| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weiterleitung auf Bigpoint.de - Browser sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.02.2012, 22:58
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Weiterleitung auf Bigpoint.de - Browser sehr langsam Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.02.2012, 12:39
| #17 |
 | Weiterleitung auf Bigpoint.de - Browser sehr langsam Mein Browser ist nach dem Durchlauf deutlich schneller
__________________Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-14 11:47:23
-----------------------------
11:47:23.437 OS Version: Windows x64 6.1.7601 Service Pack 1
11:47:23.437 Number of processors: 4 586 0x402
11:47:23.437 ComputerName: NICOLEBUTZ-PC UserName: NB
11:47:25.562 Initialize success
11:48:06.835 AVAST engine defs: 12021302
11:48:13.085 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:48:13.085 Disk 0 Vendor: ST31500541AS CC34 Size: 1430799MB BusType: 3
11:48:13.117 Disk 0 MBR read successfully
11:48:13.117 Disk 0 MBR scan
11:48:13.117 Disk 0 Windows 7 default MBR code
11:48:13.132 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:48:13.148 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 499899 MB offset 206848
11:48:13.164 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 500000 MB offset 1024000000
11:48:13.164 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 430798 MB offset 2048000000
11:48:13.179 Service scanning
11:48:16.710 Modules scanning
11:48:16.710 Disk 0 trace - called modules:
11:48:16.726 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:48:16.726 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049a1060]
11:48:16.742 3 CLASSPNP.SYS[fffff8800196d43f] -> nt!IofCallDriver -> [0xfffffa80044fd940]
11:48:16.742 5 ACPI.sys[fffff88000e7f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004991060]
11:48:19.429 AVAST engine scan C:\Windows
11:48:23.070 AVAST engine scan C:\Windows\system32
11:51:39.664 AVAST engine scan C:\Windows\system32\drivers
11:51:49.132 AVAST engine scan C:\Users\NB
12:05:40.502 AVAST engine scan C:\ProgramData
12:06:31.721 Scan finished successfully
12:08:51.971 Disk 0 MBR has been saved successfully to "C:\Users\NB\Desktop\MBR.dat"
12:08:51.971 The log file has been saved successfully to "C:\Users\NB\Desktop\aswMBR.txt"
|
|
14.02.2012, 15:04
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf Bigpoint.de - Browser sehr langsam Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
__________________Denk dran beide Tools zu updaten vor dem Scan!!
__________________ |
|
14.02.2012, 19:22
| #19 |
| | Weiterleitung auf Bigpoint.de - Browser sehr langsam Das Log von Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.14.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Nicole Butz :: NB-PC [Administrator] 14.02.2012 15:37:20 mbam-log-2012-02-14 (15-37-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 480490 Laufzeit: 1 Stunde(n), 10 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\02122012_180147\C_Program Files (x86)\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/14/2012 at 07:17 PM
Application Version : 5.0.1144
Core Rules Database Version : 8237
Trace Rules Database Version: 6049
Scan type : Complete Scan
Total Scan Time : 01:47:24
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 758
Memory threats detected : 0
Registry items scanned : 65531
Registry threats detected : 2
File items scanned : 236852
File threats detected : 147
Browser Hijacker.Deskbar
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
Adware.Tracking Cookie
C:\Users\NB\AppData\Roaming\Microsoft\Windows\Cookies\V0D7I2MZ.txt [ /c.atdmt.com ]
C:\Users\NB\AppData\Roaming\Microsoft\Windows\Cookies\5T3IOT7C.txt [ /smartadserver.com ]
C:\Users\NB\AppData\Roaming\Microsoft\Windows\Cookies\OGBG4ZG0.txt [ /apmebf.com ]
C:\Users\NB\AppData\Roaming\Microsoft\Windows\Cookies\U7G8BXA8.txt [ /mediaplex.com ]
C:\Users\NB\AppData\Roaming\Microsoft\Windows\Cookies\86PMR73H.txt [ /atdmt.com ]
C:\Users\NB\AppData\Roaming\Microsoft\Windows\Cookies\CSBSDPI1.txt [ /doubleclick.net ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\0ZKMSDQH.txt [ Cookie:NB@tribalfusion.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\OME7O71Q.txt [ Cookie:NB@aim4media.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\FQ94MGQV.txt [ Cookie:NB@ad4.adfarm1.adition.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\236OOR1N.txt [ Cookie:NB@ad.dyntracker.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\SX55EQJ2.txt [ Cookie:NB@mediapartners.bigpoint.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\3T5G3AAM.txt [ Cookie:NB@www.zanox-affiliate.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\H2PKQ5BO.txt [ Cookie:NB@c.atdmt.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\E0DFDZX7.txt [ Cookie:NB@www.usenext.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\P1NYDIFT.txt [ Cookie:NB@ad.dyntracker.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\77RFU4GY.txt [ Cookie:NB@server.adform.net/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\UC7CMOK6.txt [ Cookie:NB@zanox-affiliate.