| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2011, 19:36
| #1 |
| |  tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Hallo Leute, Ich glaube ich habe mir einen Virus eingefangen, der nicht so leicht zu entfernen ist. Es hat vor ein paar Tagen angefangen und zwar meldete sich avira dauernd zu wort: In der Datei 'C:\Users\Johannes\AppData\Local\2bde10f3\U\800000cb.@' wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Löschen oder in Quarantäne verschieben hat nicht geholfen. Daraufhin habe ich mir mbam runtergeladen und einen scan laufen lassen und alle Funde gelöscht. Jetzt kommt zwar nicht mehr die avira meldung, aber den Virus bin ich immer noch nicht los. Zum Einen öffnet sich in regelmäßigen Abständen automatisch ein Tab (irgendwas mit mediashifting.com/...). Zum Anderen findet mbam immer wieder den selben Regestryeintrag der nicht verschwindet (HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Johannes\AppData\Local\2bde10f3\X). Komischerweise gibts den Ordner 2bde10f3 gar nicht unter ..\Local\. Ich hoffe ihr könnt mir weiterhelfen, denn ich würde nur sehr ungern mein System neu aufsetzen. PS: Mein Betriebssystem ist Win 7 Professional SP1 64-bit |
|
28.12.2011, 20:37
| #2 |
  | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Hi,
__________________Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
|
29.12.2011, 00:46
| #3 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen mbam log:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.28.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Johannes :: JOE [Administrator] 28.12.2011 23:16:24 mbam-log-2011-12-28 (23-16-24).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 421071 Laufzeit: 1 Stunde(n), 24 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Johannes\AppData\Local\2bde10f3\X -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 28.12.2011 23:18:09 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Johannes\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 38,45% Memory free 8,00 Gb Paging File | 5,21 Gb Available in Paging File | 65,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 500,00 Gb Total Space | 373,68 Gb Free Space | 74,74% Space Free | Partition Type: NTFS Drive D: | 1363,01 Gb Total Space | 556,32 Gb Free Space | 40,82% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 465,38 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Computer Name: JOE | User Name: Johannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH) ========== Modules (No Company Name) ========== MOD - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\0k9685op.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko8\WINNT_x86-msvc\SSSLauncher.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll () MOD - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AODService) -- C:\Program Files (x86)\Tuning\AMD Overdrive\AODAssist.exe () SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.) DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.) DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.) DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd) DRV - (AODDriver4.01) -- C:\Program Files (x86)\Tuning\AMD Overdrive\amd64\AODDriver2.sys (Advanced Micro Devices) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 0B 82 1E F8 BF CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://www.hsv.de/index.php?id=16043" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 19:50:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 19:50:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.29 08:39:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.28 21:49:53 | 000,000,000 | ---D | M] [2011.03.30 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions [2011.03.30 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.27 11:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions [2011.12.16 22:44:15 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.12.21 20:53:13 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2011.05.15 09:25:16 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.12.21 20:53:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\firefox@tvunetworks.com [2010.12.21 20:53:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\moveplayer@movenetworks.com [2011.04.02 17:42:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\vshare@toolbar [2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\0k9685op.default\searchplugins\conduit.xml [2011.11.29 08:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI [2011.11.29 08:39:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.12.22 15:57:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E578DDC-AFD0-42A7-B617-DDBB64557420}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (C:\Users\Johannes\AppData\Local\2bde10f3\X) -C:\Users\Johannes\AppData\Local\2bde10f3\X () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{cd6a2aeb-0d4e-11e0-867e-6c626d85fadc}\Shell - "" = AutoRun O33 - MountPoints2\{cd6a2aeb-0d4e-11e0-867e-6c626d85fadc}\Shell\AutoRun\command - "" = L:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.28 23:16:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2011.12.22 09:23:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes\AppData\Local\2bde10f3 [2011.12.14 09:24:25 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.14 09:24:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.14 09:24:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.14 09:24:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.14 09:24:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.14 09:24:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.14 09:24:23 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.12.14 09:24:23 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.12.14 09:24:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.12.14 09:24:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.12.14 09:24:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.12.14 09:22:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.14 09:21:53 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.14 09:21:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.12 22:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.12.12 22:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011.12.12 22:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.12.09 16:11:52 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Sky [2011.12.08 20:08:50 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\2011_12_08 [2011.12.08 00:39:26 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Tor [2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle [2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle [2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Vidalia [2011.12.08 00:37:03 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor [2011.12.08 00:12:47 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\utmp [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.28 23:16:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2011.12.28 20:18:40 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.28 20:18:40 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.28 17:45:11 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.28 14:12:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.12.28 13:47:24 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.28 13:47:24 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.28 13:47:24 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.28 13:47:24 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.28 13:47:24 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.28 13:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.28 13:42:59 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2011.12.27 22:42:01 | 000,538,052 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_3.JPG [2011.12.27 22:41:57 | 000,569,812 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_2.JPG [2011.12.27 22:41:54 | 000,565,191 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_1.JPG [2011.12.27 22:41:50 | 000,572,077 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_3.jpg [2011.12.27 22:41:47 | 000,511,469 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_2.jpg [2011.12.27 22:41:45 | 000,568,741 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_1.JPG [2011.12.21 16:49:03 | 000,000,600 | ---- | M] () -- C:\Users\Johannes\PUTTY.RND [2011.12.20 19:36:53 | 000,139,966 | ---- | M] () -- C:\Users\Johannes\Desktop\Targobank.pdf [2011.12.20 15:16:00 | 000,000,213 | ---- | M] () -- C:\Users\Johannes\Desktop\u.ini [2011.12.14 15:59:31 | 000,339,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.08 19:44:19 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.08 00:12:13 | 001,249,280 | ---- | M] () -- C:\Users\Johannes\Desktop\U1103.exe [2011.12.06 23:40:50 | 001,671,629 | ---- | M] () -- C:\Users\Johannes\Desktop\Marktuebersicht_CI+_geeigneter_Empfangsgeraete.pdf [2011.12.03 10:39:59 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.28 17:45:11 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.27 22:42:01 | 000,538,052 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_3.JPG [2011.12.27 22:41:57 | 000,569,812 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_2.JPG [2011.12.27 22:41:54 | 000,565,191 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_1.JPG [2011.12.27 22:41:50 | 000,572,077 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_3.jpg [2011.12.27 22:41:47 | 000,511,469 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_2.jpg [2011.12.27 22:41:45 | 000,568,741 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_1.JPG [2011.12.20 19:36:53 | 000,139,966 | ---- | C] () -- C:\Users\Johannes\Desktop\Targobank.pdf [2011.12.08 00:20:40 | 000,000,213 | ---- | C] () -- C:\Users\Johannes\Desktop\u.ini [2011.12.08 00:12:13 | 001,249,280 | ---- | C] () -- C:\Users\Johannes\Desktop\U1103.exe [2011.12.08 00:08:07 | 000,000,600 | ---- | C] () -- C:\Users\Johannes\PUTTY.RND [2011.12.06 23:40:50 | 001,671,629 | ---- | C] () -- C:\Users\Johannes\Desktop\Marktuebersicht_CI+_geeigneter_Empfangsgeraete.pdf [2011.12.03 10:39:59 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.18 18:04:04 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.09.20 18:28:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.09.20 18:28:58 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.09.02 12:42:42 | 000,000,843 | ---- | C] () -- C:\Windows\wiso.ini [2011.07.17 22:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.05.16 07:30:28 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.26 12:19:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.01.26 20:21:26 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\AppData\Local\STAR.trace [2011.01.26 13:56:35 | 000,003,278 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\SerialClonerPrefs [2010.12.27 15:31:39 | 000,000,017 | ---- | C] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg [2010.12.22 17:45:19 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.12.21 21:29:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.12.2011 23:18:09 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Johannes\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 38,45% Memory free
