| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner/Virus: Bundespolizei verlangt 100€ via UkashWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.03.2012, 17:45
| #1 |
| |  Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash Hi Freunde, Habe das Problem schoneinmal an dem PC einer Freundin bearbeitet, daher konnte ich schon einmal die ersten Schritte ohne Anleitung bearbeiten  Der Virus ist ja allgemein bekannt, hier auf Trojaner Board, insofern muss ich dazu nicht viel sagen. Habe nun einmal OTL.exe meinen PC scannen lassen und bekam eine OTL.txt und eine Extras.txt heraus. Code:
ATTFilter OTL Extras logfile created on: 16.03.2012 17:16:38 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = H:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,61% Memory free
4,23 Gb Paging File | 3,97 Gb Available in Paging File | 93,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 261,64 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32
Drive H: | 7,31 Gb Total Space | 6,65 Gb Free Space | 90,95% Space Free | Partition Type: FAT32
Computer Name: BÜRO-PC | User Name: _ | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2651C41D-3638-4585-A50B-1A37A430930F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40299914-F7F9-4D5F-A770-47F1424355B1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4326684A-0F41-457B-9B62-E8A99B42AEA6}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6F3699F6-7FE1-4B68-928C-3534B209BAB0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{71CEDB94-F107-47CA-BC06-CD7D1D125A34}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7B090C90-5BD3-404C-B752-DF0B192CE442}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AB621E9A-BDFC-433A-AA1E-8949767CDB48}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E669A2FD-CCC4-4FC1-8305-B4D061024706}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028082CE-5F83-4188-A2E6-4A9C63AC91AA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{1181F1A2-53BB-4F2A-AE11-8697FB0B8A2B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1A58997E-E0D5-4875-96BA-606FC10B313E}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{204ED0AC-5CAF-4FDE-B8FC-11025F15B671}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{24045ADB-CE18-4681-8D52-A230C884147C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{50157BF6-0D2B-4B19-B64C-ADA5B0B1967F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{5ECFBF96-82F3-49D9-A62A-1453501A3361}" = protocol=6 | dir=out | app=c:\program files\iminent\mmserver\iminent.mmserver.exe |
"{5ED16D02-1395-48FB-9892-A3B204D87E01}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{742C98D9-E516-4B3D-8E90-24C21978F0DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74D19927-B2AC-49D4-AC62-1CCED2BF906B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{751DEB9E-615E-44DB-8CC1-2D97956B713B}" = protocol=6 | dir=in | app=c:\program files\iminent\imbooster\imbooster.exe |
"{7F7C8E4A-9490-419F-A1F2-1493B68D713B}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{86F0493F-7AC0-421B-941F-16C3A585CEFE}" = protocol=6 | dir=in | app=c:\program files\iminent\mmserver\iminent.mmserver.exe |
"{8EB89906-7156-4B3C-99C2-C6D9065147A4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{8F1BD00A-549F-451F-A092-0B98EFC28B63}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{965F326E-59FF-4924-B753-5107E0D1FD9C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{B1D87081-FF6F-4A43-9D87-026560C1EB9E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{C449384A-87DA-431A-96FC-13E4BCB53C5C}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{C5E5F0B8-5C65-4CC4-B820-E99115E3E4B8}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{C614617D-2D02-4454-99DE-4666757E85F0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{CBD667CD-6065-4107-B26D-D98BDFA42777}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D4C28644-BE57-4501-9956-A004745A2222}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E854CFDA-CF6E-416F-847A-E9D02C11783C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EABDE8A9-D2E5-4843-ABB9-2C7FB32463C8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{FBC72F85-CA19-4E74-8CFC-4105BB995B4A}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{FEFDDE56-3F3A-4A4C-BDA9-384FF1D725ED}" = protocol=6 | dir=out | app=c:\program files\iminent\imbooster\imbooster.exe |
"TCP Query User{1DD3C3EE-D212-454C-9309-5B3366AD931D}C:\program files\tunngle\tnglctrl.exe" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"TCP Query User{313C81FA-6B72-4F1D-A80A-A14C4BE2FB3A}C:\program files\prodigy flight deck 100 v9.02\gremotes.exe" = protocol=6 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\gremotes.exe |
"TCP Query User{4B5619A6-9CDE-4D57-82A4-1AD97877AF41}C:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe" = protocol=6 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe |
"TCP Query User{89FF81ED-0214-4E01-AB45-88E6FD146E69}C:\program files\prodigy flight deck 100 v9.02\gremotes.exe" = protocol=6 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\gremotes.exe |
"TCP Query User{9139EE51-F6B1-4012-B0E9-5A8DC936C8D4}C:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe" = protocol=6 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe |
"TCP Query User{BF786689-1C3D-474D-B22C-3E6519B68049}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
"TCP Query User{CB84548F-02D3-4B25-8502-D9E4ED33D7CA}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{D42E4666-D985-427C-86C1-871BD8160568}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D695D0EC-868A-49AC-80AF-627CEB595F5F}C:\users\_\tobis dateien\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\users\_\tobis dateien\far cry 2\bin\farcry2.exe |
"UDP Query User{24F6C2BF-3870-474C-B423-834483DBBBC8}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{78FF67FD-FE7F-4725-90B0-D07B8617B33B}C:\program files\tunngle\tnglctrl.exe" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"UDP Query User{938152C1-7296-41BC-B574-095DE1738F77}C:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe" = protocol=17 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe |
"UDP Query User{9BA609F2-211E-448D-9362-CFF78F99AF71}C:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe" = protocol=17 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe |
"UDP Query User{AB393ABA-C670-4AD5-8D95-12509690A27B}C:\users\_\tobis dateien\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\users\_\tobis dateien\far cry 2\bin\farcry2.exe |
"UDP Query User{ABCCF944-2701-456F-9275-BED53BD86CAC}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
"UDP Query User{BE81A214-0947-4DE2-B64C-B95A4668993C}C:\program files\prodigy flight deck 100 v9.02\gremotes.exe" = protocol=17 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\gremotes.exe |
"UDP Query User{CEDF492E-5CAC-4A08-877B-727410631F6D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D76AA78D-0453-489B-901C-5E17567E2A1A}C:\program files\prodigy flight deck 100 v9.02\gremotes.exe" = protocol=17 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\gremotes.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{136E842A-87AC-4CFA-99A0-4D5BF9114566}" = Iminent
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{2F6E1E46-2EC9-4547-B56A-720E97E3A9C1}" = aerosoft's - Real Germany 1 - FS2002 - FS2004
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06B1C71-FDF8-47A4-8648-6406B4F85E90}" = Panel Utility
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 Königs- Edition
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1489-3350-5074-6281" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"BabylonToolbar" = Babylon toolbar on IE
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealPly" = DealPly
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"facemoods" = Facemoods Toolbar
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"IMBoosterARP" = Iminent
"incredibar" = Incredibar Toolbar on IE and Chrome
"KONICA MINOLTA magicolor 1600W" = KONICA MINOLTA magicolor 1600W
"LetsTrade" = LetsTrade Komponenten
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Prodigy Flight Deck 100 v9.02" = Prodigy Flight Deck 100 v9.02
"PunkBusterSvc" = PunkBuster Services
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Tunngle beta_is1" = Tunngle beta
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
"YTdetect" = Yahoo! Detect
"ZDFmediathek_is1" = ZDFmediathek Version 2.0.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Audio Converter" = FoxTab Audio Converter
"Game Organizer" = EasyBits GO
"webGAMET" = webGAMET
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.03.2011 09:05:17 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 09.03.2011 09:05:17 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 09.03.2011 09:06:37 | Computer Name = Büro-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TuneUpUtilitiesService32.exe, Version 10.0.3000.99,
Zeitstempel 0x4d076afa, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024,
Zeitstempel 0x49f05bcc, Ausnahmecode 0xc0000005, Fehleroffset 0x0005895d, Prozess-ID
0xadc, Anwendungsstartzeit 01cbde5a9f5f01b5.
Error - 09.03.2011 17:21:07 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 09.03.2011 17:21:07 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 09.03.2011 18:21:18 | Computer Name = Büro-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TuneUpUtilitiesService32.exe, Version 10.0.3000.99,
Zeitstempel 0x4d076afa, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024,
Zeitstempel 0x49f05bcc, Ausnahmecode 0xc0000005, Fehleroffset 0x0005895d, Prozess-ID
0x8fc, Anwendungsstartzeit 01cbde9fe3866613.