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MNXN2U7.txt [ Cookie:NB@tracking.3gnet.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQ3MEFD4.txt [ Cookie:NB@www.etracker.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\78D1Q6WL.txt [ Cookie:NB@bs.serving-sys.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\PEN5DDG5.txt [ Cookie:NB@specificclick.net/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\WX1HJIC7.txt [ Cookie:NB@www.trafficrank.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\2A6GT0HD.txt [ Cookie:NB@smartadserver.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQLXI7D9.txt [ Cookie:NB@hightraffic.hugoboss.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUZ0UPGF.txt [ Cookie:NB@ww251.smartadserver.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EZGAENN.txt [ Cookie:NB@apmebf.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\KNX39APU.txt [ Cookie:NB@adform.net/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\8IU15XFX.txt [ Cookie:NB@tracking.quisma.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\YXYBWPQ1.txt [ Cookie:NB@eyewonder.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\7Z1T9H08.txt [ Cookie:NB@kontera.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\9V2P3K7D.txt [ Cookie:NB@tradedoubler.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\3331GTOY.txt [ Cookie:NB@movitex.122.2o7.net/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QH2NA6Y.txt [ Cookie:NB@ad1.adfarm1.adition.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\4F9SXXEN.txt [ Cookie:NB@edates.traffective-tracking.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\9J59YKSS.txt [ Cookie:NB@zanox.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\MGOBZS1Y.txt [ Cookie:NB@imrworldwide.com/cgi-bin ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\S8OB5IF6.txt [ Cookie:NB@adultfriendfinder.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\7YQRCDKQ.txt [ Cookie:NB@a.revenuemax.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\55Q7BUYK.txt [ Cookie:NB@fastclick.net/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\2TRSTZYH.txt [ Cookie:NB@banner.comtec.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\GKNSRFK5.txt [ Cookie:NB@webmasterplan.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\KDTIHAM3.txt [ Cookie:NB@ad.yieldmanager.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKGNSYIL.txt [ Cookie:NB@mediaplex.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZGTX0NWE.txt [ Cookie:NB@zedo.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\7DAYXG75.txt [ Cookie:NB@secmedia.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\CYWUGUCG.txt [ Cookie:NB@atdmt.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\4T6OSL7L.txt [ Cookie:NB@traffictrack.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUYK62PO.txt [ Cookie:NB@eas.apm.emediate.eu/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\T8TG20P5.txt [ Cookie:NB@adviva.net/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISFMQA50.txt [ Cookie:NB@im.banner.t-online.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\OS8KC3G3.txt [ Cookie:NB@view.advert-layer.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\MMRAT9YN.txt [ Cookie:NB@gostats.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\ONAL141D.txt [ Cookie:NB@adbrite.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2REMBWC.txt [ Cookie:NB@serving-sys.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\OAEXH5E3.txt [ Cookie:NB@adfarm1.adition.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\TFREZMLM.txt [ Cookie:NB@adtech.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\I864MF2B.txt [ Cookie:NB@adserver2.clipkit.de/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\FHZ0YKJP.txt [ Cookie:NB@adxpose.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\VL2BN2Q2.txt [ Cookie:NB@ad3.adfarm1.adition.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\VC1V9Z1I.txt [ Cookie:NB@2o7.net/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\7YV1QRST.txt [ Cookie:NB@media6degrees.com/ ]
C:\USERS\NB\AppData\Roaming\Microsoft\Windows\Cookies\Low\7MCYC2QC.txt [ Cookie:NB@adserver.echt-peinlich.net/ ]
C:\USERS\NB\Cookies\V0D7I2MZ.txt [ Cookie:NB@c.atdmt.com/ ]
C:\USERS\NB\Cookies\5T3IOT7C.txt [ Cookie:NB@smartadserver.com/ ]
C:\USERS\NB\Cookies\OGBG4ZG0.txt [ Cookie:NB@apmebf.com/ ]
C:\USERS\NB\Cookies\U7G8BXA8.txt [ Cookie:NB@mediaplex.com/ ]
C:\USERS\NB\Cookies\86PMR73H.txt [ Cookie:NB@atdmt.com/ ]
media.dshini.net [ C:\USERS\NB\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XN6MBXKP ]