8,00 Gb Paging File | 5,21 Gb Available in Paging File | 65,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 500,00 Gb Total Space | 373,68 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Drive D: | 1363,01 Gb Total Space | 556,32 Gb Free Space | 40,82% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,38 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Computer Name: JOE | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10ADF519-706B-6EC7-A1A7-A2580D920457}" = AMD Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{2AF2EABE-CF18-CACB-E57C-A4902A3C36C8}" = AMD Media Foundation Decoders
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C95F41B-70D9-7EF8-BC80-B1C896B5B747}" = AMD Fuel
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D79C2CD4-7BCC-60AC-76C9-834CEEF1CDBE}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.00 Beta 3 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1DA27F36-93EB-E82F-2DA3-48F13C0153CD}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{330D5210-3C4F-E632-2714-BE23C7C10B9F}" = Catalyst Control Center Graphics Previews Common
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{43544FB5-BC1D-939A-7FDA-F7F3E5AEC35B}" = AMD VISION Engine Control Center
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F6F7929-56E8-4FAE-92A8-6B86108D07C1}" = LG United Mobile Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{78D2854E-5DBF-11E7-B41F-47D203C8ED66}" = CCC Help English
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5676-5A64-A00000000003}" = Adobe Reader Extended Language Support Font Pack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{DAD5AC93-8518-4F46-A5FE-E63FEE791B6F}" = AMD OverDrive
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Afterburner" = MSI Afterburner 2.0.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"Core Damage 0.8h" = Core Damage 0.8h
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DivX Setup.divx.com" = DivX-Setup
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Fraps" = Fraps
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Mafia II_is1" = Mafia II DLC Joe's Adventures
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"Postal 2_is1" = Portal 2
"PyMOL" = PyMOL
"SopCast" = SopCast 3.3.2
"SpeedFan" = SpeedFan (remove only)
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 33230" = Assassin's Creed II
"Tor" = Tor 0.2.2.34
"Veetle TV" = Veetle TV 0.9.18
"Vidalia" = Vidalia 0.2.15
"VLC media player" = VLC media player 1.1.11
"xvid" = XviD MPEG-4 Video Codec
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3029
Description =
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3028
Description =
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3058
Description =
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 7010
Description =
Error - 07.12.2011 19:16:56 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm U1103.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1154 Startzeit:
01ccb535bb52298e Endzeit: 5 Anwendungspfad: C:\Users\Johannes\Desktop\U1103.exe Berichts-ID:
8bfa7f7e-2129-11e1-ae48-6c626d85fadc
Error - 07.12.2011 19:18:33 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm U1103.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4cc Startzeit:
01ccb5365bb08003 Endzeit: 16 Anwendungspfad: C:\Users\Johannes\Desktop\U1103.exe Berichts-ID:
c5efef55-2129-11e1-ae48-6c626d85fadc
Error - 11.12.2011 17:54:37 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 624 Startzeit:
01ccb796e716a229 Endzeit: 41 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
Error - 19.12.2011 17:51:40 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e0c Startzeit:
01ccbe186f0fda78 Endzeit: 18 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
9e928b07-2a8b-11e1-8dcb-6c626d85fadc
Error - 28.12.2011 09:20:56 | Computer Name = Joe | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000070a02ad000
ID
des fehlerhaften Prozesses: 0x738 Startzeit der fehlerhaften Anwendung: 0x01ccc563159d8383
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: c5c780a5-3156-11e1-817f-6c626d85fadc
Error - 28.12.2011 12:19:56 | Computer Name = Joe | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.51.0.1118, Zeitstempel:
0x4e5e8e67 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x61746144 ID des fehlerhaften Prozesses:
0xb50 Startzeit der fehlerhaften Anwendung: 0x01ccc57c842cf7ad Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: c72e6532-316f-11e1-817f-6c626d85fadc
[ System Events ]
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.12.2011 06:20:13 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 27.12.2011 17:58:40 | Computer Name = Joe | Source = DCOM | ID = 10010
Description =
Error - 28.12.2011 08:43:59 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 28.12.2011 08:55:49 | Computer Name = Joe | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
< End of report >
|
|
29.12.2011, 07:30
| #4 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Hi, Dateien Online überprüfen lassen
Code:
ATTFilter C:\Users\Johannes\Desktop\U1103.exe
Fix für OTL
 Code:
ATTFilter
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20 - HKCU Winlogon: Shell - (C:\Users\Johannes\AppData\Local\2bde10f3\X) -C:\Users\Johannes\AppData\Local\2bde10f3\X ()
[2011.12.22 09:23:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes\AppData\Local\2bde10f3
:Commands
[emptytemp]
[Reboot]
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... Superantispyware (SASW): http://www.trojaner-board.de/51871-a...tispyware.html chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
29.12.2011, 11:20
| #5 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen VirusTotal: Code:
ATTFilter Antivirus Version Last Update Result
AhnLab-V3 2011.12.28.03 2011.12.28 -
AntiVir 7.11.20.64 2011.12.29 -
Antiy-AVL 2.0.3.7 2011.12.29 NetTool/Win32.UltraSurf.gen
Avast 6.0.1289.0 2011.12.28 -
AVG 10.0.0.1190 2011.12.29 -
BitDefender 7.2 2011.12.29 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.29 NetTool.UltraSurf.ku (Not a Virus)
ClamAV 0.97.3.0 2011.12.29 -
Commtouch 5.3.2.6 2011.12.29 W32/MalCrypt.E.gen!Eldorado
Comodo 11126 2011.12.29 Application.Win32.NetTool.UltraSurf.KU
DrWeb 5.0.2.03300 2011.12.29 -
Emsisoft 5.1.0.11 2011.12.29 -
eSafe 7.0.17.0 2011.12.29 -
eTrust-Vet 37.0.9652 2011.12.29 -
F-Prot 4.6.5.141 2011.12.28 W32/MalCrypt.E.gen!Eldorado
F-Secure 9.0.16440.0 2011.12.29 -
Fortinet 4.3.388.0 2011.12.29 -
GData 22 2011.12.29 -
Ikarus T3.1.1.109.0 2011.12.29 -
Jiangmin 13.0.900 2011.12.28 -
K7AntiVirus 9.120.5796 2011.12.28 -
Kaspersky 9.0.0.837 2011.12.29 not-a-virus:NetTool.Win32.UltraSurf.ku
McAfee 5.400.0.1158 2011.12.29 -
McAfee-GW-Edition 2010.1E 2011.12.29 -
Microsoft 1.7903 2011.12.29 -
NOD32 6751 2011.12.29 Win32/UltraReach
Norman 6.07.13 2011.12.28 -
nProtect 2011-12-29.01 2011.12.29 -
Panda 10.0.3.5 2011.12.29 Generic Malware
PCTools 8.0.0.5 2011.12.29 -
Prevx 3.0 2011.12.29 -
Rising 23.90.03.02 2011.12.29 Trojan.Win32.Generic.12ACD4D8
Sophos 4.72.0 2011.12.29 -
SUPERAntiSpyware 4.40.0.1006 2011.12.28 -
Symantec 20111.2.0.82 2011.12.29 -
TheHacker 6.7.0.1.367 2011.12.29 -
TrendMicro 9.500.0.1008 2011.12.29 ADW_SCANNER
TrendMicro-HouseCall 9.500.0.1008 2011.12.29 ADW_SCANNER
VIPRE 11319 2011.12.29 Trojan.Win32.Generic!BT
ViRobot 2011.12.29.4853 2011.12.29 -
VirusBuster 14.1.138.0 2011.12.28 HackTool.UltraSurf!icgEMaAh37E
Additional information
MD5 : 0fa5a44db46d695514eb288203ed3f15
SHA1 : 08a234aa86036fcd1a208994b88668ee5ac0b851
SHA256: 0c6b0c57b33d031a0e4937022c1ee1f180692740251e8c8339a5b449219e5bb9
ssdeep: 24576:2htOJF7fjodcrAh2LbBa4QhdvdL6sgMUQhG+oomy0r0DO/:2LO3LjouAh2LbOLdLAqooE
File size : 1249280 bytes
First seen: 2011-11-23 04:31:17
Last seen : 2011-12-29 09:44:49
TrID:
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x691000
timedatestamp....: 0x4ECC7489 (Wed Nov 23 04:20:25 2011)
machinetype......: 0x14c (I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
, 0x1000, 0x4CB000, 0x61000, 7.96, dda8d09658e5fbb538a590eb86fc6eca
.rsrc, 0x4CC000, 0xD020, 0x5000, 6.43, 08220ce3b1c2cef59c519706ac685aaf
.idata , 0x4DA000, 0x1000, 0x1000, 0.22, 4383b2c57892fbcd1ce69670ce301e9c
, 0x4DB000, 0xEF000, 0x1000, 0.04, 343714dcf6ce58d153a8389ff7942a39
pemhjtco, 0x5CA000, 0xC7000, 0xC7000, 7.84, 82660e9f89c41e9908dfd5c819eef669
goqgwarp, 0x691000, 0x1000, 0x1000, 0.84, 7bbb0aaf7fd4216935ca76cb1a512d88
[[ 2 import(s) ]]
kernel32.dll: lstrcpy
comctl32.dll: InitCommonControls
[[ 2 export(s) ]]
_EXECryptor_GetHardwareID@0, _EXECryptor_IsAppProtected@0
ExifTool:
file metadata
CodeSize: 348160
EntryPoint: 0x691000
FileSize: 1220 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 4734976
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2011:11:23 05:20:25+01:00
UninitializedDataSize: 0
VT Community
User:
Anonymous
Reputation:
1 credits
Comment date:
2011-11-25 05:13:12 (UTC)
Tags: Goodware, eldorado, themida, malcrypt
Was this comment helpful? Yes (2) | No (0) | Report abuse
User:
Anonymous
Reputation:
1 credits
Comment date:
2011-11-26 15:16:43 (UTC)
xylitol reported the previous edition as a malware
so be carful
Tags: ultrasurf, nettool, eldorado
Was this comment helpful? Yes (0) | No (4) | Report abuse
User:
Anonymous
Reputation:
1 credits
Comment date:
2011-12-20 21:27:26 (UTC)
Tags: Malware, ultrasurf, nettool, eldorado
Was this comment helpful? Yes (0) | No (2) | Report abuse
User:
Anonymous
Reputation:
1 credits
Comment date:
2011-12-21 14:39:48 (UTC)
UltraSurf. Tool to browse the web with a proxy. Goodware.
Tags: Goodware, ultrasurf, nettool, eldorado
Was this comment helpful? Yes (1) | No (0) | Report abuse
User:
Drexter
Reputation:
27129 credits
Comment date:
2011-12-27 14:38:35 (UTC)
Goodware
Ultrasurf is a product of Ultrareach Internet Corporation. Originally created to help
internet users in China find security and freedom online, Ultrasurf has now become the
world's most popular pro-privacy, anti-censorship software, with millions of people using
it to bypass firewalls and protect their identity online.
Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Johannes\AppData\Local\2bde10f3\X deleted successfully.
File \Users\Johannes\AppData\Local\2bde10f3\X) -C:\Users\Johannes\AppData\Local\2bde10f3\X not found.
C:\Users\Johannes\AppData\Local\2bde10f3\U folder moved successfully.
Folder move failed. C:\Users\Johannes\AppData\Local\2bde10f3 scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Johannes
->Temp folder emptied: 5877111 bytes
->Temporary Internet Files folder emptied: 184336299 bytes
->Java cache emptied: 6407004 bytes
->FireFox cache emptied: 58980912 bytes
->Flash cache emptied: 746 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4857232 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 895895 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 8936800501 bytes
Total Files Cleaned = 8.772,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12292011_110152
Files\Folders moved on Reboot...
C:\Users\Johannes\AppData\Local\2bde10f3 folder moved successfully.