Error - 10.03.2011 08:11:32 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.03.2011 08:11:32 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.03.2011 17:07:32 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 10.03.2011 17:07:32 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
und Code:
ATTFilter OTL logfile created on: 16.03.2012 17:16:38 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = H:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,61% Memory free 4,23 Gb Paging File | 3,97 Gb Available in Paging File | 93,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 261,64 Gb Free Space | 58,70% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32 Drive H: | 7,31 Gb Total Space | 6,65 Gb Free Space | 90,95% Space Free | Partition Type: FAT32 Computer Name: BÜRO-PC | User Name: _ | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - H:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Microsoft Office\Office10\WINWORD.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (vToolbarUpdater10.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\eEBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (SaiHFF12) -- C:\Windows\System32\drivers\SaiHFF12.sys (Saitek) DRV - (SaiIFF12) Immersion's HID USB Driver (FF12) -- C:\Windows\System32\drivers\SaiIFF12.sys (Saitek) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (snpstd) -- C:\Windows\System32\drivers\snpstd.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={4A8470D9-B8B9-464E-B81A-4788FBA8D811}&mid=9e534bd068c747d1b5f7d154d4841b07-9e7c2e33955e8c62344338765a0459d397e3d818&lang=de&ds=tt014&pr=sa&d=2012-01-04 11:10:16&v=10.0.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.02.25 13:28:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 11:15:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 21:09:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de [2011.11.23 10:31:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008.08.29 06:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_\AppData\Roaming\mozilla\Extensions [2012.03.09 14:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions [2010.05.02 14:15:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.16 13:41:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.02.11 22:20:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.27 10:33:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.08.13 11:06:54 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.01.04 11:10:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\avg@toolbar [2012.01.09 19:06:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com [2011.11.23 10:31:59 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de [2011.07.17 17:09:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com [2011.12.19 18:23:14 | 000,000,933 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\11-suche.xml [2012.02.09 12:38:24 | 000,000,931 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\conduit.xml [2011.12.19 18:23:14 | 000,002,419 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\englische-ergebnisse.xml [2011.12.19 18:23:14 | 000,010,525 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\gmx-suche.xml [2011.12.19 18:23:14 | 000,002,457 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\lastminute.xml [2011.12.20 21:10:50 | 000,002,203 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\MyStart Search.xml [2011.12.19 18:23:14 | 000,005,508 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\webde-suche.xml [2012.01.09 19:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.10 11:03:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.12.20 19:00:27 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com () (No name found) -- C:\USERS\_\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZABKHOQD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\_\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZABKHOQD.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.02.18 11:15:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.11 11:36:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.14 08:01:15 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011.08.13 11:06:37 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.10.11 11:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.11 11:36:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.07.16 18:44:21 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011.10.11 11:36:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.11 11:36:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.11 11:36:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON SX600FW Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE (SEIKO EPSON CORPORATION) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\_\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{635B33A1-C0AE-4FEB-AE84-5A253A778F76}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B80813-539B-45FD-8187-DBEF372A99DD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\_\Bernds Dateien\CIMG1696.JPG O24 - Desktop BackupWallPaper: C:\Users\_\Bernds Dateien\CIMG1696.JPG O27 - HKLM IFEO\googledesktop.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\googledesktopdisplay.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\Shell - "" = AutoRun O33 - MountPoints2\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\Shell\AutoRun\command - "" = F:\Launcher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.14 08:13:29 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.14 08:13:01 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 08:13:00 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.03.14 08:13:00 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.03.14 08:13:00 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.03.14 08:13:00 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.03.14 08:07:38 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012.03.05 18:36:29 | 000,000,000 | ---D | C] -- C:\Users\_\Desktop\Converse [2012.02.21 14:51:42 | 000,000,000 | ---D | C] -- C:\Users\_\AppData\Roaming\Sierra [2012.02.21 14:51:42 | 000,000,000 | ---D | C] -- C:\Users\_\Documents\Empire Earth II [2012.02.21 14:50:27 | 000,000,000 | ---D | C] -- C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade [2012.02.21 14:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade [2012.02.21 14:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade [2012.02.21 14:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra [2012.02.21 14:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra [2012.02.21 13:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\directx [2012.02.16 14:10:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.16 14:10:44 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.02.16 14:10:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.16 14:10:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.16 14:10:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.16 14:10:41 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2008.03.02 14:30:24 | 000,017,168 | ---- | C] ( ) -- C:\Windows\System32\drivers\gt681x.sys [2005.04.21 00:16:28 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll [2004.02.16 20:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll [1 C:\Users\_\Desktop\*.tmp files -> C:\Users\_\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.16 17:15:54 | 000,637,762 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.16 17:15:54 | 000,603,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.16 17:15:54 | 000,130,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.16 17:15:54 | 000,107,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.16 16:58:38 | 000,001,356 | ---- | M] () -- C:\Users\_\AppData\Local\d3d9caps.dat [2012.03.16 15:45:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.16 15:43:50 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.16 15:43:50 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.16 14:53:37 | 000,000,862 | ---- | M] () -- C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk [2012.03.16 09:56:39 | 000,352,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.14 11:43:19 | 000,002,623 | ---- | M] () -- C:\Users\_\Desktop\Microsoft Word.lnk [2012.02.24 16:50:49 | 000,022,528 | ---- | M] () -- C:\Users\_\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.02.21 14:00:50 | 000,000,025 | ---- | M] () -- C:\Windows\SIERRA.INI [1 C:\Users\_\Desktop\*.tmp files -> C:\Users\_\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.16 15:13:30 | 000,001,356 | ---- | C] () -- C:\Users\_\AppData\Local\d3d9caps.dat [2012.03.16 14:53:37 | 000,000,862 | ---- | C] () -- C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk [2012.02.21 13:39:07 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.11.23 10:31:56 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2011.09.10 12:43:22 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.09.10 12:42:52 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.09.10 12:42:43 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.11.22 22:45:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.28 12:20:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.28 12:20:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.09 14:43:19 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT [2008.11.11 06:19:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.03 20:05:27 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.11.03 20:05:27 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.11.03 20:05:27 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.11.03 20:05:27 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.11.03 20:05:27 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.11.03 20:05:27 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.11.03 20:05:27 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.11.03 20:05:27 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.11.03 20:05:27 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.11.03 20:05:27 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.11.03 20:05:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.11.03 20:05:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.11.03 20:05:27 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.11.03 20:05:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.11.03 20:05:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.11.03 20:05:27 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.11.03 20:05:27 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.11.03 20:05:27 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.11.03 20:05:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.10.18 09:54:09 | 000,000,000 | ---- | C] () -- C:\Users\_\AppData\Roaming\Default.PLS [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.07.21 19:56:40 | 003,782,416 | ---- | C] () -- C:\Windows\System32\Mso97.dll [2008.06.05 09:04:20 | 000,031,910 | ---- | C] () -- C:\Windows\MSUMLT0G.INI [2008.04.05 14:36:26 | 000,000,326 | ---- | C] () -- C:\Windows\tm.ini [2008.02.17 18:40:57 | 000,022,528 | ---- | C] () -- C:\Users\_\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.09 18:24:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.02.09 16:31:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.09 16:17:44 | 000,000,089 | ---- | C] () -- C:\Users\_\AppData\Local\fusioncache.dat [2008.02.09 16:06:33 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.01.14 15:31:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.01.14 15:31:57 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.01.14 12:05:44 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.01.14 12:05:44 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.01.14 10:59:00 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.12.12 16:49:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.12.12 14:45:55 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2007.05.01 15:34:56 | 002,011,136 | ---- | C] () -- C:\Windows\System32\SaiCFF12.Dll [2007.05.01 15:34:56 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0C.dll [2007.05.01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_10.dll [2007.05.01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0A.dll [2007.05.01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_07.dll [2007.05.01 15:34:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCFF12_09.dll [2007.05.01 15:34:56 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0402.dll [2007.05.01 15:34:56 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCFF12_11.dll [2006.11.02 16:33:31 | 000,637,762 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,130,084 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,352,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,603,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,107,150 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.16 07:58:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\aspolyzt.dll [2006.05.03 22:40:42 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys [2005.10.11 20:54:48 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe [2005.07.06 11:59:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\asdrawli.dll [2005.07.04 14:17:30 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ASDRAWMA.DLL [2005.02.02 02:29:12 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe [2004.08.17 16:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\AS_SORT.DLL [2003.05.22 11:31:44 | 000,033,792 | ---- | C] () -- C:\Windows\System32\ASDRAW32.DLL [2003.01.18 00:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini [2002.07.12 15:29:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AS_MDB32.DLL ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.10 12:53:26 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.11.09 17:09:10 | 000,000,000 | -HSD | M] -- C:\Boot [2011.07.17 15:18:29 | 000,000,000 | ---D | M] -- C:\CDHOME [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.02.09 16:14:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.12.12 15:48:22 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.09 13:54:23 | 000,000,000 | ---D | M] -- C:\MyWorks [2008.11.09 14:21:02 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.02.21 14:50:22 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.02 17:42:41 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.02.09 16:14:13 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.17 15:12:31 | 000,000,000 | ---D | M] -- C:\STONEAXE [2012.03.16 10:06:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.03.10 13:13:54 | 000,000,000 | R--D | M] -- C:\Users [2012.03.16 09:56:58 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.14 06:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 06:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 06:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.14 06:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.12.03 14:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.12.03 14:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys [2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.14 22:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.11.14 22:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.03.16 17:16:48 | 003,932,160 | -HS- | M] () -- C:\Users\_\ntuser.dat [2012.03.16 17:16:48 | 000,262,144 | -H-- | M] () -- C:\Users\_\ntuser.dat.LOG1 [2008.02.09 16:17:20 | 000,000,000 | -H-- | M] () -- C:\Users\_\ntuser.dat.LOG2 [2012.03.16 15:42:03 | 000,065,536 | -HS- | M] () -- C:\Users\_\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.06.22 17:44:20 | 000,524,288 | -HS- | M] () -- C:\Users\_\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.03.16 15:42:03 | 000,524,288 | -HS- | M] () -- C:\Users\_\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.02.09 16:17:20 | 000,000,020 | -HS- | M] () -- C:\Users\_\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Vielen Dank schon einmal.  |
|
16.03.2012, 19:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
|
18.03.2012, 17:04
| #3 |
| | Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash Hey,
__________________Also der abgesicherte Modus funktioniert und auch eine Verbinndung mit dem Internet klappt. Vielen Dank |
|
19.03.2012, 16:43
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können: Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2012, 18:26
| #5 |
| | Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash Hey tut mir leid, das das so lang gedauert hat, aber hier kommen die logs: Zunächst Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fe0ee7144a486347bf6dc6dbfa7a21f2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-21 10:45:11
# local_time=2012-03-21 11:45:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 7018 107255575 0 0
# compatibility_mode=5892 16776573 100 100 6789 169891739 0 0
# compatibility_mode=8192 67108863 100 0 4226 4226 0 0
# scanned=250419
# found=11
# cleaned=0
# scan_time=10899
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\FoxTabAudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\_\AppData\Local\Temp\8BAB4753-BAB0-7891-833A-F59EBD12DAAA\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\_\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1932c537-37f45d5f Java/Exploit.Blacole.AN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\_\Tobis Dateien\VBA\SoftonicDownloader_fuer_ideas.exe Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 I
C:\Users\_\Tobis Dateien\VBA\SoftonicDownloader_fuer_visualboyadvance.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\TOOLS\Nero Burning ROM 8 Update\Nero-8.2.8.0_deu_update.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
Jetzt vom Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.21.04 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 _ :: BÜRO-PC [Administrator] Schutz: Deaktiviert 21.03.2012 18:07:23 mbam-log-2012-03-21 (18-07-23).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 422320 Laufzeit: 58 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\_\Tobis Dateien\VBA\SoftonicDownloader_fuer_ideas.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. C:\Users\_\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BE4DCCT7\contacts[1].exe (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\_\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter 2012/03/21 19:44:18 +0100 BÜRO-PC _ MESSAGE Executing scheduled update: Daily
2012/03/21 19:44:21 +0100 BÜRO-PC _ MESSAGE Starting protection
2012/03/21 19:44:26 +0100 BÜRO-PC _ MESSAGE Protection started successfully
2012/03/21 19:44:26 +0100 BÜRO-PC _ MESSAGE Scheduled update executed successfully: database updated from version v2012.03.21.04 to version v2012.03.21.05
2012/03/21 19:44:16 +0100 BÜRO-PC _ MESSAGE Starting IP protection
2012/03/21 19:44:17 +0100 BÜRO-PC _ MESSAGE IP Protection started successfully
2012/03/21 19:44:17 +0100 BÜRO-PC _ MESSAGE Starting database refresh
2012/03/21 19:44:17 +0100 BÜRO-PC _ MESSAGE Stopping IP protection
2012/03/21 19:44:18 +0100 BÜRO-PC _ MESSAGE IP Protection stopped
2012/03/21 19:44:20 +0100 BÜRO-PC _ MESSAGE Database refreshed successfully
2012/03/21 19:44:20 +0100 BÜRO-PC _ MESSAGE Starting IP protection
2012/03/21 19:44:21 +0100 BÜRO-PC _ MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/03/22 01:43:19 +0100 BÜRO-PC _ MESSAGE Executing scheduled update: Daily
2012/03/22 01:43:26 +0100 BÜRO-PC _ MESSAGE Starting database refresh
2012/03/22 01:43:26 +0100 BÜRO-PC _ MESSAGE Scheduled update executed successfully: database updated from version v2012.03.21.05 to version v2012.03.21.07
2012/03/22 01:43:26 +0100 BÜRO-PC _ MESSAGE Stopping IP protection
2012/03/22 01:43:29 +0100 BÜRO-PC _ MESSAGE IP Protection stopped
2012/03/22 01:43:41 +0100 BÜRO-PC _ MESSAGE Database refreshed successfully
2012/03/22 01:43:41 +0100 BÜRO-PC _ MESSAGE Starting IP protection
2012/03/22 01:43:42 +0100 BÜRO-PC _ MESSAGE IP Protection started successfully
2012/03/22 08:54:52 +0100 BÜRO-PC _ DETECTION C:\Users\_\AppData\Local\Temp\0.009333690416431839.exe Trojan.Downloader.Gen QUARANTINE
2012/03/22 08:55:06 +0100 BÜRO-PC _ DETECTION C:\Users\_\AppData\Local\Temp\wpbt0.dll Trojan.Downloader.Gen QUARANTINE
2012/03/22 08:55:06 +0100 BÜRO-PC _ DETECTION C:\Users\_\AppData\Local\Temp\0.009333690416431839.exe Trojan.Downloader.Gen DENY
2012/03/22 18:11:42 +0100 BÜRO-PC _ MESSAGE Starting protection
2012/03/22 18:11:44 +0100 BÜRO-PC _ MESSAGE Protection started successfully
2012/03/22 18:11:47 +0100 BÜRO-PC _ MESSAGE Starting IP protection
2012/03/22 18:11:48 +0100 BÜRO-PC _ MESSAGE IP Protection started successfully
|
|
23.03.2012, 20:49
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus: Bundespolizei verlangt 100€ via UkashZitat:
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Funktioniert der normale Modus wieder?
__________________ --> Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash |
|
25.03.2012, 13:56
| #7 |
| | Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash Ja normaler Modus funktioniert wieder wie sonst auch. Gibt es sonst noch etwas zu tun? Danke |
|
25.03.2012, 15:41
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2012, 11:37
| #9 |
| | Trojaner/Virus: Bundespolizei verlangt 100€ via UkashCode:
ATTFilter OTL logfile created on: 28.03.2012 11:58:59 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\_\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 57,83% Memory free 4,23 Gb Paging File | 3,09 Gb Available in Paging File | 72,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 261,88 Gb Free Space | 58,75% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32 Drive H: | 1,90 Gb Total Space | 1,27 Gb Free Space | 66,85% Space Free | Partition Type: FAT Computer Name: BÜRO-PC | User Name: _ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\_\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe () PRC - C:\Programme\AVG Secure Search\vprot.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Iminent\IMBooster\IMBooster.exe (Iminent) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\EPSON\eEBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (No Company Name) ========== MOD - C:\Programme\AVG Secure Search\vprot.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll () MOD - C:\Programme\Iminent\IMBooster\Iminent.Windows.dll () MOD - C:\Programme\Iminent\IMBooster\Iminent.Workflow.dll () MOD - C:\Programme\Iminent\IMBooster\Iminent.Services.dll () MOD - C:\Programme\Iminent\IMBooster\Iminent.Business.TinyUrl.dll () MOD - C:\Programme\Iminent\IMBooster\Iminent.Booster.UI.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV - (vToolbarUpdater10.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe () SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (GoogleDesktopManager) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe (Google) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\eEBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (SaiHFF12) -- C:\Windows\System32\drivers\SaiHFF12.sys (Saitek) DRV - (SaiIFF12) Immersion's HID USB Driver (FF12) -- C:\Windows\System32\drivers\SaiIFF12.sys (Saitek) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (snpstd) -- C:\Windows\System32\drivers\snpstd.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={4A8470D9-B8B9-464E-B81A-4788FBA8D811}&mid=9e534bd068c747d1b5f7d154d4841b07-9e7c2e33955e8c62344338765a0459d397e3d818&lang=de&ds=tt014&pr=sa&d=2012-01-04 11:10:16&v=10.0.0.7&sap=hp IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100471&mntrId=2a21be6200000000000000ff635b33a1 IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={4A8470D9-B8B9-464E-B81A-4788FBA8D811}&mid=9e534bd068c747d1b5f7d154d4841b07-9e7c2e33955e8c62344338765a0459d397e3d818&lang=de&ds=tt014&pr=sa&d=2012-01-04 11:10:16&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb110/?search={searchTerms}&loc=IB_DS&a=6R8em7GEtr&i=26 IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{FCA53845-0B1E-4C74-880C-F86EAD5FBBDE}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.02.25 14:28:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 08:43:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 22:09:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de [2011.11.23 11:31:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008.08.29 07:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_\AppData\Roaming\mozilla\Extensions [2012.03.09 15:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions [2010.05.02 15:15:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.16 14:41:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.02.11 23:20:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.27 11:33:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.08.13 12:06:54 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.01.04 12:10:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\avg@toolbar [2012.01.09 20:06:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com [2011.11.23 11:31:59 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de [2011.07.17 18:09:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com [2011.12.19 19:23:14 | 000,000,933 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\11-suche.xml [2012.02.09 13:38:24 | 000,000,931 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\conduit.xml [2011.12.19 19:23:14 | 000,002,419 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\englische-ergebnisse.xml [2011.12.19 19:23:14 | 000,010,525 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\gmx-suche.xml [2011.12.19 19:23:14 | 000,002,457 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\lastminute.xml [2011.12.20 22:10:50 | 000,002,203 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\MyStart Search.xml [2011.12.19 19:23:14 | 000,005,508 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\webde-suche.xml [2012.03.28 11:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.10 12:03:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.03.28 11:40:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.12.20 20:00:27 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com () (No name found) -- C:\USERS\_\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZABKHOQD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\_\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZABKHOQD.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.03.22 08:43:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.28 11:40:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.11 12:36:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.14 09:01:15 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011.08.13 12:06:37 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.10.11 12:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.11 12:36:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.07.16 19:44:21 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011.10.11 12:36:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.11 12:36:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.11 12:36:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003..\Run: [EPSON SX600FW Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE (SEIKO EPSON CORPORATION) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\_\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{635B33A1-C0AE-4FEB-AE84-5A253A778F76}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B80813-539B-45FD-8187-DBEF372A99DD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\_\Bernds Dateien\CIMG1696.JPG O24 - Desktop BackupWallPaper: C:\Users\_\Bernds Dateien\CIMG1696.JPG O27 - HKLM IFEO\googledesktop.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\googledesktopdisplay.