:13.0964 1876 vds - ok 14:36:14.0026 1876 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:36:14.0073 1876 vga - ok 14:36:14.0104 1876 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 14:36:14.0167 1876 VgaSave - ok 14:36:14.0198 1876 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 14:36:14.0229 1876 viaagp - ok 14:36:14.0291 1876 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 14:36:14.0338 1876 ViaC7 - ok 14:36:14.0401 1876 [ A6CAB31A6CFCD41E5213A924B2413EF1 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys 14:36:14.0510 1876 VIAHdAudAddService - ok 14:36:14.0557 1876 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 14:36:14.0572 1876 viaide - ok 14:36:14.0588 1876 VNUSB - ok 14:36:14.0603 1876 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:36:14.0650 1876 volmgr - ok 14:36:14.0681 1876 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:36:14.0713 1876 volmgrx - ok 14:36:14.0775 1876 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:36:14.0806 1876 volsnap - ok 14:36:14.0837 1876 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:36:14.0853 1876 vsmraid - ok 14:36:14.0915 1876 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 14:36:15.0056 1876 VSS - ok 14:36:15.0103 1876 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 14:36:15.0134 1876 W32Time - ok 14:36:15.0165 1876 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:36:15.0243 1876 WacomPen - ok 14:36:15.0274 1876 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 14:36:15.0337 1876 Wanarp - ok 14:36:15.0337 1876 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:36:15.0368 1876 Wanarpv6 - ok 14:36:15.0399 1876 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:36:15.0477 1876 wcncsvc - ok 14:36:15.0524 1876 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:36:15.0586 1876 WcsPlugInService - ok 14:36:15.0633 1876 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 14:36:15.0649 1876 Wd - ok 14:36:15.0711 1876 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:36:15.0770 1876 Wdf01000 - ok 14:36:15.0786 1876 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:36:15.0848 1876 WdiServiceHost - ok 14:36:15.0848 1876 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:36:15.0895 1876 WdiSystemHost - ok 14:36:15.0926 1876 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 14:36:15.0957 1876 WebClient - ok 14:36:16.0004 1876 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:36:16.0113 1876 Wecsvc - ok 14:36:16.0145 1876 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:36:16.0223 1876 wercplsupport - ok 14:36:16.0285 1876 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 14:36:16.0316 1876 WerSvc - ok 14:36:16.0363 1876 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 14:36:16.0394 1876 WimFltr - ok 14:36:16.0457 1876 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 14:36:16.0488 1876 WinDefend - ok 14:36:16.0488 1876 WinHttpAutoProxySvc - ok 14:36:16.0550 1876 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:36:16.0628 1876 Winmgmt - ok 14:36:16.0691 1876 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 14:36:16.0847 1876 WinRM - ok 14:36:16.0925 1876 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:36:17.0034 1876 Wlansvc - ok 14:36:17.0174 1876 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:36:17.0252 1876 wlidsvc - ok 14:36:17.0315 1876 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 14:36:17.0361 1876 WmiAcpi - ok 14:36:17.0424 1876 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:36:17.0471 1876 wmiApSrv - ok 14:36:17.0564 1876 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 14:36:17.0611 1876 WMPNetworkSvc - ok 14:36:17.0673 1876 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:36:17.0751 1876 WPCSvc - ok 14:36:17.0798 1876 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:36:17.0829 1876 WPDBusEnum - ok 14:36:17.0876 1876 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 14:36:17.0907 1876 WpdUsb - ok 14:36:18.0235 1876 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:36:18.0422 1876 WPFFontCache_v0400 - ok 14:36:18.0469 1876 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:36:18.0531 1876 ws2ifsl - ok 14:36:18.0859 1876 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 14:36:18.0890 1876 wscsvc - ok 14:36:18.0968 1876 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 14:36:19.0015 1876 WSDPrintDevice - ok 14:36:19.0015 1876 WSearch - ok 14:36:19.0483 1876 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 14:36:20.0060 1876 wuauserv - ok 14:36:20.0263 1876 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:36:20.0341 1876 WudfPf - ok 14:36:20.0419 1876 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:36:20.0466 1876 WUDFRd - ok 14:36:20.0528 1876 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:36:20.0575 1876 wudfsvc - ok 14:36:20.0798 1876 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 14:36:20.0928 1876 yukonwlh - ok 14:36:20.0943 1876 ================ Scan global =============================== 14:36:21.0146 1876 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 14:36:21.0240 1876 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 14:36:21.0520 1876 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 14:36:21.0723 1876 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 14:36:21.0739 1876 [Global] - ok 14:36:21.0739 1876 ================ Scan MBR ================================== 14:36:21.0801 1876 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0 14:36:47.0875 1876 \Device\Harddisk0\DR0 - ok 14:36:47.0875 1876 ================ Scan VBR ================================== 14:36:47.0969 1876 [ 604CB0A657BCC8549EAD1E7C96F4BA11 ] \Device\Harddisk0\DR0\Partition1 14:36:47.0985 1876 \Device\Harddisk0\DR0\Partition1 - ok 14:36:48.0141 1876 [ 46E1066CEA6A1C59F538FE8C86DAEEA9 ] \Device\Harddisk0\DR0\Partition2 14:36:48.0156 1876 \Device\Harddisk0\DR0\Partition2 - ok 14:36:48.0156 1876 ============================================================ 14:36:48.0156 1876 Scan finished 14:36:48.0156 1876 ============================================================ 14:36:48.0172 2716 Detected object count: 6 14:36:48.0172 2716 Actual detected object count: 6 14:37:21.0836 2716 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user 14:37:21.0836 2716 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:37:21.0836 2716 Afc ( UnsignedFile.Multi.Generic ) - skipped by user 14:37:21.0836 2716 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:37:21.0836 2716 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user 14:37:21.0836 2716 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:37:21.0852 2716 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 14:37:21.0852 2716 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:37:21.0852 2716 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user 14:37:21.0852 2716 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:37:21.0852 2716 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user 14:37:21.0852 2716 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
20.05.2013, 13:49 | #11 |
/// Malware-holic | Und noch ein GVU Angriff :( Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.05.2013, 14:35 | #12 |
| Und noch ein GVU Angriff :( Hat alles ohne Fehlermeldung geklappt Code:
ATTFilter ComboFix 13-05-18.04 - Cathrin 20.05.2013 15:09:07.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3036.1259 [GMT 2:00] ausgeführt von:: c:\users\Cathrin\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Common Files\ASPG_icon.ico c:\programdata\rundll32.exe c:\users\Cathrin\5466023.dll c:\users\Cathrin\AppData\Roaming\Desktopicon c:\users\Cathrin\AppData\Roaming\Desktopicon\config.ini . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-20 bis 2013-05-20 )))))))))))))))))))))))))))))) . . 2013-05-20 14:23 . 2013-05-20 14:23 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2013-05-20 14:23 . 2013-05-20 14:23 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2013-05-20 14:23 . 2013-05-20 14:23 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2013-05-20 14:23 . 2013-05-20 14:23 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2013-05-20 14:23 . 2013-05-20 14:23 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2013-05-20 14:23 . 2013-05-20 14:23 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2013-05-20 14:23 . 2013-05-20 14:23 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2013-05-20 14:23 . 2013-05-20 14:23 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2013-05-20 14:22 . 2013-05-20 14:22 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2013-05-20 14:22 . 2013-05-20 14:22 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2013-05-20 14:22 . 2013-05-20 14:22 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2013-05-20 14:22 . 2013-05-20 14:22 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2013-05-20 14:22 . 2013-05-20 14:22 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2013-05-20 14:22 . 2013-05-20 14:22 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2013-05-20 14:22 . 2013-05-20 14:22 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2013-05-20 14:22 . 2013-05-20 14:22 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2013-05-20 14:22 . 2013-05-20 14:22 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2013-05-20 13:23 . 2013-05-20 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-20 12:54 . 2013-05-20 12:54 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCA3FE3B-4ABF-4BB4-9A37-CA04842BD20C}\offreg.dll 2013-05-20 12:40 . 2013-05-13 23:49 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCA3FE3B-4ABF-4BB4-9A37-CA04842BD20C}\mpengine.dll 2013-05-18 20:56 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe 2013-05-18 20:56 . 2013-05-18 15:25 -------- d-----w- C:\_OTL 2013-05-18 15:22 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-17 18:06 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-17 18:06 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll 2013-05-17 18:05 . 2013-04-09 01:36 2049024 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-18 15:04 . 2009-06-26 04:06 45056 ----a-w- c:\windows\system32\acovcnt.exe 2013-05-15 16:23 . 2012-04-15 10:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-15 16:23 . 2011-08-20 07:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-02 00:06 . 2012-11-01 08:48 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-03-29 09:48 . 2012-11-01 08:40 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-29 09:48 . 2012-11-01 08:40 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-29 09:48 . 2012-11-01 08:40 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-11 13:25 . 2013-04-10 20:18 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25 . 2013-04-10 20:18 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 20:41 . 2013-03-09 20:41 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-09 20:41 . 2012-11-16 23:33 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-09 20:41 . 2010-06-16 16:57 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-09 03:45 . 2013-04-10 20:18 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28 . 