.atdmt.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.unister-adservices.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\NB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CZ8J6YOX.DEFAULT\COOKIES.SQLITE ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ADCENTRICONLINE[1].TXT [ /ADCENTRICONLINE ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ATDMT[1].TXT [ /ATDMT ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ADXPOSE[1].TXT [ /ADXPOSE ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@TRACK.EFFILIATION[3].TXT [ /TRACK.EFFILIATION ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@SERVER.CPMSTAR[2].TXT [ /SERVER.CPMSTAR ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@REVSCI[2].TXT [ /REVSCI ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@AD4.ADFARM1.ADITION[1].TXT [ /AD4.ADFARM1.ADITION ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ZANOX[2].TXT [ /ZANOX ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@AD.ADSERVER01[1].TXT [ /AD.ADSERVER01 ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@TRACKING.9FLATS[1].TXT [ /TRACKING.9FLATS ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@APMEBF[1].TXT [ /APMEBF ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@FASTCLICK[1].TXT [ /FASTCLICK ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@AD1.ADFARM1.ADITION[1].TXT [ /AD1.ADFARM1.ADITION ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ADS.SPIELESITE[1].TXT [ /ADS.SPIELESITE ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@AD3.ADFARM1.ADITION[2].TXT [ /AD3.ADFARM1.ADITION ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ZANOX-AFFILIATE[2].TXT [ /ZANOX-AFFILIATE ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@AD.ADNET[1].TXT [ /AD.ADNET ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@SERVING-SYS[2].TXT [ /SERVING-SYS ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@AD.ZANOX[1].TXT [ /AD.ZANOX ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@2O7[1].TXT [ /2O7 ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ADS.ACOMAH[2].TXT [ /ADS.ACOMAH ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ADTECH[2].TXT [ /ADTECH ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@ADX.CHIP[2].TXT [ /ADX.CHIP ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
D:\USERS\NB\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NB@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]
Trojan.Agent/Gen-FakeAlert
H:\ADAC\PROG\LINKREG.EXE
Geändert von Neowyn (14.02.2012 um 19:27 Uhr) |
|
14.02.2012, 21:33
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf Bigpoint.de - Browser sehr langsam Erstell dir mal ein neues Profil und teste => Profile verwalten | Anleitung | Firefox-Hilfe
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2012, 17:25
| #21 |
| | Weiterleitung auf Bigpoint.de - Browser sehr langsam Hab mir ein neues Profil erstellt, hat aber leider nichts gebracht. Bin gleich wieder dort gelandet. SuperAntiSpyware hat ja einige Dateien gefunden, soll ich die löschen oder in Quarantäne schicken? |
|
15.02.2012, 17:30
| #22 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf Bigpoint.de - Browser sehr langsamZitat:
Wenn nicht, setz diesen Router auf Werkseinstellungen zurück und konfiguriere ihn neu. Wichtig ist, dass du das unsichere vordefinierte Adminkennwort zum Router änderst! Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2012, 18:40
| #23 | |
| | Weiterleitung auf Bigpoint.de - Browser sehr langsamZitat:
Gibt es bei SUPERAntiSpyware eine Möglichkeit die Funde wieder herzustellen, oder muss ich es nochmals durchlaufen lassen? |
|
15.02.2012, 19:13
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf Bigpoint.de - Browser sehr langsam Das kann trotzdem am Router liegen. Gerade wenn der Router durch gar kein Passwort geschützt oder nur das Standardpasswort hat, rollen sich meine Fußnägel auf...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2012, 00:37
| #25 |
| | Weiterleitung auf Bigpoint.de - Browser sehr langsam Der Router ist durch ein Passwort geschützt, ich meinte nur das es in lezter Zeit nicht geändert wurde. |
|
16.02.2012, 13:24
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf Bigpoint.de - Browser sehr langsam Achso, ja dann natürlich nicht  Gib mir mal diene exakte IP-Konfig des Problemrechners:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2012, 23:56
| #27 |
| | Weiterleitung auf Bigpoint.de - Browser sehr langsamCode:
ATTFilter
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : NB-PC
Prim„res DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : Speedport_W_503V_Typ_C
Ethernet-Adapter LAN-Verbindung 2:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : TAP-Win32 Adapter OAS
Physikalische Adresse . . . . . . : 00-FF-7E-50-AF-C5
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Ethernet-Adapter LAN-Verbindung:
Verbindungsspezifisches DNS-Suffix: Speedport_W_503V_Typ_C
Beschreibung. . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physikalische Adresse . . . . . . : 00-19-66-EA-14-A9
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::5cf1:7908:8262:53aa%10(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.2.104(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Donnerstag, 16. Februar 2012 17:33:23
Lease l„uft ab. . . . . . . . . . : Donnerstag, 8. M„rz 2012 17:33:23
Standardgateway . . . . . . . . . : 192.168.2.1
DHCP-Server . . . . . . . . . . . : 192.168.2.1
DHCPv6-IAID . . . . . . . . . . . : 234887526
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-12-D9-34-1E-00-19-66-EA-14-A9