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\Shell - "" = AutoRun O33 - MountPoints2\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\Shell\AutoRun\command - "" = F:\Launcher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.28 11:57:58 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\_\Desktop\OTL.exe [2012.03.28 11:40:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.03.21 21:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.21 21:32:29 | 002,322,184 | ---- | C] (ESET) -- C:\Users\_\Desktop\esetsmartinstaller_enu.exe [2012.03.21 19:04:36 | 000,000,000 | ---D | C] -- C:\Users\_\AppData\Roaming\Malwarebytes [2012.03.21 19:04:29 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.21 19:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.21 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.21 19:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.21 19:01:03 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\_\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.05 19:36:29 | 000,000,000 | ---D | C] -- C:\Users\_\Desktop\Converse [1 C:\Users\_\Desktop\*.tmp files -> C:\Users\_\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.28 11:58:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\_\Desktop\OTL.exe [2012.03.28 11:04:28 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.28 11:04:28 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.28 11:04:28 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.28 11:04:28 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.28 10:58:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.28 10:58:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.28 10:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.25 23:58:18 | 000,041,711 | ---- | M] () -- C:\Users\_\Desktop\Praktikum013.pdf [2012.03.25 23:09:56 | 000,002,623 | ---- | M] () -- C:\Users\_\Desktop\Microsoft Word.lnk [2012.03.21 21:32:50 | 002,322,184 | ---- | M] (ESET) -- C:\Users\_\Desktop\esetsmartinstaller_enu.exe [2012.03.21 19:17:43 | 000,001,356 | ---- | M] () -- C:\Users\_\AppData\Local\d3d9caps.dat [2012.03.21 19:04:30 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.21 19:02:47 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\_\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.18 17:32:21 | 000,352,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\_\Desktop\*.tmp files -> C:\Users\_\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.25 23:58:18 | 000,041,711 | ---- | C] () -- C:\Users\_\Desktop\Praktikum013.pdf [2012.03.21 19:04:30 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.16 16:13:30 | 000,001,356 | ---- | C] () -- C:\Users\_\AppData\Local\d3d9caps.dat [2012.02.21 14:39:07 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.11.23 11:31:56 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2011.09.10 13:43:22 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.09.10 13:42:52 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.09.10 13:42:43 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.11.22 23:45:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2011.09.11 13:58:19 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\.minecraft [2008.03.09 17:12:07 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\ASCON Installer [2008.03.09 17:13:47 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\ASCON Programme [2011.08.13 12:06:36 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Babylon [2008.02.09 19:28:44 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Buhl Data Service GmbH [2011.11.23 12:49:29 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Canneverbe Limited [2011.07.18 22:48:50 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\DAEMON Tools Lite [2012.02.11 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\DVDVideoSoft [2012.02.11 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\DVDVideoSoftIEHelpers [2008.11.09 15:31:23 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Epson [2011.08.17 19:49:58 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\GetRightToGo [2011.09.12 22:15:50 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\go [2011.09.10 13:37:32 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Leadertech [2011.11.21 21:43:58 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\PunkBuster [2012.02.21 15:51:42 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Sierra [2011.01.15 22:13:55 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\TuneUp Software [2011.09.13 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Tunngle [2010.03.07 14:12:02 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Ulead Systems [2012.03.26 08:07:30 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.11 13:58:19 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\.minecraft [2008.02.09 18:40:21 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Adobe [2011.07.03 21:57:09 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Apple Computer [2008.03.09 17:12:07 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\ASCON Installer [2008.03.09 17:13:47 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\ASCON Programme [2011.03.31 20:07:37 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Avira [2011.08.13 12:06:36 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Babylon [2008.02.09 19:28:44 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Buhl Data Service GmbH [2011.11.23 12:49:29 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Canneverbe Limited [2008.10.18 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\CyberLink [2011.07.18 22:48:50 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\DAEMON Tools Lite [2012.02.11 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\DVDVideoSoft [2012.02.11 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\DVDVideoSoftIEHelpers [2008.11.09 15:31:23 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Epson [2011.08.17 19:49:58 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\GetRightToGo [2011.09.12 22:15:50 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\go [2008.02.13 08:23:33 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Google [2008.03.23 22:28:18 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Help [2008.02.09 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Identities [2008.11.03 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\InstallShield [2011.09.10 13:37:32 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Leadertech [2008.02.13 08:20:42 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Macromedia [2012.03.21 19:04:36 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Media Center Programs [2011.07.17 19:33:39 | 000,000,000 | --SD | M] -- C:\Users\_\AppData\Roaming\Microsoft [2008.08.29 07:18:05 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Mozilla [2008.02.09 17:17:49 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Nero [2008.10.18 10:29:52 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\NeroDigital™ [2011.11.21 21:43:58 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\PunkBuster [2011.01.15 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Real [2011.09.10 13:42:23 | 000,000,000 | RH-D | M] -- C:\Users\_\AppData\Roaming\SecuROM [2012.02.21 15:51:42 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Sierra [2012.02.14 00:27:43 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Skype [2011.11.02 23:04:55 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\skypePM [2011.01.15 22:13:55 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\TuneUp Software [2011.09.13 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Tunngle [2010.03.07 14:12:02 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\Ulead Systems [2011.07.18 20:50:26 | 000,000,000 | ---D | M] -- C:\Users\_\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2005.04.06 18:00:56 | 000,057,344 | ---- | M] (ASCON) -- C:\Users\_\AppData\Roaming\ASCON Installer\ASUNINST.EXE [2011.07.17 19:33:39 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\_\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe [2011.07.17 19:33:40 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\_\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe [2011.07.17 19:33:40 | 000,008,854 | R--- | M] () -- C:\Users\_\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe [2011.02.24 17:07:45 | 000,835,440 | ---- | M] () -- C:\Users\_\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.14 07:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 07:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 07:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.14 07:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys [2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Habe es, wie du es sagtest, gemacht Danke |
|
28.03.2012, 13:07
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={4A8470D9-B8B9-464E-B81A-4788FBA8D811}&mid=9e534bd068c747d1b5f7d154d4841b07-9e7c2e33955e8c62344338765a0459d397e3d818&lang=de&ds=tt014&pr=sa&d=2012-01-04 11:10:16&v=10.0.0.7&sap=hp
IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100471&mntrId=2a21be6200000000000000ff635b33a1
IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={4A8470D9-B8B9-464E-B81A-4788FBA8D811}&mid=9e534bd068c747d1b5f7d154d4841b07-9e7c2e33955e8c62344338765a0459d397e3d818&lang=de&ds=tt014&pr=sa&d=2012-01-04 11:10:16&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb110/?search={searchTerms}&loc=IB_DS&a=6R8em7GEtr&i=26
IE - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\SearchScopes\{FCA53845-0B1E-4C74-880C-F86EAD5FBBDE}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
[2010.05.02 15:15:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.16 14:41:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.01.09 20:06:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com
[2011.11.23 11:31:59 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de
[2011.07.17 18:09:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com
[2011.12.19 19:23:14 | 000,000,933 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\11-suche.xml
[2012.02.09 13:38:24 | 000,000,931 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\conduit.xml
[2011.12.19 19:23:14 | 000,010,525 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\gmx-suche.xml
[2011.12.19 19:23:14 | 000,002,457 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\lastminute.xml
[2011.12.20 22:10:50 | 000,002,203 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\MyStart Search.xml
[2011.12.19 19:23:14 | 000,005,508 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\webde-suche.xml
[2011.12.20 20:00:27 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com
[2011.08.13 12:06:37 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.07.16 19:44:21 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\Shell - "" = AutoRun
O33 - MountPoints2\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\Shell\AutoRun\command - "" = F:\Launcher.exe
:Files
C:\Users\_\AppData\Roaming\Babylon
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2012, 14:37
| #11 |
| | Trojaner/Virus: Bundespolizei verlangt 100€ via UkashCode:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1131015843-2301057675-3233949194-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1131015843-2301057675-3233949194-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
HKEY_USERS\S-1-5-21-1131015843-2301057675-3233949194-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1131015843-2301057675-3233949194-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1131015843-2301057675-3233949194-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1131015843-2301057675-3233949194-1003\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-1131015843-2301057675-3233949194-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1131015843-2301057675-3233949194-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1131015843-2301057675-3233949194-1003\Software\Microsoft\Internet Explorer\SearchScopes\{FCA53845-0B1E-4C74-880C-F86EAD5FBBDE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCA53845-0B1E-4C74-880C-F86EAD5FBBDE}\ not found.
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de\chrome\content\skin folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de\chrome\content folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de\chrome folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\11-suche.xml moved successfully.
C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\conduit.xml moved successfully.
C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\lastminute.xml moved successfully.
C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\MyStart Search.xml moved successfully.
C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\webde-suche.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\components_20 folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
C:\Programme\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Programme\Yontoo Layers\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
C:\Programme\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1131015843-2301057675-3233949194-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\ not found.
File F:\Launcher.exe not found.
========== FILES ==========
C:\Users\_\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: _
->Temp folder emptied: 777048551 bytes
->Temporary Internet Files folder emptied: 53358087 bytes
->Java cache emptied: 35668340 bytes
->FireFox cache emptied: 816517636 bytes
->Flash cache emptied: 47297 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1238617072 bytes
RecycleBin emptied: 3569057586 bytes
Total Files Cleaned = 6.190,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: _
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_153028
Files\Folders moved on Reboot...
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JETA11E.tmp not found!