C:\Users\Johannes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Code:
ATTFilter 11:13:16.0531 1708 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:13:16.0718 1708 ============================================================
11:13:16.0718 1708 Current date / time: 2011/12/29 11:13:16.0718
11:13:16.0718 1708 SystemInfo:
11:13:16.0718 1708
11:13:16.0719 1708 OS Version: 6.1.7601 ServicePack: 1.0
11:13:16.0719 1708 Product type: Workstation
11:13:16.0719 1708 ComputerName: JOE
11:13:16.0719 1708 UserName: Johannes
11:13:16.0719 1708 Windows directory: C:\Windows
11:13:16.0719 1708 System windows directory: C:\Windows
11:13:16.0719 1708 Running under WOW64
11:13:16.0719 1708 Processor architecture: Intel x64
11:13:16.0719 1708 Number of processors: 4
11:13:16.0719 1708 Page size: 0x1000
11:13:16.0719 1708 Boot type: Normal boot
11:13:16.0719 1708 ============================================================
11:13:18.0601 1708 Initialize success
11:13:48.0726 3628 ============================================================
11:13:48.0726 3628 Scan started
11:13:48.0726 3628 Mode: Manual;
11:13:48.0726 3628 ============================================================
11:13:50.0151 3628 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:13:50.0164 3628 1394ohci - ok
11:13:50.0217 3628 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:13:50.0220 3628 ACPI - ok
11:13:50.0233 3628 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:13:50.0236 3628 AcpiPmi - ok
11:13:50.0399 3628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:13:50.0422 3628 adp94xx - ok
11:13:50.0448 3628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:13:50.0462 3628 adpahci - ok
11:13:50.0485 3628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:13:50.0491 3628 adpu320 - ok
11:13:50.0536 3628 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:13:50.0550 3628 AFD - ok
11:13:50.0573 3628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:13:50.0578 3628 agp440 - ok
11:13:50.0611 3628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:13:50.0614 3628 aliide - ok
11:13:50.0699 3628 ALSysIO - ok
11:13:50.0748 3628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:13:50.0752 3628 amdide - ok
11:13:50.0777 3628 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:13:50.0781 3628 amdiox64 - ok
11:13:50.0797 3628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:13:50.0802 3628 AmdK8 - ok
11:13:51.0245 3628 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
11:13:51.0369 3628 amdkmdag - ok
11:13:51.0413 3628 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
11:13:51.0417 3628 amdkmdap - ok
11:13:51.0452 3628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:13:51.0454 3628 AmdPPM - ok
11:13:51.0512 3628 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:13:51.0518 3628 amdsata - ok
11:13:51.0543 3628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:13:51.0557 3628 amdsbs - ok
11:13:51.0571 3628 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:13:51.0575 3628 amdxata - ok
11:13:51.0606 3628 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
11:13:51.0612 3628 Andbus - ok
11:13:51.0655 3628 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
11:13:51.0679 3628 AndDiag - ok
11:13:51.0697 3628 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
11:13:51.0704 3628 AndGps - ok
11:13:51.0774 3628 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
11:13:51.0778 3628 ANDModem - ok
11:13:51.0950 3628 AODDriver4.01 (b6b9f2c57193409c8b692ffaf509d21b) C:\Program Files (x86)\Tuning\AMD Overdrive\amd64\AODDriver2.sys
11:13:51.0989 3628 AODDriver4.01 - ok
11:13:52.0076 3628 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:13:52.0103 3628 AppID - ok
11:13:52.0147 3628 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:13:52.0153 3628 arc - ok
11:13:52.0167 3628 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:13:52.0172 3628 arcsas - ok
11:13:52.0214 3628 asusgsb (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
11:13:52.0217 3628 asusgsb - ok
11:13:52.0246 3628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:13:52.0249 3628 AsyncMac - ok
11:13:52.0279 3628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:13:52.0280 3628 atapi - ok
11:13:52.0362 3628 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
11:13:52.0378 3628 AtiHDAudioService - ok
11:13:52.0381 3628 atillk64 - ok
11:13:52.0416 3628 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
11:13:52.0422 3628 avgntflt - ok
11:13:52.0455 3628 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
11:13:52.0461 3628 avipbb - ok
11:13:52.0500 3628 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:13:52.0504 3628 avkmgr - ok
11:13:52.0530 3628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:13:52.0540 3628 b06bdrv - ok
11:13:52.0574 3628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:13:52.0582 3628 b57nd60a - ok
11:13:52.0593 3628 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:13:52.0595 3628 Beep - ok
11:13:52.0631 3628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:13:52.0636 3628 blbdrive - ok
11:13:52.0664 3628 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:13:52.0676 3628 bowser - ok
11:13:52.0692 3628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:13:52.0698 3628 BrFiltLo - ok
11:13:52.0720 3628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:13:52.0730 3628 BrFiltUp - ok
11:13:52.0756 3628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:13:52.0765 3628 Brserid - ok
11:13:52.0784 3628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:13:52.0789 3628 BrSerWdm - ok
11:13:52.0803 3628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:13:52.0805 3628 BrUsbMdm - ok
11:13:52.0812 3628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:13:52.0815 3628 BrUsbSer - ok
11:13:52.0836 3628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:13:52.0841 3628 BTHMODEM - ok
11:13:52.0866 3628 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:13:52.0871 3628 cdfs - ok
11:13:52.0897 3628 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:13:52.0904 3628 cdrom - ok
11:13:52.0930 3628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:13:52.0935 3628 circlass - ok
11:13:52.0962 3628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:13:52.0966 3628 CLFS - ok
11:13:53.0006 3628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:13:53.0009 3628 CmBatt - ok
11:13:53.0037 3628 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:13:53.0043 3628 cmdide - ok
11:13:53.0079 3628 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:13:53.0104 3628 CNG - ok
11:13:53.0123 3628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:13:53.0130 3628 Compbatt - ok
11:13:53.0145 3628 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:13:53.0149 3628 CompositeBus - ok
11:13:53.0233 3628 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
11:13:53.0257 3628 cpuz134 - ok
11:13:53.0285 3628 cpuz135 - ok
11:13:53.0306 3628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:13:53.0315 3628 crcdisk - ok
11:13:53.0357 3628 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:13:53.0368 3628 CSC - ok
11:13:53.0410 3628 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:13:53.0416 3628 DfsC - ok
11:13:53.0437 3628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:13:53.0441 3628 discache - ok
11:13:53.0464 3628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:13:53.0476 3628 Disk - ok
11:13:53.0528 3628 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:13:53.0539 3628 drmkaud - ok
11:13:53.0576 3628 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:13:53.0589 3628 DXGKrnl - ok
11:13:53.0692 3628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:13:53.0726 3628 ebdrv - ok
11:13:53.0735 3628 EIO64 - ok
11:13:53.0773 3628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:13:53.0781 3628 elxstor - ok
11:13:53.0805 3628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:13:53.0808 3628 ErrDev - ok
11:13:53.0835 3628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:13:53.0840 3628 exfat - ok
11:13:53.0858 3628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:13:53.0871 3628 fastfat - ok
11:13:53.0912 3628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:13:53.0919 3628 fdc - ok
11:13:53.0946 3628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:13:53.0963 3628 FileInfo - ok
11:13:53.0977 3628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:13:53.0985 3628 Filetrace - ok
11:13:54.0005 3628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:13:54.0008 3628 flpydisk - ok
11:13:54.0050 3628 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:13:54.0060 3628 FltMgr - ok
11:13:54.0082 3628 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:13:54.0087 3628 FsDepends - ok
11:13:54.0101 3628 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:13:54.0105 3628 Fs_Rec - ok
11:13:54.0153 3628 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:13:54.0202 3628 fvevol - ok
11:13:54.0222 3628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:13:54.0228 3628 gagp30kx - ok
11:13:54.0244 3628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:13:54.0249 3628 hcw85cir - ok
11:13:54.0292 3628 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:13:54.0315 3628 HdAudAddService - ok
11:13:54.0355 3628 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:13:54.0356 3628 HDAudBus - ok
11:13:54.0371 3628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:13:54.0379 3628 HidBatt - ok
11:13:54.0400 3628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:13:54.0405 3628 HidBth - ok
11:13:54.0427 3628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:13:54.0431 3628 HidIr - ok
11:13:54.0452 3628 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:13:54.0455 3628 HidUsb - ok
11:13:54.0480 3628 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:13:54.0485 3628 HpSAMD - ok
11:13:54.0544 3628 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:13:54.0559 3628 HTTP - ok
11:13:54.0586 3628 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:13:54.0597 3628 hwpolicy - ok
11:13:54.0625 3628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:13:54.0633 3628 i8042prt - ok
11:13:54.0670 3628 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:13:54.0677 3628 iaStorV - ok
11:13:54.0711 3628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:13:54.0720 3628 iirsp - ok
11:13:54.0896 3628 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
11:13:54.0914 3628 IntcAzAudAddService - ok
11:13:54.0966 3628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:13:54.0993 3628 intelide - ok
11:13:55.0020 3628 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:13:55.0025 3628 intelppm - ok
11:13:55.0056 3628 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:13:55.0072 3628 IpFilterDriver - ok
11:13:55.0110 3628 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:13:55.0115 3628 IPMIDRV - ok
11:13:55.0128 3628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:13:55.0133 3628 IPNAT - ok
11:13:55.0159 3628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:13:55.0162 3628 IRENUM - ok
11:13:55.0186 3628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:13:55.0190 3628 isapnp - ok
11:13:55.0203 3628 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:13:55.0210 3628 iScsiPrt - ok
11:13:55.0239 3628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:13:55.0243 3628 kbdclass - ok
11:13:55.0266 3628 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:13:55.0269 3628 kbdhid - ok
11:13:55.0314 3628 KoneFltr (b6d6f12c214de823fa22709f7bd0eb0b) C:\Windows\system32\drivers\Kone.sys
11:13:55.0320 3628 KoneFltr - ok
11:13:55.0343 3628 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:13:55.0349 3628 KSecDD - ok
11:13:55.0372 3628 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:13:55.0379 3628 KSecPkg - ok
11:13:55.0392 3628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:13:55.0396 3628 ksthunk - ok
11:13:55.0422 3628 LgBttPort - ok
11:13:55.0430 3628 lgbusenum - ok
11:13:55.0438 3628 LGVMODEM - ok
11:13:55.0477 3628 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:13:55.0482 3628 lltdio - ok
11:13:55.0513 3628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:13:55.0519 3628 LSI_FC - ok
11:13:55.0532 3628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:13:55.0538 3628 LSI_SAS - ok
11:13:55.0563 3628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:13:55.0568 3628 LSI_SAS2 - ok
11:13:55.0582 3628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:13:55.0588 3628 LSI_SCSI - ok
11:13:55.0611 3628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:13:55.0617 3628 luafv - ok
11:13:55.0629 3628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:13:55.0634 3628 megasas - ok