DNS-Server . . . . . . . . . . . : 192.168.2.1
NetBIOS ber TCP/IP . . . . . . . : Aktiviert
Tunneladapter isatap.Speedport_W_503V_Typ_C:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix: Speedport_W_503V_Typ_C
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Tunneladapter LAN-Verbindung* 2:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fd:c65:89:3f57:fd97(Bevorzugt)
Verbindungslokale IPv6-Adresse . : fe80::c65:89:3f57:fd97%12(Bevorzugt)
Standardgateway . . . . . . . . . : ::
NetBIOS ber TCP/IP . . . . . . . : Deaktiviert
Tunneladapter isatap.{7E50AFC5-8454-4944-9C72-35E7E441E413}:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
|
|
17.02.2012, 10:33
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf Bigpoint.de - Browser sehr langsam Hm ok die DNS-Einstellung ist ok. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.02.2012, 19:11
| #29 |
| | Weiterleitung auf Bigpoint.de - Browser sehr langsam OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.02.2012 18:59:09 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\NB\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,70% Memory free 8,00 Gb Paging File | 6,20 Gb Available in Paging File | 77,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 420,70 Gb Total Space | 339,62 Gb Free Space | 80,73% Space Free | Partition Type: NTFS Drive D: | 488,18 Gb Total Space | 468,47 Gb Free Space | 95,96% Space Free | Partition Type: NTFS Drive E: | 488,28 Gb Total Space | 465,79 Gb Free Space | 95,39% Space Free | Partition Type: NTFS Drive H: | 279,45 Gb Total Space | 229,38 Gb Free Space | 82,08% Space Free | Partition Type: NTFS Computer Name: NB-PC | User Name: NB | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.10 18:39:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\NB\Downloads\OTL.exe PRC - [2012.01.31 13:46:41 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe PRC - [2011.07.02 16:23:49 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 18:09:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.08.12 17:45:00 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe PRC - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Keyboard & Mouse Driver\KMWDSrv.exe PRC - [2007.04.04 11:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Keyboard & Mouse Driver\KMProcess.exe PRC - [2007.03.28 00:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Keyboard & Mouse Driver\KMConfig.exe PRC - [2007.03.06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Keyboard & Mouse Driver\StartAutorun.exe ========== Modules (No Company Name) ========== MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Keyboard & Mouse Driver\keydll.dll MOD - [2005.05.04 19:12:46 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Keyboard & Mouse Driver\MouseHook.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011.01.12 17:32:16 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.07.02 16:23:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 18:09:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.01 19:30:13 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011.01.12 17:36:56 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.01.12 17:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010.08.12 17:45:00 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Keyboard & Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.17 10:38:32 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2011.11.17 10:38:28 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2011.11.17 10:38:28 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2011.07.02 16:23:49 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.02 16:23:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.08.03 16:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas) DRV:64bit: - [2010.05.13 16:48:19 | 000,421,248 | ---- | M] (Illusion & Hope. Porting to AMD64 by Sergey Sakharov.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\BT848.sys -- (BT848) Conexant's BtPCI WDM Video Capture (AMD64) DRV:64bit: - [2009.11.12 12:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.08.23 15:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2010.02.24 13:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.11.12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.31 17:06:30 | 000,022,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\DScaler\DSDRV4~2.SYS -- (DSDrv4AMD64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 12 BB A5 73 EA CC 01 [binary data] IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\NB\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\NB\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\NB\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.08 18:29:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.24 19:10:34 | 000,000,000 | ---D | M] [2012.01.31 13:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NB\AppData\Roaming\mozilla\Extensions [2011.12.11 17:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NB\AppData\Roaming\mozilla\Extensions\net.openvpn.client [2012.02.08 18:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.14 