C:\Windows\temp\JETB846.tmp moved successfully.
Registry entries deleted on Reboot...
So, das hat mir OTL nach dem Neustart angezeigt . War es das dann soweit? Danke |
|
29.03.2012, 15:06
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2012, 16:32
| #13 |
| | Trojaner/Virus: Bundespolizei verlangt 100€ via UkashCode:
ATTFilter 17:27:21.0482 2344 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:27:21.0820 2344 ============================================================
17:27:21.0820 2344 Current date / time: 2012/03/31 17:27:21.0820
17:27:21.0820 2344 SystemInfo:
17:27:21.0820 2344
17:27:21.0820 2344 OS Version: 6.0.6002 ServicePack: 2.0
17:27:21.0820 2344 Product type: Workstation
17:27:21.0820 2344 ComputerName: BÜRO-PC
17:27:21.0821 2344 UserName: _
17:27:21.0821 2344 Windows directory: C:\Windows
17:27:21.0821 2344 System windows directory: C:\Windows
17:27:21.0821 2344 Processor architecture: Intel x86
17:27:21.0821 2344 Number of processors: 2
17:27:21.0821 2344 Page size: 0x1000
17:27:21.0821 2344 Boot type: Normal boot
17:27:21.0821 2344 ============================================================
17:27:22.0275 2344 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:27:22.0319 2344 \Device\Harddisk0\DR0:
17:27:22.0319 2344 MBR used
17:27:22.0319 2344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37B8418F
17:27:22.0341 2344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x37B8420D, BlocksNum 0x2800A34
17:27:22.0373 2344 Initialize success
17:27:22.0373 2344 ============================================================
17:28:34.0526 3624 ============================================================
17:28:34.0526 3624 Scan started
17:28:34.0526 3624 Mode: Manual; SigCheck; TDLFS;
17:28:34.0526 3624 ============================================================
17:28:35.0760 3624 3xHybrid (651c54ac4ec5c5397c5aff5d575ca45b) C:\Windows\system32\DRIVERS\3xHybrid.sys
17:28:35.0947 3624 3xHybrid - ok
17:28:36.0019 3624 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:28:36.0033 3624 ACPI - ok
17:28:36.0071 3624 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:28:36.0094 3624 adp94xx - ok
17:28:36.0145 3624 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:28:36.0158 3624 adpahci - ok
17:28:36.0178 3624 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:28:36.0188 3624 adpu160m - ok
17:28:36.0208 3624 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:28:36.0218 3624 adpu320 - ok
17:28:36.0253 3624 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:28:36.0407 3624 AeLookupSvc - ok
17:28:36.0441 3624 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:28:36.0512 3624 AFD - ok
17:28:36.0546 3624 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:28:36.0554 3624 agp440 - ok
17:28:36.0583 3624 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:28:36.0592 3624 aic78xx - ok
17:28:36.0632 3624 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:28:36.0805 3624 ALG - ok
17:28:36.0843 3624 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
17:28:36.0851 3624 aliide - ok
17:28:36.0874 3624 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:28:36.0882 3624 amdagp - ok
17:28:36.0890 3624 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
17:28:36.0899 3624 amdide - ok
17:28:36.0926 3624 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:28:37.0081 3624 AmdK7 - ok
17:28:37.0097 3624 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:28:37.0160 3624 AmdK8 - ok
17:28:37.0227 3624 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:28:37.0240 3624 AntiVirSchedulerService - ok
17:28:37.0266 3624 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:28:37.0274 3624 AntiVirService - ok
17:28:37.0320 3624 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:28:37.0380 3624 Appinfo - ok
17:28:37.0400 3624 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:28:37.0408 3624 arc - ok
17:28:37.0444 3624 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:28:37.0453 3624 arcsas - ok
17:28:37.0497 3624 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:28:37.0536 3624 AsyncMac - ok
17:28:37.0565 3624 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:28:37.0573 3624 atapi - ok
17:28:37.0618 3624 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:28:37.0649 3624 AudioEndpointBuilder - ok
17:28:37.0674 3624 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:28:37.0691 3624 Audiosrv - ok
17:28:37.0736 3624 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
17:28:37.0741 3624 avgio - ok
17:28:37.0778 3624 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
17:28:37.0787 3624 avgntflt - ok
17:28:37.0813 3624 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
17:28:37.0822 3624 avipbb - ok
17:28:37.0848 3624 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:28:37.0895 3624 Beep - ok
17:28:37.0941 3624 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:28:37.0981 3624 BFE - ok
17:28:38.0053 3624 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:28:38.0131 3624 BITS - ok
17:28:38.0140 3624 blbdrive - ok
17:28:38.0178 3624 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:28:38.0203 3624 bowser - ok
17:28:38.0253 3624 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:28:38.0280 3624 BrFiltLo - ok
17:28:38.0310 3624 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:28:38.0355 3624 BrFiltUp - ok
17:28:38.0390 3624 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:28:38.0441 3624 Browser - ok
17:28:38.0473 3624 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:28:38.0519 3624 Brserid - ok
17:28:38.0547 3624 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:28:38.0581 3624 BrSerWdm - ok
17:28:38.0599 3624 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:28:38.0640 3624 BrUsbMdm - ok
17:28:38.0657 3624 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:28:38.0709 3624 BrUsbSer - ok
17:28:38.0733 3624 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:28:38.0786 3624 BTHMODEM - ok
17:28:38.0823 3624 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:28:38.0861 3624 cdfs - ok
17:28:38.0887 3624 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:28:38.0938 3624 cdrom - ok
17:28:38.0988 3624 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:28:39.0024 3624 CertPropSvc - ok
17:28:39.0050 3624 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:28:39.0097 3624 circlass - ok
17:28:39.0126 3624 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:28:39.0137 3624 CLFS - ok
17:28:39.0195 3624 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:28:39.0203 3624 clr_optimization_v2.0.50727_32 - ok
17:28:39.0265 3624 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:28:39.0306 3624 clr_optimization_v4.0.30319_32 - ok
17:28:39.0331 3624 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
17:28:39.0339 3624 cmdide - ok
17:28:39.0361 3624 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:28:39.0369 3624 Compbatt - ok
17:28:39.0376 3624 COMSysApp - ok
17:28:39.0388 3624 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:28:39.0396 3624 crcdisk - ok
17:28:39.0416 3624 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:28:39.0464 3624 Crusoe - ok
17:28:39.0489 3624 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
17:28:39.0523 3624 CryptSvc - ok
17:28:39.0581 3624 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:28:39.0656 3624 DcomLaunch - ok
17:28:39.0712 3624 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:28:39.0739 3624 DfsC - ok
17:28:39.0848 3624 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:28:39.0990 3624 DFSR - ok
17:28:40.0030 3624 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:28:40.0071 3624 Dhcp - ok
17:28:40.0114 3624 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:28:40.0122 3624 disk - ok
17:28:40.0170 3624 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:28:40.0219 3624 Dnscache - ok
17:28:40.0248 3624 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:28:40.0287 3624 dot3svc - ok
17:28:40.0317 3624 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:28:40.0356 3624 DPS - ok
17:28:40.0391 3624 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:28:40.0422 3624 drmkaud - ok
17:28:40.0458 3624 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:28:40.0467 3624 dtsoftbus01 - ok
17:28:40.0501 3624 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:28:40.0543 3624 DXGKrnl - ok
17:28:40.0598 3624 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:28:40.0658 3624 E1G60 - ok
17:28:40.0691 3624 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:28:40.0707 3624 EapHost - ok
17:28:40.0757 3624 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:28:40.0766 3624 Ecache - ok
17:28:40.0827 3624 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:28:40.0844 3624 ehRecvr - ok
17:28:40.0870 3624 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:28:40.0902 3624 ehSched - ok
17:28:40.0908 3624 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:28:40.0929 3624 ehstart - ok
17:28:40.0980 3624 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:28:40.0993 3624 elxstor - ok
17:28:41.0038 3624 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:28:41.0124 3624 EMDMgmt - ok
17:28:41.0174 3624 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
17:28:41.0185 3624 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
17:28:41.0185 3624 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
17:28:41.0242 3624 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
17:28:41.0256 3624 EPSON_EB_RPCV4_01 - ok
17:28:41.0272 3624 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
17:28:41.0291 3624 EPSON_PM_RPCV4_01 - ok
17:28:41.0317 3624 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:28:41.0357 3624 EventSystem - ok
17:28:41.0442 3624 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:28:41.0497 3624 exfat - ok
17:28:41.0536 3624 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:28:41.0553 3624 fastfat - ok
17:28:41.0612 3624 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:28:41.0658 3624 fdc - ok
17:28:41.0678 3624 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:28:41.0697 3624 fdPHost - ok
17:28:41.0722 3624 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:28:41.0767 3624 FDResPub - ok
17:28:41.0792 3624 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:28:41.0800 3624 FileInfo - ok
17:28:41.0840 3624 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:28:41.0872 3624 Filetrace - ok
17:28:41.0993 3624 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
17:28:42.0099 3624 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
17:28:42.0099 3624 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
17:28:42.0181 3624 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:28:42.0234 3624 flpydisk - ok
17:28:42.0259 3624 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:28:42.0271 3624 FltMgr - ok
17:28:42.0370 3624 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:28:42.0436 3624 FontCache - ok
17:28:42.0504 3624 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:28:42.0511 3624 FontCache3.0.0.0 - ok
17:28:42.0532 3624 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:28:42.0554 3624 Fs_Rec - ok