11:13:55.0654 3628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:13:55.0662 3628 MegaSR - ok
11:13:55.0757 3628 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:13:55.0770 3628 Modem - ok
11:13:55.0805 3628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:13:55.0806 3628 monitor - ok
11:13:55.0841 3628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:13:55.0846 3628 mouclass - ok
11:13:55.0874 3628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:13:55.0877 3628 mouhid - ok
11:13:55.0910 3628 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:13:55.0914 3628 mountmgr - ok
11:13:55.0929 3628 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:13:55.0947 3628 mpio - ok
11:13:55.0963 3628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:13:55.0973 3628 mpsdrv - ok
11:13:56.0002 3628 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:13:56.0030 3628 MRxDAV - ok
11:13:56.0061 3628 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:13:56.0067 3628 mrxsmb - ok
11:13:56.0109 3628 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:13:56.0133 3628 mrxsmb10 - ok
11:13:56.0150 3628 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:13:56.0155 3628 mrxsmb20 - ok
11:13:56.0192 3628 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:13:56.0196 3628 msahci - ok
11:13:56.0240 3628 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:13:56.0261 3628 msdsm - ok
11:13:56.0298 3628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:13:56.0301 3628 Msfs - ok
11:13:56.0317 3628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:13:56.0320 3628 mshidkmdf - ok
11:13:56.0350 3628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:13:56.0354 3628 msisadrv - ok
11:13:56.0395 3628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:13:56.0398 3628 MSKSSRV - ok
11:13:56.0416 3628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:13:56.0418 3628 MSPCLOCK - ok
11:13:56.0434 3628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:13:56.0437 3628 MSPQM - ok
11:13:56.0484 3628 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:13:56.0513 3628 MsRPC - ok
11:13:56.0536 3628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:13:56.0536 3628 mssmbios - ok
11:13:56.0543 3628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:13:56.0546 3628 MSTEE - ok
11:13:56.0560 3628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:13:56.0564 3628 MTConfig - ok
11:13:56.0598 3628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:13:56.0604 3628 Mup - ok
11:13:56.0667 3628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:13:56.0686 3628 NativeWifiP - ok
11:13:56.0784 3628 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:13:56.0802 3628 NDIS - ok
11:13:56.0819 3628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:13:56.0823 3628 NdisCap - ok
11:13:56.0839 3628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:13:56.0842 3628 NdisTapi - ok
11:13:56.0871 3628 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:13:56.0890 3628 Ndisuio - ok
11:13:56.0918 3628 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:13:56.0926 3628 NdisWan - ok
11:13:56.0956 3628 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:13:56.0961 3628 NDProxy - ok
11:13:56.0980 3628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:13:56.0984 3628 NetBIOS - ok
11:13:57.0016 3628 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:13:57.0025 3628 NetBT - ok
11:13:57.0065 3628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:13:57.0070 3628 nfrd960 - ok
11:13:57.0091 3628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:13:57.0095 3628 Npfs - ok
11:13:57.0111 3628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:13:57.0115 3628 nsiproxy - ok
11:13:57.0236 3628 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:13:57.0264 3628 Ntfs - ok
11:13:57.0277 3628 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:13:57.0280 3628 Null - ok
11:13:57.0308 3628 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:13:57.0315 3628 nvraid - ok
11:13:57.0334 3628 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:13:57.0341 3628 nvstor - ok
11:13:57.0387 3628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:13:57.0401 3628 nv_agp - ok
11:13:57.0439 3628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:13:57.0465 3628 ohci1394 - ok
11:13:57.0513 3628 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:13:57.0518 3628 Parport - ok
11:13:57.0542 3628 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:13:57.0569 3628 partmgr - ok
11:13:57.0616 3628 pccsmcfd - ok
11:13:57.0656 3628 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:13:57.0673 3628 pci - ok
11:13:57.0711 3628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:13:57.0715 3628 pciide - ok
11:13:57.0731 3628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:13:57.0749 3628 pcmcia - ok
11:13:57.0762 3628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:13:57.0767 3628 pcw - ok
11:13:57.0786 3628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:13:57.0802 3628 PEAUTH - ok
11:13:57.0854 3628 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:13:57.0859 3628 PptpMiniport - ok
11:13:57.0886 3628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:13:57.0891 3628 Processor - ok
11:13:57.0933 3628 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:13:57.0936 3628 Psched - ok
11:13:57.0998 3628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:13:58.0029 3628 ql2300 - ok
11:13:58.0056 3628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:13:58.0081 3628 ql40xx - ok
11:13:58.0123 3628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:13:58.0133 3628 QWAVEdrv - ok
11:13:58.0156 3628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:13:58.0158 3628 RasAcd - ok
11:13:58.0193 3628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:13:58.0198 3628 RasAgileVpn - ok
11:13:58.0238 3628 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:13:58.0258 3628 Rasl2tp - ok
11:13:58.0282 3628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:13:58.0288 3628 RasPppoe - ok
11:13:58.0297 3628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:13:58.0302 3628 RasSstp - ok
11:13:58.0335 3628 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:13:58.0345 3628 rdbss - ok
11:13:58.0365 3628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:13:58.0369 3628 rdpbus - ok
11:13:58.0382 3628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:13:58.0384 3628 RDPCDD - ok
11:13:58.0440 3628 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:13:58.0457 3628 RDPDR - ok
11:13:58.0494 3628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:13:58.0497 3628 RDPENCDD - ok
11:13:58.0512 3628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:13:58.0515 3628 RDPREFMP - ok
11:13:58.0551 3628 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:13:58.0558 3628 RDPWD - ok
11:13:58.0583 3628 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:13:58.0592 3628 rdyboost - ok
11:13:58.0630 3628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:13:58.0635 3628 rspndr - ok
11:13:58.0716 3628 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:13:58.0735 3628 RTL8167 - ok
11:13:58.0783 3628 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:13:58.0801 3628 s3cap - ok
11:13:58.0829 3628 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:13:58.0834 3628 sbp2port - ok
11:13:58.0881 3628 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:13:58.0884 3628 scfilter - ok
11:13:58.0904 3628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:13:58.0912 3628 secdrv - ok
11:13:58.0938 3628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:13:58.0941 3628 Serenum - ok
11:13:58.0954 3628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:13:58.0960 3628 Serial - ok
11:13:58.0986 3628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:13:58.0989 3628 sermouse - ok
11:13:59.0019 3628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:13:59.0022 3628 sffdisk - ok
11:13:59.0042 3628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:13:59.0045 3628 sffp_mmc - ok
11:13:59.0062 3628 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:13:59.0065 3628 sffp_sd - ok
11:13:59.0071 3628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:13:59.0074 3628 sfloppy - ok
11:13:59.0110 3628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:13:59.0115 3628 SiSRaid2 - ok
11:13:59.0134 3628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:13:59.0139 3628 SiSRaid4 - ok
11:13:59.0184 3628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:13:59.0189 3628 Smb - ok
11:13:59.0208 3628 speedfan - ok
11:13:59.0234 3628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:13:59.0238 3628 spldr - ok
11:13:59.0287 3628 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
11:13:59.0287 3628 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
11:13:59.0289 3628 sptd ( LockedFile.Multi.Generic ) - warning
11:13:59.0289 3628 sptd - detected LockedFile.Multi.Generic (1)
11:13:59.0322 3628 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:13:59.0330 3628 srv - ok
11:13:59.0343 3628 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:13:59.0353 3628 srv2 - ok
11:13:59.0360 3628 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:13:59.0366 3628 srvnet - ok
11:13:59.0403 3628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:13:59.0407 3628 stexstor - ok
11:13:59.0436 3628 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:13:59.0440 3628 storflt - ok
11:13:59.0464 3628 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:13:59.0474 3628 storvsc - ok
11:13:59.0499 3628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:13:59.0507 3628 swenum - ok
11:13:59.0698 3628 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:13:59.0732 3628 Tcpip - ok
11:13:59.0760 3628 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:13:59.0767 3628 TCPIP6 - ok
11:13:59.0789 3628 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:13:59.0793 3628 tcpipreg - ok
11:13:59.0811 3628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:13:59.0814 3628 TDPIPE - ok
11:13:59.0832 3628 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:13:59.0835 3628 TDTCP - ok
11:13:59.0863 3628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:13:59.0868 3628 tdx - ok
11:13:59.0893 3628 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:13:59.0896 3628 TermDD - ok
11:13:59.0975 3628 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
11:13:59.0978 3628 TFsExDisk - ok
11:14:00.0004 3628 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:14:00.0007 3628 tssecsrv - ok
11:14:00.0058 3628 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:14:00.0062 3628 TsUsbFlt - ok
11:14:00.0107 3628 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:14:00.0112 3628 tunnel - ok
11:14:00.0195 3628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:14:00.0244 3628 uagp35 - ok
11:14:00.0287 3628 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:14:00.0306 3628 udfs - ok
11:14:00.0371 3628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:14:00.0376 3628 uliagpkx - ok
11:14:00.0417 3628 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:14:00.0422 3628 umbus - ok
11:14:00.0444 3628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:14:00.0448 3628 UmPass - ok
11:14:00.0501 3628 usbbus (c85b8247fadd432fa54fe11667c8d97d) C:\Windows\system32\DRIVERS\lgx64bus.sys
11:14:00.0554 3628 usbbus - ok
11:14:00.0591 3628 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:14:00.0596 3628 usbccgp - ok
11:14:00.0638 3628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:14:00.0644 3628 usbcir - ok
11:14:00.0678 3628 UsbDiag (d8cdc12f5429878f23ddb3785a0fdf95) C:\Windows\system32\DRIVERS\lgx64diag.sys
11:14:00.0681 3628 UsbDiag - ok
11:14:00.0709 3628 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:14:00.0713 3628 usbehci - ok
11:14:00.0731 3628 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:14:00.0739 3628 usbhub - ok
11:14:00.0754 3628 USBModem (79fa7a22b0f6f0082f640cbc82a00fce) C:\Windows\system32\DRIVERS\lgx64modem.sys
11:14:00.0757 3628 USBModem - ok
11:14:00.0776 3628 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:14:00.0779 3628 usbohci - ok
11:14:00.0796 3628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:14:00.0803 3628 usbprint - ok
11:14:00.0846 3628 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:14:00.0855 3628 usbscan - ok
11:14:00.0884 3628 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:14:00.0897 3628 USBSTOR - ok
11:14:00.0921 3628 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:14:00.0924 3628 usbuhci - ok
11:14:00.0944 3628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:14:00.0949 3628 vdrvroot - ok