16:40:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.06.07 17:36:08 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.02.13 18:10:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KMCONFIG] C:\Program Files (x86)\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O15 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..Trusted Domains: hotmail.com ([www] * in Trusted sites) O15 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..Trusted Domains: live.com ([login] http in Trusted sites) O15 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..Trusted Domains: msn.com ([www] * in Trusted sites) O15 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..Trusted Domains: passport.com ([www] * in Trusted sites) O15 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..Trusted Domains: spielesite.com ([www] https in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76AF22B5-1FB7-4D56-986A-DBA5D53091B9}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk - C:\PROGRA~2\OPENVP~1\OPENVP~1\core\uiboot.exe - () MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.14 17:26:09 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\SUPERAntiSpyware.com [2012.02.14 17:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.02.14 17:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.02.14 17:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.02.14 17:25:21 | 014,574,088 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\NB\Desktop\SUPERAntiSpyware.exe [2012.02.14 11:45:57 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\NB\Desktop\aswMBR.exe [2012.02.13 18:15:30 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.02.13 18:10:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.02.13 17:46:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.02.13 17:46:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.02.13 17:46:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.02.13 17:46:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.02.13 17:46:01 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.02.13 17:45:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.02.13 17:34:57 | 004,403,246 | R--- | C] (Swearware) -- C:\Users\NB\Desktop\ComboFix.exe [2012.02.12 18:01:47 | 000,000,000 | ---D | C] -- C:\_OTL [2012.02.08 17:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.05 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\Malwarebytes [2012.02.05 18:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.05 18:37:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.05 18:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.05 18:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.03 23:42:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.02.01 18:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.02.01 18:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDHelper (Spybot - Search & Destroy) [2012.02.01 18:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy) [2012.02.01 18:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy) [2012.02.01 18:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy) [2012.01.31 00:28:49 | 000,000,000 | ---D | C] -- C:\Users\NB\Desktop\SpybotPortable [2012.01.26 18:16:00 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Local\Audible [2012.01.26 18:15:48 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\SysWow64\awrdscdc.ax [2012.01.26 18:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager [2012.01.26 18:15:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible [2012.01.26 18:15:16 | 000,000,000 | ---D | C] -- C:\Users\NB\Documents\Audible [2012.01.26 18:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible [2012.01.26 18:15:04 | 000,000,000 | ---D | C] -- C:\Users\NB\Neuer Ordner [2012.01.24 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\Leadertech [2012.01.24 15:10:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.01.23 19:54:38 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Local\MediaMonkey [2012.01.23 19:54:30 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\MediaMonkey [2012.01.22 19:24:54 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\COWON [2012.01.22 18:28:50 | 000,000,000 | ---D | C] -- C:\Vimeo [2012.01.22 18:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 9 ========== Files - Modified Within 30 Days ========== [2012.02.19 18:57:46 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.19 18:57:46 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.19 18:50:22 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.19 18:50:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.19 18:49:59 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.02.17 23:34:14 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.17 23:34:08 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1931242635-1971727323-3307929102-1001UA.job [2012.02.17 00:16:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1931242635-1971727323-3307929102-1001Core.job [2012.02.16 20:09:16 | 000,001,205 | ---- | M] () -- C:\Users\NB\Desktop\cmd.exe.lnk [2012.02.14 