17:28:42.0573 3624 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:28:42.0581 3624 gagp30kx - ok
17:28:42.0625 3624 GnabService (51b2d8629e1a0f463682f365d56325cb) c:\program files\common files\gnab\service\servicecontroller.exe
17:28:42.0647 3624 GnabService ( UnsignedFile.Multi.Generic ) - warning
17:28:42.0647 3624 GnabService - detected UnsignedFile.Multi.Generic (1)
17:28:42.0692 3624 GoogleDesktopManager (4a381768fcaf9096ec96a29f9602a3ed) C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
17:28:42.0716 3624 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning
17:28:42.0716 3624 GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)
17:28:42.0764 3624 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:28:42.0847 3624 gpsvc - ok
17:28:42.0875 3624 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:28:42.0926 3624 HdAudAddService - ok
17:28:42.0974 3624 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:28:43.0026 3624 HDAudBus - ok
17:28:43.0041 3624 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:28:43.0087 3624 HidBth - ok
17:28:43.0098 3624 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:28:43.0139 3624 HidIr - ok
17:28:43.0176 3624 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:28:43.0218 3624 hidserv - ok
17:28:43.0242 3624 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:28:43.0262 3624 HidUsb - ok
17:28:43.0290 3624 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:28:43.0322 3624 hkmsvc - ok
17:28:43.0351 3624 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:28:43.0358 3624 HpCISSs - ok
17:28:43.0392 3624 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:28:43.0431 3624 HTTP - ok
17:28:43.0452 3624 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:28:43.0459 3624 i2omp - ok
17:28:43.0502 3624 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:28:43.0527 3624 i8042prt - ok
17:28:43.0570 3624 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:28:43.0581 3624 iaStorV - ok
17:28:43.0668 3624 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:28:43.0684 3624 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:28:43.0684 3624 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:28:43.0767 3624 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:28:43.0802 3624 idsvc - ok
17:28:43.0829 3624 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:28:43.0837 3624 iirsp - ok
17:28:43.0868 3624 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:28:43.0903 3624 IKEEXT - ok
17:28:43.0983 3624 IntcAzAudAddService (56661beae591e59067710b6cbca78184) C:\Windows\system32\drivers\RTKVHDA.sys
17:28:44.0178 3624 IntcAzAudAddService - ok
17:28:44.0214 3624 intelide (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
17:28:44.0222 3624 intelide - ok
17:28:44.0268 3624 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:28:44.0304 3624 intelppm - ok
17:28:44.0337 3624 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:28:44.0373 3624 IPBusEnum - ok
17:28:44.0402 3624 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:28:44.0439 3624 IpFilterDriver - ok
17:28:44.0486 3624 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:28:44.0524 3624 iphlpsvc - ok
17:28:44.0533 3624 IpInIp - ok
17:28:44.0555 3624 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:28:44.0601 3624 IPMIDRV - ok
17:28:44.0648 3624 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:28:44.0687 3624 IPNAT - ok
17:28:44.0731 3624 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:28:44.0768 3624 IRENUM - ok
17:28:44.0800 3624 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:28:44.0808 3624 isapnp - ok
17:28:44.0855 3624 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:28:44.0866 3624 iScsiPrt - ok
17:28:44.0883 3624 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:28:44.0890 3624 iteatapi - ok
17:28:44.0904 3624 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:28:44.0911 3624 iteraid - ok
17:28:44.0939 3624 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:28:44.0947 3624 kbdclass - ok
17:28:44.0983 3624 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:28:45.0012 3624 kbdhid - ok
17:28:45.0038 3624 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:28:45.0070 3624 KeyIso - ok
17:28:45.0099 3624 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:28:45.0115 3624 KSecDD - ok
17:28:45.0173 3624 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:28:45.0235 3624 KtmRm - ok
17:28:45.0308 3624 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:28:45.0355 3624 LanmanServer - ok
17:28:45.0396 3624 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:28:45.0427 3624 LanmanWorkstation - ok
17:28:45.0456 3624 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:28:45.0489 3624 lltdio - ok
17:28:45.0542 3624 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:28:45.0586 3624 lltdsvc - ok
17:28:45.0625 3624 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:28:45.0673 3624 lmhosts - ok
17:28:45.0706 3624 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:28:45.0714 3624 LSI_FC - ok
17:28:45.0726 3624 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:28:45.0734 3624 LSI_SAS - ok
17:28:45.0757 3624 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:28:45.0766 3624 LSI_SCSI - ok
17:28:45.0794 3624 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:28:45.0847 3624 luafv - ok
17:28:45.0905 3624 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
17:28:45.0912 3624 MBAMProtector - ok
17:28:45.0971 3624 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:28:46.0004 3624 MBAMService - ok
17:28:46.0032 3624 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:28:46.0055 3624 Mcx2Svc - ok
17:28:46.0087 3624 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:28:46.0095 3624 megasas - ok
17:28:46.0116 3624 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:28:46.0151 3624 MMCSS - ok
17:28:46.0182 3624 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:28:46.0214 3624 Modem - ok
17:28:46.0263 3624 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:28:46.0298 3624 monitor - ok
17:28:46.0333 3624 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:28:46.0341 3624 mouclass - ok
17:28:46.0368 3624 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:28:46.0399 3624 mouhid - ok
17:28:46.0418 3624 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:28:46.0426 3624 MountMgr - ok
17:28:46.0453 3624 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:28:46.0462 3624 mpio - ok
17:28:46.0486 3624 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:28:46.0513 3624 mpsdrv - ok
17:28:46.0557 3624 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:28:46.0598 3624 MpsSvc - ok
17:28:46.0642 3624 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:28:46.0650 3624 Mraid35x - ok
17:28:46.0685 3624 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:28:46.0698 3624 MRxDAV - ok
17:28:46.0720 3624 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:28:46.0754 3624 mrxsmb - ok
17:28:46.0792 3624 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:28:46.0805 3624 mrxsmb10 - ok
17:28:46.0825 3624 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:28:46.0856 3624 mrxsmb20 - ok
17:28:46.0898 3624 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
17:28:46.0906 3624 msahci - ok
17:28:46.0937 3624 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:28:46.0945 3624 msdsm - ok
17:28:46.0968 3624 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:28:46.0990 3624 MSDTC - ok
17:28:47.0022 3624 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:28:47.0053 3624 Msfs - ok
17:28:47.0096 3624 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:28:47.0104 3624 msisadrv - ok
17:28:47.0126 3624 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:28:47.0163 3624 MSiSCSI - ok
17:28:47.0171 3624 msiserver - ok
17:28:47.0200 3624 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:28:47.0229 3624 MSKSSRV - ok
17:28:47.0278 3624 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:28:47.0308 3624 MSPCLOCK - ok
17:28:47.0316 3624 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:28:47.0360 3624 MSPQM - ok
17:28:47.0383 3624 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:28:47.0394 3624 MsRPC - ok
17:28:47.0416 3624 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:28:47.0423 3624 mssmbios - ok
17:28:47.0442 3624 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:28:47.0468 3624 MSTEE - ok
17:28:47.0492 3624 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:28:47.0500 3624 Mup - ok
17:28:47.0526 3624 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:28:47.0564 3624 napagent - ok
17:28:47.0603 3624 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:28:47.0621 3624 NativeWifiP - ok
17:28:47.0671 3624 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:28:47.0705 3624 NDIS - ok
17:28:47.0757 3624 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:28:47.0787 3624 NdisTapi - ok
17:28:47.0830 3624 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:28:47.0867 3624 Ndisuio - ok
17:28:47.0890 3624 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:28:47.0921 3624 NdisWan - ok
17:28:47.0945 3624 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:28:47.0974 3624 NDProxy - ok
17:28:48.0059 3624 Nero BackItUp Scheduler 3 (c5052fb77aa42ed440f9f6b4e37145a9) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:28:48.0113 3624 Nero BackItUp Scheduler 3 - ok
17:28:48.0133 3624 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:28:48.0152 3624 NetBIOS - ok
17:28:48.0220 3624 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:28:48.0249 3624 netbt - ok
17:28:48.0299 3624 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:28:48.0310 3624 Netlogon - ok
17:28:48.0340 3624 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:28:48.0366 3624 Netman - ok
17:28:48.0396 3624 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:28:48.0430 3624 netprofm - ok
17:28:48.0482 3624 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
17:28:48.0543 3624 netr28u - ok
17:28:48.0606 3624 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:28:48.0614 3624 NetTcpPortSharing - ok
17:28:48.0647 3624 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:28:48.0654 3624 nfrd960 - ok
17:28:48.0674 3624 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:28:48.0711 3624 NlaSvc - ok
17:28:48.0772 3624 NMIndexingService (74149bcf0307bb76d68c0f8912df731c) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:28:48.0788 3624 NMIndexingService - ok
17:28:48.0817 3624 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:28:48.0857 3624 Npfs - ok
17:28:48.0886 3624 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:28:48.0913 3624 nsi - ok
17:28:48.0940 3624 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:28:48.0977 3624 nsiproxy - ok
17:28:49.0036 3624 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:28:49.0077 3624 Ntfs - ok
17:28:49.0115 3624 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:28:49.0165 3624 ntrigdigi - ok
17:28:49.0203 3624 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:28:49.0236 3624 Null - ok
