| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Win32.MediyesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.04.2012, 10:58
| #1 |
 |  Trojan.Win32.Mediyes Hallo! Kaspersky hat bei mir einen Trojaner (eigentlich 6 Stk) entdeckt: Trojan.Wind32.Mediyes der an folgender Datei dran hängt: C:\Windows\System32\aptw78cyn.dll. KIS erkennt sie zwar immer wieder mal beim hochfahren und schlägt vor sie zu desinfizieren aber das wars. Löschen kann ich sie nicht. Nach der Desinfektion ist sie aber wieder da. Malwarbyte und SUPERAntiSpyware finden den Trojaner gar nicht. Bitte um Hilfe wie ich den wieder loswerde! Danke schon mal im Voraus. LG Laurana Hallo, hab mit der free version von emsisoft einen complet scan durchgeführt, folgendes ist dabei herausgekommen: Emsisoft Anti-Malware v. 6.0.0.57 (C) 2003-2012 Emsisoft - Emsisoft Anti-Malware - Best antivirus and firewall to protect from viruses, bots, spyware, keyloggers, trojans, scareware and rootkits ID Object 0 Value: hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113} --> menutext Trace.Registry.seo toolbar!E1 1 Value: hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113} --> helptext Trace.Registry.seo toolbar!E1 2 c:\users\wienerblut\appdata\roaming\microst\ Trace.File.carberp!E1 3 Value: hkey_local_machine\software\microsoft\internet explorer\toolbar --> {ae07101b-46d4-4a98-af68-0333ea26e113} Trace.Registry.seo toolbar!E1 |
|
11.04.2012, 16:07
| #2 |
| /// Malware-holic   | Trojan.Win32.Mediyes hi
__________________1. öffne kaspersky, poste fundmeldungen 2. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
11.04.2012, 20:21
| #3 |
| | Trojan.Win32.Mediyes test test test
__________________hi 2. OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 4/11/2012 8:39:20 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\WIENERBLUT\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.54% Memory free 5.98 Gb Paging File | 3.85 Gb Available in Paging File | 64.33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356.17 Gb Total Space | 1151.13 Gb Free Space | 84.88% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 14.12 Gb Free Space | 35.29% Space Free | Partition Type: NTFS Computer Name: WIENERBLUT-PC | User Name: WIENERBLUT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/11 20:35:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/12 17:53:20 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe PRC - [2012/03/12 17:53:19 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012/03/07 23:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012/02/15 05:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012/02/15 05:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012/02/01 11:46:36 | 003,357,584 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe PRC - [2012/01/22 09:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe PRC - [2012/01/17 14:04:40 | 000,162,856 | ---- | M] (Nokia Corporation) -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\NokiaLink.exe PRC - [2012/01/17 13:16:56 | 001,556,864 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpEngine.exe PRC - [2012/01/03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011/12/14 13:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011/12/14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/04/11 17:17:41 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012/04/11 17:17:41 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012/04/07 17:02:52 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012/04/07 17:02:52 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012/03/12 17:53:19 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012/02/15 19:42:56 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll MOD - [2012/02/15 19:41:47 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll MOD - [2012/02/15 17:56:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll MOD - [2012/02/15 17:56:34 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll MOD - [2012/02/15 17:56:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/02/15 17:56:21 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll MOD - [2012/02/15 17:56:10 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/02/15 17:56:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/02/15 17:56:03 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll MOD - [2012/02/15 17:55:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012/02/15 17:55:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/15 17:55:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/15 17:55:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/02/14 23:13:24 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2012/01/17 14:04:56 | 000,315,944 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qtiff4.dll MOD - [2012/01/17 14:04:54 | 000,268,840 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qmng4.dll MOD - [2012/01/17 14:04:52 | 000,216,104 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qjpeg4.dll MOD - [2012/01/17 14:04:52 | 000,036,392 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qico4.dll MOD - [2012/01/17 14:04:50 | 000,298,536 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtXml4.dll MOD - [2012/01/17 14:04:50 | 000,032,808 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qgif4.dll MOD - [2012/01/17 14:04:48 | 001,250,856 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtScript4.dll MOD - [2012/01/17 14:04:48 | 000,169,512 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtSql4.dll MOD - [2012/01/17 14:04:46 | 006,768,168 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtGui4.dll MOD - [2012/01/17 14:04:46 | 000,855,080 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtNetwork4.dll MOD - [2012/01/17 14:04:44 | 002,096,680 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtDeclarative4.dll MOD - [2012/01/17 14:04:44 | 002,012,712 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtCore4.dll MOD - [2012/01/17 13:17:12 | 000,609,664 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpiTunes.dll MOD - [2012/01/17 13:17:10 | 001,167,232 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpWpdPlugin.dll MOD - [2012/01/17 13:17:08 | 000,621,952 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpWMP.dll MOD - [2012/01/17 13:17:00 | 000,593,280 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpMSLPG.dll MOD - [2012/01/17 13:17:00 | 000,519,040 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpImageParser.dll MOD - [2012/01/17 13:16:56 | 001,556,864 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpEngine.exe MOD - [2012/01/17 13:16:56 | 000,921,472 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpFileSystem.dll MOD - [2012/01/17 13:16:52 | 000,722,816 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpAVParser.dll