11:14:00.0981 3628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:14:00.0984 3628 vga - ok
11:14:01.0002 3628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:14:01.0005 3628 VgaSave - ok
11:14:01.0038 3628 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:14:01.0059 3628 vhdmp - ok
11:14:01.0076 3628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:14:01.0085 3628 viaide - ok
11:14:01.0117 3628 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:14:01.0136 3628 vmbus - ok
11:14:01.0161 3628 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:14:01.0168 3628 VMBusHID - ok
11:14:01.0205 3628 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:14:01.0232 3628 volmgr - ok
11:14:01.0279 3628 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:14:01.0316 3628 volmgrx - ok
11:14:01.0340 3628 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:14:01.0351 3628 volsnap - ok
11:14:01.0371 3628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:14:01.0377 3628 vsmraid - ok
11:14:01.0399 3628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:14:01.0403 3628 vwifibus - ok
11:14:01.0435 3628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:14:01.0479 3628 WacomPen - ok
11:14:01.0520 3628 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:14:01.0525 3628 WANARP - ok
11:14:01.0529 3628 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:14:01.0530 3628 Wanarpv6 - ok
11:14:01.0548 3628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:14:01.0552 3628 Wd - ok
11:14:01.0576 3628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:14:01.0637 3628 Wdf01000 - ok
11:14:01.0692 3628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:14:01.0694 3628 WfpLwf - ok
11:14:01.0719 3628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:14:01.0723 3628 WIMMount - ok
11:14:01.0805 3628 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:14:01.0837 3628 WinUsb - ok
11:14:01.0878 3628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:14:01.0881 3628 WmiAcpi - ok
11:14:01.0906 3628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:14:01.0910 3628 ws2ifsl - ok
11:14:01.0969 3628 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:14:01.0981 3628 WudfPf - ok
11:14:02.0037 3628 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:14:02.0052 3628 WUDFRd - ok
11:14:02.0121 3628 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
11:14:02.0141 3628 xnacc - ok
11:14:02.0170 3628 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
11:14:02.0175 3628 xusb21 - ok
11:14:02.0194 3628 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:14:02.0256 3628 \Device\Harddisk1\DR1 - ok
11:14:02.0273 3628 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:14:02.0278 3628 \Device\Harddisk0\DR0 - ok
11:14:02.0288 3628 Boot (0x1200) (23f67fea6f7a949bb1701eb5ac0cc823) \Device\Harddisk1\DR1\Partition0
11:14:02.0289 3628 \Device\Harddisk1\DR1\Partition0 - ok
11:14:02.0316 3628 Boot (0x1200) (1483c8c0ee12b6b6ea2ab41eeedf5d4c) \Device\Harddisk1\DR1\Partition1
11:14:02.0356 3628 \Device\Harddisk1\DR1\Partition1 - ok
11:14:02.0364 3628 Boot (0x1200) (b8914d1491fa4696f9755e5ef4dfdc7c) \Device\Harddisk0\DR0\Partition0
11:14:02.0367 3628 \Device\Harddisk0\DR0\Partition0 - ok
11:14:02.0368 3628 ============================================================
11:14:02.0368 3628 Scan finished
11:14:02.0368 3628 ============================================================
11:14:02.0379 1840 Detected object count: 1
11:14:02.0380 1840 Actual detected object count: 1
11:15:07.0726 1840 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:15:07.0726 1840 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
29.12.2011, 11:36
| #6 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Hi, ja... die bei Virustotal.com gescannte Datgei löschen... chris
__________________ --> tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen |
|
29.12.2011, 13:40
| #7 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Habe UltraSurf gelöscht. Ist das im Allgemeinen potentiell gefährlich oder lag es nur an der Herkunft der .exe? SASW-Log: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 12/29/2011 at 01:27 PM
Application Version : 5.0.1142
Core Rules Database Version : 8089
Trace Rules Database Version: 5901
Scan type : Complete Scan
Total Scan Time : 02:00:02
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 675
Memory threats detected : 0
Registry items scanned : 71044
Registry threats detected : 0
File items scanned : 188985
File threats detected : 224
Adware.Tracking Cookie
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\CUGQ7QBI.txt [ /ad.adnet.de ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\G6PZZ6JB.txt [ /bizzclick.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\SBO0T9FO.txt [ /findesop.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\6UYW2FT2.txt [ /ads.gamersmedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\B0VWSXZU.txt [ /tracking.mindshare.de ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\RHX08C7C.txt [ /adultfriendfinder.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DF2W5XV9.txt [ /ru4.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\PEJUPBWV.txt [ /advertise.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\9GU9P101.txt [ /tacoda.at.atwola.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4E6JH71P.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\65TROBVA.txt [ /content.yieldmanager.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\NEUJKXBS.txt [ /ad.adc-serv.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\LWCB81X1.txt [ /ads.pixfuture.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\JYBLZE0I.txt [ /media6degrees.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\AXN91MCF.txt [ /tracking.mlsat02.de ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\I2M2LGKK.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\WVAV14ES.txt [ /at.atwola.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\OLBHPF99.txt [ /adserver.eclickz.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4Y0GQXM4.txt [ /adxpose.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\3JHKWKUZ.txt [ /guj.122.2o7.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\HCPH6ABC.txt [ /ads.ad4game.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\S2BG0818.txt [ /interclick.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\ZSEBF10I.txt [ /myroitracking.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\P28D4K2Q.txt [ /ads.pubmatic.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\KML2CY69.txt [ /www.etracker.de ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\8JZ2OZNM.txt [ /findedclik.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\ZWMC3DQK.txt [ /casalemedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\ZZOQG6QU.txt [ /tracking.quisma.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\THEETCXT.txt [ /ads.creative-serving.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4DBF7GK8.txt [ /ad.360yield.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\9170WV6I.txt [ /ad.ad-srv.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\RXCYS5OF.txt [ /overture.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\0PU1DE9G.txt [ /adtech.de ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\EGKX03NH.txt [ /adbrite.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\ANTBMDHQ.txt [ /ads.adk2.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\U8LGI4TL.txt [ /mediaplex.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\20VI7K28.txt [ /webmasterplan.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\2HQJ65W8.txt [ /es.pornhub.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\1ROFF9UH.txt [ /www.usenext.de ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\I7MYCDRY.txt [ /trafficno.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\R1XB474P.txt [ /ox-d.enveromedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\HMLEGB4L.txt [ /zanox.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\QIKIOBAG.txt [ /fastclick.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\RC1J6MAW.txt [ /ads.247activemedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\VVCJM3AG.txt [ /cpcadnet.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\IBE617V4.txt [ /traffictrack.de ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DPYY6OS0.txt [ /tmtraffic.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\25USSAOX.txt [ /findsimle.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\A6QR9A0Z.txt [ /ad.adition.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\BRA7FPK0.txt [ /questionmarket.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\YR08GZKJ.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4G3L16TB.txt [ /my.enveromedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\IUC0OM8Z.txt [ /tradedoubler.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\2HS7E05I.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\3TDQGW05.txt [ /sysufind.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DHO4M4E3.txt [ /unitymedia.de ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\X3Z1SVPE.txt [ /adsrv1.admediate.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\BJI2B09G.txt [ /mediatraffic.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\5UX363EN.txt [ /adfarm1.adition.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\WMM0N3QH.txt [ /www.traffective-tracking.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\8RHDO4I7.txt [ /ad.zanox.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\QU0K4328.txt [ /pro-market.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\N5GO8TI2.txt [ /dephfind.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\SZAW9SCV.txt [ /adform.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\SB61XBFD.txt [ /trafficengine.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\2TS9REXX.txt [ /linksynergy.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\O49U62IO.txt [ /eas.apm.emediate.eu ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\5Q01B890.txt [ /fidelity.rotator.hadj7.adjuggler.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\W0O7JGF9.txt [ /track.effiliation.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\OUSZBFUA.txt [ /server.cpmstar.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\FW77U9UI.txt [ /www.cpcadnet.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\F0WL2BOE.txt [ /ads.weboost.it ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\12N9VINH.txt [ /atdmt.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\G3KAPO18.txt [ /revsci.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\Q98QDGAR.txt [ /serving-sys.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\JKA1BROV.txt [ /aim4media.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\ESFU1GB4.txt [ /track.adform.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DJHS1PGM.txt [ /ww251.smartadserver.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\H6YD78VE.txt [ /yieldmanager.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\KKYWJ5AV.txt [ /collective-media.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\XANY65VK.txt [ /doubleclick.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\3QTFFVTW.txt [ /specificclick.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\3ULSX9QT.txt [ /ad.yieldmanager.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\G1Y82H1R.txt [ /mellfind.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\L4FE4C1I.txt [ /lokyfind.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\XVZU7NJA.txt [ /filescanner.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\QQYSNANX.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\1DX9NOG6.txt [ /accounts.google.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\CCXSUN5N.txt [ /xm.xtendmedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\PRK139BS.txt [ /accounts.google.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\MTT5HTS6.txt [ /harrenmedianetwork.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\UUUCYPV5.txt [ /track.effiliation.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\LT60WBAZ.txt [ /ads.cnn.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4PTMKGH4.txt [ /mifind.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\F6N0UX24.txt [ /smartadserver.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\00VVE8TI.txt [ /advertising.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\FBYOKLLQ.txt [ /invitemedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\A424283N.txt [ /zieltrack.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\Y54VD4PA.txt [ /apmebf.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\2GD8DZCP.txt [ /xml.trafficengine.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\9W1SZ1JJ.txt [ /realmedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\6I28UOQF.txt [ /imrworldwide.