17:28:49.0306 3624 NVENETFD (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:28:49.0345 3624 NVENETFD - ok
17:28:49.0552 3624 nvlddmkm (c5823e05f760ff5b4c698752b1b8030d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:28:50.0153 3624 nvlddmkm - ok
17:28:50.0181 3624 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:28:50.0190 3624 nvraid - ok
17:28:50.0233 3624 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
17:28:50.0272 3624 nvsmu - ok
17:28:50.0299 3624 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
17:28:50.0307 3624 nvstor - ok
17:28:50.0333 3624 nvstor32 (4876e7c3184bdf50ede043fef616b867) C:\Windows\system32\DRIVERS\nvstor32.sys
17:28:50.0339 3624 nvstor32 - ok
17:28:50.0356 3624 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:28:50.0365 3624 nv_agp - ok
17:28:50.0374 3624 NwlnkFlt - ok
17:28:50.0384 3624 NwlnkFwd - ok
17:28:50.0410 3624 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:28:50.0426 3624 ohci1394 - ok
17:28:50.0477 3624 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:28:50.0593 3624 p2pimsvc - ok
17:28:50.0605 3624 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:28:50.0655 3624 p2psvc - ok
17:28:50.0702 3624 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:28:50.0740 3624 Parport - ok
17:28:50.0770 3624 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:28:50.0778 3624 partmgr - ok
17:28:50.0797 3624 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:28:50.0848 3624 Parvdm - ok
17:28:50.0877 3624 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:28:50.0910 3624 PcaSvc - ok
17:28:50.0922 3624 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:28:50.0933 3624 pci - ok
17:28:50.0967 3624 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:28:50.0975 3624 pciide - ok
17:28:50.0996 3624 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:28:51.0006 3624 pcmcia - ok
17:28:51.0070 3624 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:28:51.0192 3624 PEAUTH - ok
17:28:51.0260 3624 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:28:51.0370 3624 pla - ok
17:28:51.0446 3624 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:28:51.0478 3624 PlugPlay - ok
17:28:51.0535 3624 PnkBstrA (1713d9de407313138118d501b0e3c05b) C:\Windows\system32\PnkBstrA.exe
17:28:51.0543 3624 PnkBstrA - ok
17:28:51.0586 3624 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:28:51.0606 3624 PNRPAutoReg - ok
17:28:51.0641 3624 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:28:51.0661 3624 PNRPsvc - ok
17:28:51.0709 3624 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:28:51.0758 3624 PolicyAgent - ok
17:28:51.0832 3624 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:28:51.0866 3624 PptpMiniport - ok
17:28:51.0906 3624 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:28:51.0953 3624 Processor - ok
17:28:51.0981 3624 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:28:52.0006 3624 ProfSvc - ok
17:28:52.0027 3624 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:28:52.0047 3624 ProtectedStorage - ok
17:28:52.0071 3624 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:28:52.0101 3624 PSched - ok
17:28:52.0154 3624 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:28:52.0191 3624 ql2300 - ok
17:28:52.0219 3624 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:28:52.0231 3624 ql40xx - ok
17:28:52.0262 3624 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:28:52.0275 3624 QWAVE - ok
17:28:52.0300 3624 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:28:52.0330 3624 QWAVEdrv - ok
17:28:52.0359 3624 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:28:52.0379 3624 RasAcd - ok
17:28:52.0413 3624 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:28:52.0448 3624 RasAuto - ok
17:28:52.0480 3624 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:28:52.0506 3624 Rasl2tp - ok
17:28:52.0544 3624 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:28:52.0570 3624 RasMan - ok
17:28:52.0595 3624 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:28:52.0618 3624 RasPppoe - ok
17:28:52.0632 3624 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:28:52.0643 3624 RasSstp - ok
17:28:52.0678 3624 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:28:52.0695 3624 rdbss - ok
17:28:52.0728 3624 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:28:52.0756 3624 RDPCDD - ok
17:28:52.0804 3624 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:28:52.0858 3624 rdpdr - ok
17:28:52.0889 3624 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:28:52.0919 3624 RDPENCDD - ok
17:28:52.0950 3624 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
17:28:52.0990 3624 RDPWD - ok
17:28:53.0033 3624 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:28:53.0067 3624 RemoteAccess - ok
17:28:53.0116 3624 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:28:53.0133 3624 RemoteRegistry - ok
17:28:53.0148 3624 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:28:53.0189 3624 RpcLocator - ok
17:28:53.0237 3624 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:28:53.0276 3624 RpcSs - ok
17:28:53.0320 3624 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:28:53.0355 3624 rspndr - ok
17:28:53.0403 3624 SaiHFF12 (de7a2fc379671998865122a08fd9db52) C:\Windows\system32\DRIVERS\SaiHFF12.sys
17:28:53.0411 3624 SaiHFF12 - ok
17:28:53.0431 3624 SaiIFF12 (ec45ab6754e931e4335a99933da133f5) C:\Windows\system32\DRIVERS\SaiIFF12.sys
17:28:53.0465 3624 SaiIFF12 - ok
17:28:53.0485 3624 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:28:53.0496 3624 SamSs - ok
17:28:53.0530 3624 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:28:53.0538 3624 sbp2port - ok
17:28:53.0579 3624 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:28:53.0596 3624 SCardSvr - ok
17:28:53.0644 3624 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:28:53.0764 3624 Schedule - ok
17:28:53.0799 3624 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:28:53.0813 3624 SCPolicySvc - ok
17:28:53.0844 3624 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:28:53.0892 3624 SDRSVC - ok
17:28:53.0911 3624 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:28:53.0975 3624 secdrv - ok
17:28:54.0004 3624 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:28:54.0024 3624 seclogon - ok
17:28:54.0039 3624 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:28:54.0060 3624 SENS - ok
17:28:54.0084 3624 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
17:28:54.0103 3624 Serenum - ok
17:28:54.0139 3624 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
17:28:54.0164 3624 Serial - ok
17:28:54.0211 3624 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:28:54.0231 3624 sermouse - ok
17:28:54.0273 3624 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:28:54.0295 3624 SessionEnv - ok
17:28:54.0313 3624 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
17:28:54.0344 3624 sffdisk - ok
17:28:54.0361 3624 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
17:28:54.0376 3624 sffp_mmc - ok
17:28:54.0397 3624 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
17:28:54.0406 3624 sffp_sd - ok
17:28:54.0437 3624 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
17:28:54.0456 3624 sfloppy - ok
17:28:54.0495 3624 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:28:54.0517 3624 SharedAccess - ok
17:28:54.0547 3624 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:28:54.0591 3624 ShellHWDetection - ok
17:28:54.0631 3624 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:28:54.0639 3624 sisagp - ok
17:28:54.0658 3624 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:28:54.0666 3624 SiSRaid2 - ok
17:28:54.0679 3624 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:28:54.0688 3624 SiSRaid4 - ok
17:28:54.0785 3624 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:28:54.0924 3624 slsvc - ok
17:28:54.0968 3624 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:28:54.0991 3624 SLUINotify - ok
17:28:55.0021 3624 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:28:55.0036 3624 Smb - ok
17:28:55.0064 3624 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:28:55.0075 3624 SNMPTRAP - ok
17:28:55.0126 3624 snpstd (d08d19ee68cb88ab1bc5da3081505847) C:\Windows\system32\DRIVERS\snpstd.sys
17:28:55.0147 3624 snpstd - ok
17:28:55.0177 3624 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:28:55.0184 3624 spldr - ok
17:28:55.0227 3624 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:28:55.0265 3624 Spooler - ok
17:28:55.0295 3624 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:28:55.0335 3624 srv - ok
17:28:55.0376 3624 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:28:55.0423 3624 srv2 - ok
17:28:55.0520 3624 srvcPVR (bf94a7553ef257d70cb2287bf7a3bce1) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
17:28:55.0616 3624 srvcPVR ( UnsignedFile.Multi.Generic ) - warning
17:28:55.0616 3624 srvcPVR - detected UnsignedFile.Multi.Generic (1)
17:28:55.0640 3624 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:28:55.0656 3624 srvnet - ok
17:28:55.0686 3624 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:28:55.0709 3624 SSDPSRV - ok
17:28:55.0735 3624 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:28:55.0740 3624 ssmdrv - ok
17:28:55.0789 3624 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:28:55.0818 3624 SstpSvc - ok
17:28:55.0865 3624 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:28:55.0936 3624 stisvc - ok
17:28:55.0987 3624 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:28:55.0995 3624 swenum - ok
17:28:56.0059 3624 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:28:56.0078 3624 swprv - ok
17:28:56.0106 3624 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:28:56.0113 3624 Symc8xx - ok
17:28:56.0152 3624 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:28:56.0159 3624 Sym_hi - ok
17:28:56.0188 3624 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:28:56.0196 3624 Sym_u3 - ok
17:28:56.0233 3624 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:28:56.0291 3624 SysMain - ok
17:28:56.0343 3624 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:28:56.0369 3624 TabletInputService - ok
17:28:56.0407 3624 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\Windows\system32\DRIVERS\tap0901t.sys
17:28:56.0453 3624 tap0901t ( UnsignedFile.Multi.Generic ) - warning
17:28:56.0453 3624 tap0901t - detected UnsignedFile.Multi.Generic (1)
17:28:56.0487 3624 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:28:56.0517 3624 TapiSrv - ok
17:28:56.0544 3624 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:28:56.0574 3624 TBS - ok
17:28:56.0625 3624 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:28:56.0664 3624 Tcpip - ok
17:28:56.0697 3624 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:28:56.0737 3624 Tcpip6 - ok
17:28:56.0784 3624 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:28:56.0825 3624 tcpipreg - ok
17:28:56.0879 3624 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:28:56.0919 3624 TDPIPE - ok
17:28:56.0937 3624 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:28:56.0998 3624 TDTCP - ok
17:28:57.0027 3624 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:28:57.0053 3624 tdx - ok