17:25:53 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.02.14 17:25:22 | 014,574,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\NB\Desktop\SUPERAntiSpyware.exe [2012.02.14 12:08:51 | 000,000,512 | ---- | M] () -- C:\Users\NB\Desktop\MBR.dat [2012.02.14 11:46:21 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\NB\Desktop\aswMBR.exe [2012.02.13 18:10:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.02.13 17:35:14 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\NB\Desktop\ComboFix.exe [2012.02.12 17:14:15 | 001,512,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.12 17:14:15 | 000,658,946 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.12 17:14:15 | 000,620,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.12 17:14:15 | 000,132,516 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.12 17:14:15 | 000,108,314 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.08 18:29:34 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.05 18:37:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.03 23:44:31 | 000,001,360 | ---- | M] () -- C:\Users\NB\Desktop\SpybotSD - Verknüpfung.lnk [2012.02.03 23:42:33 | 370,319,664 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.26 18:15:56 | 000,001,969 | ---- | M] () -- C:\Users\NB\Desktop\Audible Manager.lnk [2012.01.26 18:15:48 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\SysWow64\awrdscdc.ax [2012.01.24 11:37:57 | 000,431,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.22 18:19:52 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Audials 9.lnk ========== Files Created - No Company Name ========== [2012.02.16 20:09:03 | 000,001,205 | ---- | C] () -- C:\Users\NB\Desktop\cmd.exe.lnk [2012.02.14 17:25:53 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.02.14 12:08:51 | 000,000,512 | ---- | C] () -- C:\Users\NB\Desktop\MBR.dat [2012.02.13 17:46:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.02.13 17:46:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.02.13 17:46:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.02.13 17:46:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.02.13 17:46:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.02.08 18:29:34 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.08 18:29:34 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.05 18:37:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.03 23:44:31 | 000,001,360 | ---- | C] () -- C:\Users\NB\Desktop\SpybotSD - Verknüpfung.lnk [2012.02.03 23:42:33 | 370,319,664 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.01.26 18:15:56 | 000,001,969 | ---- | C] () -- C:\Users\NB\Desktop\Audible Manager.lnk [2012.01.22 18:19:52 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Audials 9.lnk [2011.12.06 15:45:44 | 000,005,120 | ---- | C] () -- C:\Users\NB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.01 18:03:40 | 000,004,096 | -H-- | C] () -- C:\Users\NB\AppData\Local\keyfile3.drm [2010.10.18 19:53:24 | 002,648,064 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2010.05.16 14:59:05 | 000,000,206 | ---- | C] () -- C:\Windows\SHISETUP.SYS [2010.01.08 15:05:21 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.01.08 13:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.01.08 13:07:44 | 000,004,801 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.10.11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2010.10.03 14:46:24 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\7-PDFMaker [2010.10.03 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\7-PDFSplitMerge [2011.08.03 18:38:27 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Canneverbe Limited [2012.01.22 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\COWON [2010.05.13 18:07:44 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\DScaler4 [2012.02.12 18:01:50 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Gutscheinmieze [2012.01.24 18:28:46 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Leadertech [2010.05.26 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Lexware [2012.01.31 19:52:48 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\MediaMonkey [2012.01.13 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Nokia [2010.10.03 14:26:47 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\OpenCandy [2011.12.11 17:05:09 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\OpenVPN Technologies [2012.01.13 18:27:04 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\PC Suite [2010.06.14 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\phonostar GmbH [2011.06.05 13:27:04 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Swiss Academic Software [2012.01.24 18:20:33 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Tobit [2011.03.01 19:29:59 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\TuneUp Software [2010.11.29 18:58:35 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Uniblue [2012.02.05 18:08:26 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.10.03 14:46:24 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\7-PDFMaker [2010.10.03 