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\GGMMY4G8.txt [ /ad.jokeroo.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\G28L4EH4.txt [ /clicksor.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\5YF26MS1.txt [ /intfind.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\CQG4T5UT.txt [ /r1-ads.ace.advertising.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\8WGKGYXJ.txt [ /clickfuse.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\KO6U0KKT.txt [ /ads.lzjl.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\FTAGFFSQ.txt [ /bizrate.co.uk ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\826JX6T9.txt [ /openx1.overadmedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\W764HUIM.txt [ /statcounter.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\9UIW105V.txt [ /pornhub.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4NZL9VR0.txt [ /clicks.thespecialsearch.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\O43XOSV8.txt [ /friendfinder.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\89D8EEKC.txt [ /klpfind.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\VEV7ARLX.txt [ /realyfinded.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\BLDQPEMV.txt [ /ads2.zeusclicks.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\49X4EPP2.txt [ /www.pornhub.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DJ6E3831.txt [ /content.yieldmanager.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\1POAS9Z5.txt [ /gostats.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\PQ3L7OFO.txt [ /ads.crakmedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\D4ZL59JY.txt [ /bs.serving-sys.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DQFBEI03.txt [ /adjuggler.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\WEQK1Y6Y.txt [ /zanox-affiliate.de ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\294HPVUY.txt [ /mm.chitika.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\54U4BTTI.txt [ /ads.cpxcenter.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\8NIGNZS1.txt [ /im.banner.t-online.de ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\D2484VS5.txt [ /tribalfusion.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\P1UXY3V6.txt [ /it.pornhub.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\YCOHKLDI.txt [ /beta-ads.ace.advertising.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\K297DI4I.txt [ /adserver2.eclickz.com ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\03816VDE.txt [ Cookie:johannes@www.videobash.com/toplist/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\NIR32IEL.txt [ Cookie:johannes@google.com/accounts/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\725X5UPN.txt [ Cookie:johannes@google.com/accounts/recovery/ ]
C:\USERS\JOHANNES\Cookies\CUGQ7QBI.txt [ Cookie:johannes@ad.adnet.de/ ]
C:\USERS\JOHANNES\Cookies\G6PZZ6JB.txt [ Cookie:johannes@bizzclick.com/ ]
C:\USERS\JOHANNES\Cookies\6UYW2FT2.txt [ Cookie:johannes@ads.gamersmedia.com/ ]
C:\USERS\JOHANNES\Cookies\B0VWSXZU.txt [ Cookie:johannes@tracking.mindshare.de/ ]
C:\USERS\JOHANNES\Cookies\RHX08C7C.txt [ Cookie:johannes@adultfriendfinder.com/ ]
C:\USERS\JOHANNES\Cookies\DF2W5XV9.txt [ Cookie:johannes@ru4.com/ ]
C:\USERS\JOHANNES\Cookies\PEJUPBWV.txt [ Cookie:johannes@advertise.com/ ]
C:\USERS\JOHANNES\Cookies\03816VDE.txt [ Cookie:johannes@www.videobash.com/toplist/ ]
C:\USERS\JOHANNES\Cookies\65TROBVA.txt [ Cookie:johannes@content.yieldmanager.com/ak/ ]
C:\USERS\JOHANNES\Cookies\JYBLZE0I.txt [ Cookie:johannes@media6degrees.com/ ]
C:\USERS\JOHANNES\Cookies\WVAV14ES.txt [ Cookie:johannes@at.atwola.com/ ]
C:\USERS\JOHANNES\Cookies\OLBHPF99.txt [ Cookie:johannes@adserver.eclickz.com/ ]
C:\USERS\JOHANNES\Cookies\3JHKWKUZ.txt [ Cookie:johannes@guj.122.2o7.net/ ]
C:\USERS\JOHANNES\Cookies\S2BG0818.txt [ Cookie:johannes@interclick.com/ ]
C:\USERS\JOHANNES\Cookies\ZSEBF10I.txt [ Cookie:johannes@myroitracking.com/ ]
C:\USERS\JOHANNES\Cookies\8JZ2OZNM.txt [ Cookie:johannes@findedclik.com/ ]
C:\USERS\JOHANNES\Cookies\ZWMC3DQK.txt [ Cookie:johannes@casalemedia.com/ ]
C:\USERS\JOHANNES\Cookies\RXCYS5OF.txt [ Cookie:johannes@overture.com/ ]
C:\USERS\JOHANNES\Cookies\0PU1DE9G.txt [ Cookie:johannes@adtech.de/ ]
C:\USERS\JOHANNES\Cookies\EGKX03NH.txt [ Cookie:johannes@adbrite.com/ ]
C:\USERS\JOHANNES\Cookies\NIR32IEL.txt [ Cookie:johannes@google.com/accounts/ ]
C:\USERS\JOHANNES\Cookies\U8LGI4TL.txt [ Cookie:johannes@mediaplex.com/ ]
C:\USERS\JOHANNES\Cookies\20VI7K28.txt [ Cookie:johannes@webmasterplan.com/ ]
C:\USERS\JOHANNES\Cookies\1ROFF9UH.txt [ Cookie:johannes@www.usenext.de/ ]
C:\USERS\JOHANNES\Cookies\HMLEGB4L.txt [ Cookie:johannes@zanox.com/ ]
C:\USERS\JOHANNES\Cookies\VVCJM3AG.txt [ Cookie:johannes@cpcadnet.com/ ]
C:\USERS\JOHANNES\Cookies\IBE617V4.txt [ Cookie:johannes@traffictrack.de/ ]
C:\USERS\JOHANNES\Cookies\DPYY6OS0.txt [ Cookie:johannes@tmtraffic.com/ ]
C:\USERS\JOHANNES\Cookies\25USSAOX.txt [ Cookie:johannes@findsimle.com/ ]
C:\USERS\JOHANNES\Cookies\4G3L16TB.txt [ Cookie:johannes@my.enveromedia.com/ ]
C:\USERS\JOHANNES\Cookies\IUC0OM8Z.txt [ Cookie:johannes@tradedoubler.com/ ]
C:\USERS\JOHANNES\Cookies\2HS7E05I.txt [ Cookie:johannes@ad2.adfarm1.adition.com/ ]
C:\USERS\JOHANNES\Cookies\DHO4M4E3.txt [ Cookie:johannes@unitymedia.de/ ]
C:\USERS\JOHANNES\Cookies\X3Z1SVPE.txt [ Cookie:johannes@adsrv1.admediate.com/ ]
C:\USERS\JOHANNES\Cookies\5UX363EN.txt [ Cookie:johannes@adfarm1.adition.com/ ]
C:\USERS\JOHANNES\Cookies\8RHDO4I7.txt [ Cookie:johannes@ad.zanox.com/ ]
C:\USERS\JOHANNES\Cookies\QU0K4328.txt [ Cookie:johannes@pro-market.net/ ]
C:\USERS\JOHANNES\Cookies\N5GO8TI2.txt [ Cookie:johannes@dephfind.com/ ]
C:\USERS\JOHANNES\Cookies\SB61XBFD.txt [ Cookie:johannes@trafficengine.net/ ]
C:\USERS\JOHANNES\Cookies\2TS9REXX.txt [ Cookie:johannes@linksynergy.com/ ]
C:\USERS\JOHANNES\Cookies\O49U62IO.txt [ Cookie:johannes@eas.apm.emediate.eu/ ]
C:\USERS\JOHANNES\Cookies\W0O7JGF9.txt [ Cookie:johannes@track.effiliation.com/ ]
C:\USERS\JOHANNES\Cookies\OUSZBFUA.txt [ Cookie:johannes@server.cpmstar.com/ ]
C:\USERS\JOHANNES\Cookies\FW77U9UI.txt [ Cookie:johannes@www.cpcadnet.com/track/ ]
C:\USERS\JOHANNES\Cookies\G3KAPO18.txt [ Cookie:johannes@revsci.net/ ]
C:\USERS\JOHANNES\Cookies\Q98QDGAR.txt [ Cookie:johannes@serving-sys.com/ ]
C:\USERS\JOHANNES\Cookies\JKA1BROV.txt [ Cookie:johannes@aim4media.com/ ]
C:\USERS\JOHANNES\Cookies\ESFU1GB4.txt [ Cookie:johannes@track.adform.net/ ]
C:\USERS\JOHANNES\Cookies\DJHS1PGM.txt [ Cookie:johannes@ww251.smartadserver.com/ ]
C:\USERS\JOHANNES\Cookies\H6YD78VE.txt [ Cookie:johannes@yieldmanager.net/ ]
C:\USERS\JOHANNES\Cookies\KKYWJ5AV.txt [ Cookie:johannes@collective-media.net/ ]
C:\USERS\JOHANNES\Cookies\XANY65VK.txt [ Cookie:johannes@doubleclick.net/ ]
C:\USERS\JOHANNES\Cookies\3QTFFVTW.txt [ Cookie:johannes@specificclick.net/ ]
C:\USERS\JOHANNES\Cookies\3ULSX9QT.txt [ Cookie:johannes@ad.yieldmanager.com/ ]
C:\USERS\JOHANNES\Cookies\L4FE4C1I.txt [ Cookie:johannes@lokyfind.com/ ]
C:\USERS\JOHANNES\Cookies\XVZU7NJA.txt [ Cookie:johannes@filescanner.net/ ]
C:\USERS\JOHANNES\Cookies\QQYSNANX.txt [ Cookie:johannes@vidasco.rotator.hadj7.adjuggler.net/ ]
C:\USERS\JOHANNES\Cookies\1DX9NOG6.txt [ Cookie:johannes@accounts.google.com/intl/en/ ]
C:\USERS\JOHANNES\Cookies\MTT5HTS6.txt [ Cookie:johannes@harrenmedianetwork.com/ ]
C:\USERS\JOHANNES\Cookies\UUUCYPV5.txt [ Cookie:johannes@track.effiliation.com/servlet/ ]
C:\USERS\JOHANNES\Cookies\4PTMKGH4.txt [ Cookie:johannes@mifind.net/ ]
C:\USERS\JOHANNES\Cookies\F6N0UX24.txt [ Cookie:johannes@smartadserver.com/ ]
C:\USERS\JOHANNES\Cookies\00VVE8TI.txt [ Cookie:johannes@advertising.com/ ]
C:\USERS\JOHANNES\Cookies\FBYOKLLQ.txt [ Cookie:johannes@invitemedia.com/ ]
C:\USERS\JOHANNES\Cookies\Y54VD4PA.txt [ Cookie:johannes@apmebf.com/ ]
C:\USERS\JOHANNES\Cookies\2GD8DZCP.txt [ Cookie:johannes@xml.trafficengine.net/ ]
C:\USERS\JOHANNES\Cookies\G28L4EH4.txt [ Cookie:johannes@clicksor.com/ ]
C:\USERS\JOHANNES\Cookies\5YF26MS1.txt [ Cookie:johannes@intfind.net/ ]
C:\USERS\JOHANNES\Cookies\8WGKGYXJ.txt [ Cookie:johannes@clickfuse.com/ ]
C:\USERS\JOHANNES\Cookies\826JX6T9.txt [ Cookie:johannes@openx1.overadmedia.com/ ]
C:\USERS\JOHANNES\Cookies\W764HUIM.txt [ Cookie:johannes@statcounter.com/ ]
C:\USERS\JOHANNES\Cookies\9UIW105V.txt [ Cookie:johannes@pornhub.com/ ]
C:\USERS\JOHANNES\Cookies\O43XOSV8.txt [ Cookie:johannes@friendfinder.com/ ]
C:\USERS\JOHANNES\Cookies\89D8EEKC.txt [ Cookie:johannes@klpfind.com/ ]
C:\USERS\JOHANNES\Cookies\VEV7ARLX.txt [ Cookie:johannes@realyfinded.com/ ]
C:\USERS\JOHANNES\Cookies\49X4EPP2.txt [ Cookie:johannes@www.pornhub.com/ ]
C:\USERS\JOHANNES\Cookies\DJ6E3831.txt [ Cookie:johannes@content.yieldmanager.com/ ]
C:\USERS\JOHANNES\Cookies\1POAS9Z5.txt [ Cookie:johannes@gostats.com/ ]
C:\USERS\JOHANNES\Cookies\PQ3L7OFO.txt [ Cookie:johannes@ads.crakmedia.com/ ]
C:\USERS\JOHANNES\Cookies\D4ZL59JY.txt [ Cookie:johannes@bs.serving-sys.com/ ]
C:\USERS\JOHANNES\Cookies\DQFBEI03.txt [ Cookie:johannes@adjuggler.net/ ]
C:\USERS\JOHANNES\Cookies\725X5UPN.txt [ Cookie:johannes@google.com/accounts/recovery/ ]
C:\USERS\JOHANNES\Cookies\WEQK1Y6Y.txt [ Cookie:johannes@zanox-affiliate.de/ ]
C:\USERS\JOHANNES\Cookies\8NIGNZS1.txt [ Cookie:johannes@im.banner.t-online.de/ ]
C:\USERS\JOHANNES\Cookies\D2484VS5.txt [ Cookie:johannes@tribalfusion.com/ ]
C:\USERS\JOHANNES\Cookies\P1UXY3V6.txt [ Cookie:johannes@it.pornhub.com/ ]
C:\USERS\JOHANNES\Cookies\K297DI4I.txt [ Cookie:johannes@adserver2.eclickz.com/ ]
Heur.Agent/Gen-WhiteBox
ZIP ARCHIVE( D:\DOWNLOADS\MEMTEST86+-4.10.USB.INSTALLER.ZIP )/MEMTEST86+ 4.10 USB INSTALLER.EXE
D:\DOWNLOADS\MEMTEST86+-4.10.USB.INSTALLER.ZIP
Trojan.Agent/Gen-SoftonicDownloader
D:\DOWNLOADS\SOFTONICDOWNLOADER_FUER_SCAN2PDF.EXE
|
|
29.12.2011, 14:14
| #8 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Hi, beides... Wie verhält sich der Rechner? Noch Auffälligkeiten? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
29.12.2011, 14:28
| #9 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Hi Sieht soweit ganz gut aus (Tabs öffnen sich nicht mehr). Was genau war das für ein Virus? Muss ich jetzt irgendetwas befürchten? mbam findet aber immer noch diesen Eintrag: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.29.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Johannes :: JOE [Administrator] 29.12.2011 14:18:25 mbam-log-2011-12-29 (14-18-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 175817 Laufzeit: 2 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Johannes\AppData\Local\2bde10f3\X -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
29.12.2011, 15:12
| #10 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Hi, diesen Eintrag habe ich auch schon mit OTL gefixt, es ist also immer noch was da, was ihn immer wieder erstellt... Bitte MAM updaten und Fullscan, Log posten... Bitte neues OTL-Log... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
29.12.2011, 17:45
| #11 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Hi, Beim 2. Druchlauf hat mbam nicht mehr gefunden. Hier die OLT Logs: Code:
ATTFilter OTL logfile created on: 29.12.2011 15:31:51 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Johannes\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 41,49% Memory free 8,00 Gb Paging File | 5,07 Gb Available in Paging File | 63,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 500,00 Gb Total Space | 373,72 Gb Free Space | 74,74% Space Free | Partition Type: NTFS Drive D: | 1363,01 Gb Total Space | 567,55 Gb Free Space | 41,64% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 465,38 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Computer Name: JOE | User Name: Johannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Tuning\AMD Overdrive\AODAssist.exe () PRC - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\0k9685op.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko8\WINNT_x86-msvc\SSSLauncher.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzvbi_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libx264_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_rtp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_raop_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_sdl_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtwolame_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libts_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_transcode_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvisual_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvod_rtsp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwingdi_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libty_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubtitle_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvcd_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubsdec_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvobsub_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubsusf_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_record_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvideo_filter_wrapper_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtransform_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_standard_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwav_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwall_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvoc_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_smem_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvmem_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxtag_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuv_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtta_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwave_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvc1_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_gather_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxa_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libt140_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libremoteosd_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librtp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsdl_image_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspatializer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsap_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libreal_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librss_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscreen_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_bridge_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspudec_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_es_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsmf_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librotate_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawvid_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscene_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libquicktime_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_duplicate_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librealvideo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstats_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawdv_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawaud_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_display_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsharpen_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libripple_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawvideo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_autodel_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librv32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_description_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspdif_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_dummy_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libprojectm_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmkv_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmod_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_ts_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liboldhttp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpc_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_ps_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libportaudio_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libogg_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpostproc_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liboldrc_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpanoramix_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_ogg_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_mp4_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_asf_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libps_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmosaic_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_dirac_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libosd_parser_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_vc1_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liboldtelnet_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnuv_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_avi_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpegvideo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmotiondetect_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4video_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_flac_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpuzzle_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mlp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libosdmenu_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpodcast_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpva_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libntservice_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnsv_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libparam_eq_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnetsync_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpsychedelic_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_copy_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnsc_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnormvol_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_wav_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmsn_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmotionblur_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnoise_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_mpjpeg_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_dummy_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgv_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgnutls_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblive555_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgme_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgoom_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libkate_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglwin32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgradient_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblogo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmarq_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmagnify_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libheadphone_channel_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgestures_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmirror_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmediadirs_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmjpeg_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblogger_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpy3dn_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libinvmem_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrain_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libh264_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libinvert_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirac_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdread_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvbsub_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdeinterlace_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdmo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcrop_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libequalizer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflacsys_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libes_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libextract_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdummy_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libexport_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcvdsub_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcroppadd_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liberase_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgaussianblur_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdemuxdump_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdemux_cdg_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfolder_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcaca_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_sdl_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libatmo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbda_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdda_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libasf_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudiobargraph_v_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libadjust_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libball_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudioscrobbler_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcc_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libadpcm_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudiobargraph_a_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libchorus_flanger_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbluescreen_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcanvas_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libblendbench_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcolorthres_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_file_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaiff_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libclone_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libalphamask_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libchain_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_udp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libau_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_shout_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_http_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_mms_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_realrtsp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_imem_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_ftp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_udp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_http_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_smb_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_fake_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_file_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_tcp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_attachment_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_dummy_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AODService) -- C:\Program Files (x86)\Tuning\AMD Overdrive\AODAssist.exe () SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.) DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.) DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.) DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (AODDriver4.01) -- C:\Program Files (x86)\Tuning\AMD Overdrive\amd64\AODDriver2.sys (Advanced Micro Devices) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 0B 82 1E F8 BF CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://www.hsv.de/index.php?id=16043" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 19:50:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 19:50:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.29 08:39:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.28 21:49:53 | 000,000,000 | ---D | M] [2011.03.30 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions [2011.03.30 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.27 11:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions [2011.12.16 22:44:15 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.12.21 20:53:13 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2011.05.15 09:25:16 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.12.21 20:53:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\firefox@tvunetworks.com [2010.12.21 20:53:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\moveplayer@movenetworks.com [2011.04.02 17:42:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\vshare@toolbar [2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\0k9685op.default\searchplugins\conduit.xml [2011.11.29 08:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI [2011.11.29 08:39:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.12.22 15:57:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E578DDC-AFD0-42A7-B617-DDBB64557420}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{cd6a2aeb-0d4e-11e0-867e-6c626d85fadc}\Shell - "" = AutoRun O33 - MountPoints2\{cd6a2aeb-0d4e-11e0-867e-6c626d85fadc}\Shell\AutoRun\command - "" = L:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.29 