17:28:57.0092 3624 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:28:57.0101 3624 TermDD - ok
17:28:57.0132 3624 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:28:57.0190 3624 TermService - ok
17:28:57.0243 3624 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:28:57.0255 3624 Themes - ok
17:28:57.0288 3624 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:28:57.0308 3624 THREADORDER - ok
17:28:57.0320 3624 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:28:57.0344 3624 TrkWks - ok
17:28:57.0378 3624 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:28:57.0404 3624 TrustedInstaller - ok
17:28:57.0430 3624 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:28:57.0464 3624 tssecsrv - ok
17:28:57.0550 3624 TuneUp.UtilitiesSvc (876a1fe7a7ca957e84c3af797f2e7fc5) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
17:28:57.0609 3624 TuneUp.UtilitiesSvc - ok
17:28:57.0668 3624 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
17:28:57.0675 3624 TuneUpUtilitiesDrv - ok
17:28:57.0703 3624 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:28:57.0726 3624 tunmp - ok
17:28:57.0759 3624 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:28:57.0787 3624 tunnel - ok
17:28:57.0861 3624 TunngleService (f91b6bd00e3cb7213fd93689c81a8992) C:\Program Files\Tunngle\TnglCtrl.exe
17:28:57.0951 3624 TunngleService ( UnsignedFile.Multi.Generic ) - warning
17:28:57.0951 3624 TunngleService - detected UnsignedFile.Multi.Generic (1)
17:28:57.0981 3624 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:28:57.0989 3624 uagp35 - ok
17:28:58.0048 3624 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:28:58.0064 3624 udfs - ok
17:28:58.0101 3624 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:28:58.0121 3624 UI0Detect - ok
17:28:58.0139 3624 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:28:58.0147 3624 uliagpkx - ok
17:28:58.0169 3624 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:28:58.0181 3624 uliahci - ok
17:28:58.0201 3624 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:28:58.0210 3624 UlSata - ok
17:28:58.0228 3624 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:28:58.0238 3624 ulsata2 - ok
17:28:58.0259 3624 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:28:58.0288 3624 umbus - ok
17:28:58.0327 3624 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:28:58.0363 3624 upnphost - ok
17:28:58.0405 3624 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
17:28:58.0438 3624 usbaudio - ok
17:28:58.0468 3624 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:28:58.0494 3624 usbccgp - ok
17:28:58.0513 3624 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:28:58.0560 3624 usbcir - ok
17:28:58.0609 3624 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:28:58.0637 3624 usbehci - ok
17:28:58.0683 3624 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:28:58.0714 3624 usbhub - ok
17:28:58.0747 3624 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:28:58.0779 3624 usbohci - ok
17:28:58.0818 3624 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:28:58.0853 3624 usbprint - ok
17:28:58.0890 3624 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:28:58.0906 3624 usbscan - ok
17:28:58.0918 3624 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:28:58.0934 3624 USBSTOR - ok
17:28:58.0952 3624 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:28:58.0985 3624 usbuhci - ok
17:28:59.0028 3624 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:28:59.0065 3624 usbvideo - ok
17:28:59.0088 3624 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:28:59.0105 3624 UxSms - ok
17:28:59.0158 3624 UxTuneUp (907c6bce7a235b128a585040b5e7d319) C:\Windows\System32\uxtuneup.dll
17:28:59.0166 3624 UxTuneUp - ok
17:28:59.0206 3624 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:28:59.0258 3624 vds - ok
17:28:59.0284 3624 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:28:59.0336 3624 vga - ok
17:28:59.0370 3624 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:28:59.0389 3624 VgaSave - ok
17:28:59.0408 3624 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:28:59.0416 3624 viaagp - ok
17:28:59.0436 3624 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:28:59.0482 3624 ViaC7 - ok
17:28:59.0509 3624 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
17:28:59.0517 3624 viaide - ok
17:28:59.0552 3624 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:28:59.0560 3624 volmgr - ok
17:28:59.0582 3624 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:28:59.0595 3624 volmgrx - ok
17:28:59.0621 3624 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:28:59.0632 3624 volsnap - ok
17:28:59.0662 3624 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:28:59.0672 3624 vsmraid - ok
17:28:59.0707 3624 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:28:59.0745 3624 VSS - ok
17:28:59.0851 3624 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
17:28:59.0889 3624 vToolbarUpdater10.2.0 - ok
17:28:59.0926 3624 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:28:59.0955 3624 W32Time - ok
17:28:59.0973 3624 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:29:00.0021 3624 WacomPen - ok
17:29:00.0048 3624 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:29:00.0064 3624 Wanarp - ok
17:29:00.0067 3624 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:29:00.0083 3624 Wanarpv6 - ok
17:29:00.0109 3624 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:29:00.0156 3624 wcncsvc - ok
17:29:00.0185 3624 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:29:00.0219 3624 WcsPlugInService - ok
17:29:00.0280 3624 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:29:00.0288 3624 Wd - ok
17:29:00.0391 3624 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:29:00.0407 3624 Wdf01000 - ok
17:29:00.0432 3624 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:29:00.0468 3624 WdiServiceHost - ok
17:29:00.0472 3624 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:29:00.0493 3624 WdiSystemHost - ok
17:29:00.0522 3624 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:29:00.0538 3624 WebClient - ok
17:29:00.0570 3624 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:29:00.0628 3624 Wecsvc - ok
17:29:00.0669 3624 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:29:00.0700 3624 wercplsupport - ok
17:29:00.0739 3624 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:29:00.0770 3624 WerSvc - ok
17:29:00.0826 3624 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:29:00.0839 3624 WinDefend - ok
17:29:00.0847 3624 WinHttpAutoProxySvc - ok
17:29:00.0878 3624 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:29:00.0895 3624 Winmgmt - ok
17:29:00.0943 3624 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:29:01.0025 3624 WinRM - ok
17:29:01.0094 3624 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:29:01.0139 3624 Wlansvc - ok
17:29:01.0185 3624 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:29:01.0226 3624 WmiAcpi - ok
17:29:01.0253 3624 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:29:01.0269 3624 wmiApSrv - ok
17:29:01.0307 3624 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:29:01.0425 3624 WMPNetworkSvc - ok
17:29:01.0468 3624 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:29:01.0493 3624 WPCSvc - ok
17:29:01.0515 3624 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:29:01.0548 3624 WPDBusEnum - ok
17:29:01.0578 3624 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:29:01.0589 3624 WpdUsb - ok
17:29:01.0670 3624 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:29:01.0689 3624 WPFFontCache_v0400 - ok
17:29:01.0724 3624 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:29:01.0756 3624 ws2ifsl - ok
17:29:01.0787 3624 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:29:01.0812 3624 wscsvc - ok
17:29:01.0820 3624 WSearch - ok
17:29:01.0887 3624 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:29:01.0977 3624 wuauserv - ok
17:29:02.0024 3624 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:29:02.0059 3624 WUDFRd - ok
17:29:02.0114 3624 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:29:02.0135 3624 wudfsvc - ok
17:29:02.0162 3624 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
17:29:02.0169 3624 X10Hid - ok
17:29:02.0198 3624 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
17:29:02.0202 3624 x10nets ( UnsignedFile.Multi.Generic ) - warning
17:29:02.0202 3624 x10nets - detected UnsignedFile.Multi.Generic (1)
17:29:02.0247 3624 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
17:29:02.0256 3624 XUIF - ok
17:29:02.0308 3624 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:29:02.0388 3624 \Device\Harddisk0\DR0 - ok
17:29:02.0391 3624 Boot (0x1200) (65057d06e751ed002cd26451db2b72fc) \Device\Harddisk0\DR0\Partition0
17:29:02.0392 3624 \Device\Harddisk0\DR0\Partition0 - ok
17:29:02.0407 3624 Boot (0x1200) (35f0d4d4001a11f02adba35637b66ade) \Device\Harddisk0\DR0\Partition1
17:29:02.0408 3624 \Device\Harddisk0\DR0\Partition1 - ok
17:29:02.0408 3624 ============================================================
17:29:02.0408 3624 Scan finished
17:29:02.0408 3624 ============================================================
17:29:02.0417 3464 Detected object count: 9
17:29:02.0417 3464 Actual detected object count: 9
17:29:42.0967 3464 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:42.0968 3464 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:29:42.0968 3464 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:42.0968 3464 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:29:42.0969 3464 GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:42.0970 3464 GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:29:42.0971 3464 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:42.0971 3464 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:29:42.0973 3464 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:42.0973 3464 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:29:42.0974 3464 srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:42.0974 3464 srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:29:42.0976 3464 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:42.0976 3464 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:29:42.0979 3464 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:42.0979 3464 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:29:42.0979 3464 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:42.0979 3464 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
Danke |
|
02.04.2012, 10:35
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash |
| 0x00000001, avg secure search, avira, babylon, babylon toolbar, babylontoolbar, bho, black, cid, conduit, converter, dealply, desktop, error, excel, flash player, google, grand theft auto, home, iminent, incredibar, incredibar toolbar, incredibar.com, install.exe, intranet, jdownloader, logfile, montera, mozilla, mp3, mystart, nvstor.sys, object, plug-in, problem, realtek, registry, required, scan, secure search, security, security update, software, super, svchost.exe, trojaner, trojaner board, trojaner/virus, virus, vista, vtoolbarupdater, yontoo |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