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\7-PDFSplitMerge [2012.01.13 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Adobe [2012.01.13 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\AdobeUM [2010.01.08 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\ATI [2011.02.18 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Avira [2011.08.03 18:38:27 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Canneverbe Limited [2012.01.22 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\COWON [2011.04.01 23:09:40 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\CyberLink [2010.05.13 18:07:44 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\DScaler4 [2012.02.12 18:01:50 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Gutscheinmieze [2010.01.08 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Identities [2012.01.19 19:40:41 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\InstallShield [2012.01.24 18:28:46 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Leadertech [2010.05.26 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Lexware [2010.01.08 13:57:39 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Macromedia [2012.02.05 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Malwarebytes [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Media Center Programs [2010.05.13 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Media Player Classic [2012.01.31 19:52:48 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\MediaMonkey [2011.11.02 19:40:42 | 000,000,000 | --SD | M] -- C:\Users\NB\AppData\Roaming\Microsoft [2012.02.08 18:29:43 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Mozilla [2012.01.13 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Nokia [2010.10.03 14:26:47 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\OpenCandy [2011.12.11 17:05:09 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\OpenVPN Technologies [2012.01.13 18:27:04 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\PC Suite [2010.06.14 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\phonostar GmbH [2012.01.24 23:49:51 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Skype [2012.02.14 17:26:09 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\SUPERAntiSpyware.com [2011.06.05 13:27:04 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Swiss Academic Software [2012.01.24 18:20:33 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Tobit [2011.03.01 19:29:59 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\TuneUp Software [2011.07.23 17:22:39 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\U3 [2010.11.29 18:58:35 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Uniblue [2010.01.11 19:11:06 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.10 13:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\NB\AppData\Roaming\Gutscheinmieze\uninstall.exe [2010.01.08 13:51:05 | 000,010,134 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{42CA2096-C607-7F71-5550-F19BCD9A4100}\ARPPRODUCTICON.exe [2011.05.25 16:42:51 | 000,137,750 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_02506422F3D2BE4CA37487.exe [2011.05.25 16:42:51 | 000,137,750 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_267C690D0AFBAADCB8FC6B.exe [2011.05.25 16:42:51 | 000,010,134 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_4F0256E95A66B02112203A.exe [2011.05.25 16:42:51 | 000,137,750 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_853F67D554F05449430E7E.exe [2010.02.12 14:39:13 | 000,010,134 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.04.12 16:17:41 | 000,026,112 | ---- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Windows\SendTo\Upload auf img5.exe [2010.10.03 14:26:47 | 000,331,304 | ---- | M] () -- C:\Users\NB\AppData\Roaming\OpenCandy\OpenCandy_509F0B89C2544A04A3276C4B994AC032\DLMgr_3_1.6.44.exe [2010.03.05 22:42:26 | 004,004,928 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\NB\AppData\Roaming\OpenCandy\OpenCandy_509F0B89C2544A04A3276C4B994AC032\registrybooster(9).exe [2010.06.16 14:14:16 | 010,350,912 | ---- | M] ( ) -- C:\Users\NB\AppData\Roaming\phonostar GmbH\phonostar-Player\update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
19.02.2012, 19:48
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf Bigpoint.de - Browser sehr langsam Ist zeimlich unauffällig. Und das hast du nur mit diesem Rechner die Weiterleitung?  Egal mit welchem Windows-Benutzer und auch mit einem neuen FF-Profil? Auch egal welcher Browser? Abgesicherter Modus mit Netzwerk, ist es da auch? Sry dass ich evtl. Fragen wiederhole, aber ich versuch gerade die Ursache zu finden
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Weiterleitung auf Bigpoint.de - Browser sehr langsam |
| ahnung, antivir, aufrufe, aufrufen, browser, browser langsam, firefox, freude, gefunde, gelöscht, gestern, heutige, inter, interne, internet, langsam, liebe, lieben, neustart, nicht mehr, richtig, schnell, sehr langsam, spybot, start, t-online, tagen, umgeleitet, weiterleitung |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