11:22:38 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\SUPERAntiSpyware.com [2011.12.29 11:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.12.29 11:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.12.29 11:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.12.29 11:12:26 | 000,000,000 | ---D | C] -- C:\TDSS [2011.12.29 11:01:52 | 000,000,000 | ---D | C] -- C:\_OTL [2011.12.28 23:16:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2011.12.14 09:24:25 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.14 09:24:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.14 09:24:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.14 09:24:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.14 09:24:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.14 09:24:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.14 09:24:23 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.12.14 09:24:23 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.12.14 09:24:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.12.14 09:24:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.12.14 09:24:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.12.14 09:22:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.14 09:21:53 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.14 09:21:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.12 22:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.12.12 22:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011.12.12 22:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.12.09 16:11:52 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Sky [2011.12.08 20:08:50 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\2011_12_08 [2011.12.08 00:39:26 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Tor [2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle [2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle [2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Vidalia [2011.12.08 00:37:03 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor [2011.12.08 00:12:47 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\utmp ========== Files - Modified Within 30 Days ========== [2011.12.29 13:40:26 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.29 13:40:26 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.29 13:37:31 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.29 13:37:31 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.29 13:37:31 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.29 13:37:31 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.29 13:37:31 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.29 13:33:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.29 13:33:03 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2011.12.29 11:21:44 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.12.29 10:43:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.12.28 23:16:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2011.12.28 17:45:11 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.27 22:42:01 | 000,538,052 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_3.JPG [2011.12.27 22:41:57 | 000,569,812 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_2.JPG [2011.12.27 22:41:54 | 000,565,191 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_1.JPG [2011.12.27 22:41:50 | 000,572,077 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_3.jpg [2011.12.27 22:41:47 | 000,511,469 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_2.jpg [2011.12.27 22:41:45 | 000,568,741 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_1.JPG [2011.12.21 16:49:03 | 000,000,600 | ---- | M] () -- C:\Users\Johannes\PUTTY.RND [2011.12.20 19:36:53 | 000,139,966 | ---- | M] () -- C:\Users\Johannes\Desktop\Targobank.pdf [2011.12.20 15:16:00 | 000,000,213 | ---- | M] () -- C:\Users\Johannes\Desktop\u.ini [2011.12.14 15:59:31 | 000,339,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.08 19:44:19 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.06 23:40:50 | 001,671,629 | ---- | M] () -- C:\Users\Johannes\Desktop\Marktuebersicht_CI+_geeigneter_Empfangsgeraete.pdf [2011.12.03 10:39:59 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2011.12.29 11:21:44 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.12.28 17:45:11 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.27 22:42:01 | 000,538,052 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_3.JPG [2011.12.27 22:41:57 | 000,569,812 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_2.JPG [2011.12.27 22:41:54 | 000,565,191 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_1.JPG [2011.12.27 22:41:50 | 000,572,077 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_3.jpg [2011.12.27 22:41:47 | 000,511,469 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_2.jpg [2011.12.27 22:41:45 | 000,568,741 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_1.JPG [2011.12.20 19:36:53 | 000,139,966 | ---- | C] () -- C:\Users\Johannes\Desktop\Targobank.pdf [2011.12.08 00:20:40 | 000,000,213 | ---- | C] () -- C:\Users\Johannes\Desktop\u.ini [2011.12.08 00:08:07 | 000,000,600 | ---- | C] () -- C:\Users\Johannes\PUTTY.RND [2011.12.06 23:40:50 | 001,671,629 | ---- | C] () -- C:\Users\Johannes\Desktop\Marktuebersicht_CI+_geeigneter_Empfangsgeraete.pdf [2011.12.03 10:39:59 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.18 18:04:04 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.09.20 18:28:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.09.20 18:28:58 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.09.02 12:42:42 | 000,000,843 | ---- | C] () -- C:\Windows\wiso.ini [2011.07.17 22:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.05.16 07:30:28 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.26 12:19:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.01.26 20:21:26 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\AppData\Local\STAR.trace [2011.01.26 13:56:35 | 000,003,278 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\SerialClonerPrefs [2010.12.27 15:31:39 | 000,000,017 | ---- | C] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg [2010.12.22 17:45:19 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.12.21 21:29:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.12.2011 15:31:51 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Johannes\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 41,49% Memory free
8,00 Gb Paging File | 5,07 Gb Available in Paging File | 63,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 500,00 Gb Total Space | 373,72 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Drive D: | 1363,01 Gb Total Space | 567,55 Gb Free Space | 41,64% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,38 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Computer Name: JOE | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10ADF519-706B-6EC7-A1A7-A2580D920457}" = AMD Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{2AF2EABE-CF18-CACB-E57C-A4902A3C36C8}" = AMD Media Foundation Decoders
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C95F41B-70D9-7EF8-BC80-B1C896B5B747}" = AMD Fuel
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D79C2CD4-7BCC-60AC-76C9-834CEEF1CDBE}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.00 Beta 3 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1DA27F36-93EB-E82F-2DA3-48F13C0153CD}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{330D5210-3C4F-E632-2714-BE23C7C10B9F}" = Catalyst Control Center Graphics Previews Common
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{43544FB5-BC1D-939A-7FDA-F7F3E5AEC35B}" = AMD VISION Engine Control Center
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F6F7929-56E8-4FAE-92A8-6B86108D07C1}" = LG United Mobile Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{78D2854E-5DBF-11E7-B41F-47D203C8ED66}" = CCC Help English
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5676-5A64-A00000000003}" = Adobe Reader Extended Language Support Font Pack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{DAD5AC93-8518-4F46-A5FE-E63FEE791B6F}" = AMD OverDrive
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Afterburner" = MSI Afterburner 2.0.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"Core Damage 0.8h" = Core Damage 0.8h
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DivX Setup.divx.com" = DivX-Setup
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Fraps" = Fraps
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Mafia II_is1" = Mafia II DLC Joe's Adventures
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"Postal 2_is1" = Portal 2
"PyMOL" = PyMOL
"SopCast" = SopCast 3.3.2
"SpeedFan" = SpeedFan (remove only)
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 33230" = Assassin's Creed II
"Tor" = Tor 0.2.2.34
"Veetle TV" = Veetle TV 0.9.18
"Vidalia" = Vidalia 0.2.15
"VLC media player" = VLC media player 1.1.11
"xvid" = XviD MPEG-4 Video Codec
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3029
Description =
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3028
Description =
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3058
Description =
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 7010
Description =
Error - 07.12.2011 19:16:56 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm U1103.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1154 Startzeit:
01ccb535bb52298e Endzeit: 5 Anwendungspfad: C:\Users\Johannes\Desktop\U1103.exe Berichts-ID:
8bfa7f7e-2129-11e1-ae48-6c626d85fadc
Error - 07.12.2011 19:18:33 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm U1103.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4cc Startzeit:
01ccb5365bb08003 Endzeit: 16 Anwendungspfad: C:\Users\Johannes\Desktop\U1103.exe Berichts-ID:
c5efef55-2129-11e1-ae48-6c626d85fadc
Error - 11.12.2011 17:54:37 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 624 Startzeit:
01ccb796e716a229 Endzeit: 41 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
Error - 19.12.2011 17:51:40 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e0c Startzeit:
01ccbe186f0fda78 Endzeit: 18 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
9e928b07-2a8b-11e1-8dcb-6c626d85fadc
Error - 28.12.2011 09:20:56 | Computer Name = Joe | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000070a02ad000
ID
des fehlerhaften Prozesses: 0x738 Startzeit der fehlerhaften Anwendung: 0x01ccc563159d8383
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: c5c780a5-3156-11e1-817f-6c626d85fadc
Error - 28.12.2011 12:19:56 | Computer Name = Joe | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.51.0.1118, Zeitstempel:
0x4e5e8e67 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x61746144 ID des fehlerhaften Prozesses:
0xb50 Startzeit der fehlerhaften Anwendung: 0x01ccc57c842cf7ad Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: c72e6532-316f-11e1-817f-6c626d85fadc
[ System Events ]
Error - 27.12.2011 06:20:13 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 27.12.2011 17:58:40 | Computer Name = Joe | Source = DCOM | ID = 10010
Description =
Error - 28.12.2011 08:43:59 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 28.12.2011 08:55:49 | Computer Name = Joe | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 28.12.2011 20:08:14 | Computer Name = Joe | Source = DCOM | ID = 10010
Description =
Error - 29.12.2011 05:40:47 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 29.12.2011 06:03:24 | Computer Name = Joe | Source = DCOM | ID = 10010
Description =
Error - 29.12.2011 06:05:18 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 29.12.2011 08:32:15 | Computer Name = Joe | Source = DCOM | ID = 10010
Description =
Error - 29.12.2011 08:34:08 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
|
|
29.12.2011, 17:55
| #12 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Hi, das sieht jetzt ok aus... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
29.12.2011, 17:57
| #13 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Vielen Dank für deine Hilfe! Wäre es möglich den Thread zu löschen? Muss ja nicht meine Logs sehen... |
|
29.12.2011, 18:27
| #14 |
| | tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen Hi, ist nicht üblich, musst Du einen Admin (Da Guru) fragen... Ich würde abschließen noch Dr. Web scannen lassen... Cureit Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen |
| 'tr/atraps.gen2', 64-bit, 800000cb.@, appdata, aufsetzen, automatisch, avira, avira meldung, backdoor.agent, datei, entfernen, gen, löschen, microsoft, neu, nicht mehr, ordner, programm, scan, sich automatisch, software, system, system neu, tab, tabs öffnen, tr/atraps.gen, trojan, unerwünschtes programm, virus, windows, zugriff, öffnen, öffnet |
Linear-Darstellung