MOD - [2012/01/17 13:16:50 | 000,470,912 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpAPI.dll MOD - [2011/10/13 18:43:34 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll MOD - [2011/10/13 18:42:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2011/03/02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010/05/12 15:13:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ========== Win32 Services (SafeList) ========== SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/30 17:01:10 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/23 02:44:58 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/03/12 17:53:20 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0) SRV - [2012/02/15 05:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012/01/22 09:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/12/14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/12/14 13:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011/12/14 05:57:44 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service) SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011/06/19 19:56:16 | 004,122,968 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010/11/25 23:07:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva351.sys -- (XDva351) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/02/15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012/02/15 04:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011/12/05 21:47:16 | 000,086,032 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011/11/02 11:13:28 | 000,034,768 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2011/11/02 11:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc) DRV - [2011/11/01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/11/01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011/11/01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/10/20 12:48:16 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2011/04/20 15:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011/03/10 19:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2010/05/06 11:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010/05/05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2010/04/27 18:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 18:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010/04/12 08:24:12 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2009/11/26 01:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009/11/02 21:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{13B6DECC-2E07-47FC-94F2-9B0929F674E3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=4506ca31-8013-473f-9b1b-71a0614bd86a&apn_sauid=41894784-7CDF-4CB5-BF8D-CDF6CD06F353 IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d60194296&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\..\SearchScopes\{338D09FC-E690-4F6A-96D7-E772C3A749B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7FF1ABD6-5043-4AFA-9773-61460CF44C12}&mid=66dc38181af047d18338bd2b2b69d7da-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2011-12-12 19:50:50&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.linkury.com" FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.8.0.8 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.0.8 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100009 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_US&apn_uid=4506ca31-8013-473f-9b1b-71a0614bd86a&apn_ptnrs=^AAA&apn_sauid=41894784-7CDF-4CB5-BF8D-CDF6CD06F353&apn_dtid=^YYYYYY^YY^AT&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/11 14:42:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/16 18:11:01 | 000,000,000 | ---D | M] [2011/10/01 01:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Extensions [2011/10/01 01:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2012/02/25 14:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions [2012/02/25 01:39:56 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012/02/15 22:49:22 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012/02/14 21:42:25 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011/12/21 14:02:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\ffxtlbr@babylon.com [2012/02/01 17:52:05 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\toolbar@ask.com [2012/04/11 20:20:08 | 000,002,404 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\askcom.xml [2011/07/24 15:30:04 | 000,000,931 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\conduit.xml [2012/02/25 01:25:49 | 000,002,412 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\Linkury Smartbar Search.xml [2012/01/04 18:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/10/18 19:53:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/11/12 02:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} () (No name found) -- C:\USERS\WIENERBLUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POLPNUPY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/02/11 14:42:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/12 17:53:18 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011/03/24 02:11:26 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011/12/21 06:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/08/02 00:48:02 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011/12/21 06:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2304157 CHR - default_search_provider: suggest_url = Conduit Search CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Modul zur Link-Untersuchung = C:\Users\WIENERBLUT\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsi Software GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Nokia Link] C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\NokiaLink.exe (Nokia Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/11 20:34:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe [2012/04/10 12:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012/04/10 12:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2012/04/10 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\Documents\Anti-Malware [2012/04/09 22:53:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/04/09 15:47:22 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\GameSpy [2012/04/09 06:37:52 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\UnknownApplicationVendor [2012/04/09 06:11:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE} [2012/04/09 02:32:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8} [2012/04/09 01:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura [2012/04/09 01:02:36 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012/04/09 01:02:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2012/04/09 00:57:16 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\Downloaded Installations [2012/04/09 