2013-04-10 20:18 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53 . 2013-04-10 20:16 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-08 03:52 . 2013-04-10 20:18 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-03-03 19:07 . 2013-04-10 20:18 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2008-12-23 20:36 . 2008-12-23 20:36 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll 2013-04-13 19:12 . 2013-04-13 19:12 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}] 2010-06-13 17:10 2734688 ----a-w- c:\program files\MessengerPlusLive_Germany_TB\tbMess.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912] "{76aeea42-e04a-4b62-83ab-df4b2be2541e}"= "c:\program files\MessengerPlusLive_Germany_TB\tbMess.dll" [2010-06-13 2734688] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{76aeea42-e04a-4b62-83ab-df4b2be2541e}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912] "{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}"= "c:\program files\MessengerPlusLive_Germany_TB\tbMess.dll" [2010-06-13 2734688] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{76aeea42-e04a-4b62-83ab-df4b2be2541e}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Cathrin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Cathrin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Cathrin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-20 3261688] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024] "iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720] "ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-05-18 323584] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 1474560] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-06-26 3054136] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-06-26 47672] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568] "ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Cathrin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\WI83E4~1\Datamngr\datamngr.dll c:\progra~1\WI83E4~1\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk] backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk] backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON] 2008-10-01 06:02 851968 ----a-w- c:\program files\ASUS\Splendid\ACMON.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-10-27 18:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA] 2008-12-29 17:21 159744 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility] 2007-11-19 02:19 128352 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-02-20 11:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] 2008-12-18 22:30 323216 ----a-w- c:\program files\Napster\napster.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] 2010-06-07 13:32 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 88947350 *Deregistered* - 88947350 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:23] . 2012-11-04 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job - c:\program files\ASUS\SmartLogon\sensorsrv.exe [2008-12-09 22:00] . 2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 13:36] . 2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 13:36] . 2012-11-04 c:\windows\Tasks\Net4Switch.job - c:\program files\ASUS\Net4Switch\Net4Switch.exe [2011-01-01 12:44] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=hp&babsrc=lnkry_nt mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to Mp3 Converter - c:\users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Cathrin\AppData\Roaming\Mozilla\Firefox\Profiles\e8w3q7kr.default-1355078513750\ FF - prefs.js: browser.search.selectedEngine - Google.de FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-10 - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-05-20 15:25 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . . c:\users\Cathrin\AppData\Local\Temp\catchme.dll 53248 bytes executable C:\ADSM_PData_0150 . Scan erfolgreich abgeschlossen versteckte Dateien: 2 . ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(640) c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll . Zeit der Fertigstellung: 2013-05-20 15:29:43 ComboFix-quarantined-files.txt 2013-05-20 13:29 . Vor Suchlauf: 14 Verzeichnis(se), 20.211.150.848 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 22.617.776.128 Bytes frei . - - End Of File - - 2399E09787DC521A015495ADE9A3F520 |
20.05.2013, 14:39 | #13 |
/// Malware-holic | Und noch ein GVU Angriff :( Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.05.2013, 17:35 | #14 |
| Und noch ein GVU Angriff :( Bitte sehr : Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.20.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Cathrin :: CATHRINS_LAPPI [Administrator] 20.05.2013 15:45:42 mbam-log-2013-05-20 (15-45-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 428090 Laufzeit: 2 Stunde(n), 45 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Qoobox\Quarantine\C\Users\Cathrin\5466023.dll.vir (Trojan.FakeMS.INC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles.zip (Trojan.FakeMS.INC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\05182013_165650\C_ProgramData\zdhft.dat (Trojan.FakeMS.INC) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
20.05.2013, 17:39 | #15 |
/// Malware-holic | Und noch ein GVU Angriff :( sieht gut aus. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Und noch ein GVU Angriff :( |
abgesicherten, angriff, applaus, betriebssystem, eingefangen, entferne, entfernen, filme, freundin, gen, griff, heute, hoffe, interne, internet, kompetent, konnte, laptop, modus, nicht mehr, sofort, starte, starten, super, trojaners, windows, würde, Änderungen |