00:21:54 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\Origin [2012/04/09 00:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012/04/09 00:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2012/04/07 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\Malwarebytes [2012/04/07 17:15:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/04/07 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/07 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/07 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/07 17:02:47 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\SUPERAntiSpyware.com [2012/04/07 17:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/04/07 17:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/04/07 17:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/03/28 22:46:19 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\Documents\Spartan [2012/03/26 18:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012/03/17 14:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012/03/17 14:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012/03/17 14:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT [2012/03/17 14:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2012/03/17 14:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012/03/15 23:30:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [89 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/11 20:35:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe [2012/04/11 20:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/11 19:48:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/11 19:48:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/11 17:21:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/11 17:21:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/11 17:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/11 17:14:10 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012/04/11 00:34:20 | 000,139,224 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012/04/10 23:45:38 | 000,183,152 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012/04/10 14:09:57 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/04/10 12:26:13 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/04/10 06:49:22 | 000,002,294 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/09 23:30:04 | 000,411,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/04/09 16:00:09 | 000,707,540 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/04/09 16:00:09 | 000,661,158 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/09 16:00:09 | 000,152,874 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/04/09 16:00:09 | 000,125,090 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/09 15:45:22 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Crysis Wars(R) Updates.job [2012/04/09 02:41:02 | 000,001,512 | ---- | M] () -- C:\Users\WIENERBLUT\Desktop\MWLL Launcher.lnk [2012/04/09 02:33:11 | 000,022,328 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\PnkBstrK.sys [2012/04/09 02:32:42 | 000,669,184 | ---- | M] () -- C:\Windows\System32\pbsvc.exe [2012/04/09 02:32:10 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Crysis Wars.lnk [2012/04/09 02:27:20 | 000,002,346 | ---- | M] () -- C:\Windows\System32\ealregsnapshot1.reg [2012/04/09 01:03:15 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012/04/09 00:21:45 | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012/04/09 00:09:00 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk [2012/04/07 17:02:25 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/03/30 23:34:58 | 000,042,088 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\11.04.08 Tanzaufführung.jpg [2012/03/30 23:32:23 | 000,629,190 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\PIC_0609 (2).JPG [2012/03/27 23:05:21 | 004,210,865 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\DSCF1501.JPG [2012/03/26 18:11:34 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012/03/19 00:35:31 | 000,066,342 | ---- | M] () -- C:\Users\WIENERBLUT\Desktop\ultimate-untot.htm [2012/03/17 14:05:21 | 000,002,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk [89 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/10 12:26:13 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/04/09 02:41:02 | 000,001,512 | ---- | C] () -- C:\Users\WIENERBLUT\Desktop\MWLL Launcher.lnk [2012/04/09 02:34:58 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\Crysis Wars(R) Updates.job [2012/04/09 02:32:10 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Crysis Wars.lnk [2012/04/09 00:57:42 | 000,002,346 | ---- | C] () -- C:\Windows\System32\ealregsnapshot1.reg [2012/04/09 00:21:45 | 000,000,669 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012/04/09 00:09:00 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk [2012/04/07 17:15:55 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/04/07 17:02:25 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/03/30 23:34:46 | 000,042,088 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\11.04.08 Tanzaufführung.jpg [2012/03/30 23:30:54 | 000,629,190 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\PIC_0609 (2).JPG [2012/03/30 16:11:48 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/27 22:58:41 | 004,210,865 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\DSCF1501.JPG [2012/03/26 18:11:34 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012/03/26 18:11:03 | 000,002,294 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/03/19 00:34:58 | 000,066,342 | ---- | C] () -- C:\Users\WIENERBLUT\Desktop\ultimate-untot.htm [2012/03/17 14:05:21 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk [2012/02/23 21:22:01 | 000,036,292 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Roaming\icarus-dxdiag.xml [2012/02/15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012/02/15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012/01/29 03:25:02 | 000,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012/01/29 03:24:40 | 000,183,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012/01/29 03:24:39 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012/01/29 03:24:38 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2012/01/10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011/12/23 19:07:02 | 000,017,408 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\WebpageIcons.db [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011/10/14 16:32:35 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011/07/29 02:09:53 | 000,007,605 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\Resmon.ResmonCfg [2011/03/11 13:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2011/02/28 19:40:33 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010/12/25 20:07:40 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010/12/25 20:07:40 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010/12/07 18:20:12 | 000,022,328 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Roaming\PnkBstrK.sys [2010/12/07 18:19:55 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2010/11/27 02:55:50 | 000,000,098 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\fusioncache.dat [2010/11/26 18:41:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/08/30 20:41:04 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010/08/30 20:33:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/08/30 20:11:24 | 000,000,018 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2010/08/30 11:46:44 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2010/05/12 15:13:56 | 000,707,540 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/05/12 15:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/05/12 15:13:56 | 000,152,874 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/05/12 15:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== LOP Check ========== [2011/07/01 17:11:01 | 000,000,000 | -HSD | M] -- C:\Users\WIENERBLUT\AppData\Roaming\.# [2011/04/30 02:00:39 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\BabylonToolbar [2012/04/11 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DesktopPlatform [2012/04/07 15:33:11 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DVDVideoSoft [2012/04/07 15:30:43 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DVDVideoSoftIEHelpers [2012/02/29 22:41:15 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Firefly Studios [2012/01/14 01:05:44 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\FOG Downloader [2011/10/08 20:21:37 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\go [2011/06/19 12:40:28 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Hi-Rez Studios [2011/06/20 03:15:19 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\ijjigame [2010/11/25 23:41:45 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\LolClient [2012/01/17 22:52:34 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Might & Magic Heroes VI [2011/08/21 05:24:23 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Might & Magic Heroes VI - Public Closed Beta [2011/06/16 00:30:34 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade [2011/06/15 18:20:32 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade Warband [2011/05/08 02:25:12 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade With Fire and Sword [2012/01/02 14:43:45 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mumble [2012/02/04 16:15:20 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Nokia [2012/02/25 13:49:05 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\OpenCandy [2011/12/21 13:21:01 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Origin [2012/01/20 20:48:55 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PC Suite [2011/07/20 11:56:38 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PDF Writer [2011/06/24 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PriceGong [2011/10/01 01:29:53 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Prism [2011/03/09 22:03:00 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Rift [2011/07/29 22:55:43 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Screaming Bee [2012/04/09 07:02:09 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\SoftGrid Client [2011/12/23 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\The Creative Assembly [2010/12/01 20:33:53 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TP [2011/11/22 20:35:58 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TS3Client [2011/09/02 23:46:11 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\ts3overlay [2011/10/30 22:28:01 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TuneUp Software [2010/11/27 04:32:24 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Turbine [2011/07/30 14:00:30 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Ubisoft [2012/04/09 06:37:52 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\UnknownApplicationVendor [2011/08/21 22:33:27 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\wargaming.net [2012/04/09 15:45:22 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\Crysis Wars(R) Updates.job [2012/03/16 17:01:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/08/02 00:43:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011/05/13 16:04:54 | 000,000,000 | ---D | M] -- C:\5bdff36955a43bb53c21dd30 [2012/02/04 16:15:51 | 000,000,000 | ---D | M] -- C:\AMD [2011/10/29 03:41:26 | 000,000,000 | ---D | M] -- C:\ATI [2012/04/09 23:27:37 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2010/11/25 15:53:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/12/02 02:01:54 | 000,000,000 | -HSD | M] -- C:\found.000 [2011/08/21 22:13:30 | 000,000,000 | ---D | M] -- C:\Games [2011/07/30 17:22:46 | 000,000,000 | ---D | M] -- C:\Heatwave Interactive [2010/11/25 16:00:50 | 000,000,000 | ---D | M] -- C:\Internet Explorer [2011/04/29 20:48:52 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011/09/15 17:57:01 | 000,000,000 | ---D | M] -- C:\Netgear [2012/02/20 23:18:17 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment [2012/04/10 12:26:00 | 000,000,000 | R--D | M] -- C:\Program Files [2012/04/09 22:53:52 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/06/07 17:44:45 | 000,000,000 | ---D | M] -- C:\rads [2010/11/25 15:53:16 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/04/11 20:42:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/11/25 16:01:07 | 000,000,000 | R--D | M] -- C:\Users [2012/04/11 17:14:10 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: AHCIX86S.SYS > [2007/11/14 19:44:42 | 000,129,552 | ---- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys [2009/10/26 19:41:10 | 000,189,496 | ---- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys [2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys [2011/04/20 15:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys [2011/03/10 19:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys [2009/11/02 21:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012/02/15 05:13:56 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2011/04/25 00:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll [89 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011/07/20 12:06:14 | 000,298,155 | ---- | M] () -- C:\Users\WIENERBLUT\10 Karten French.pdf [2011/07/20 11:56:51 | 000,228,967 | ---- | M] () -- C:\Users\WIENERBLUT\6 Karten French.pdf [2011/08/01 14:33:37 | 000,229,079 | ---- | M] () -- C:\Users\WIENERBLUT\Alexander Schuller 4_10.pdf [2012/02/25 02:54:27 | 086,405,736 | ---- | M] (K2 Network, Inc.) -- C:\Users\WIENERBLUT\APB_Reloaded_Installer.exe [2011/08/01 14:35:39 | 000,229,674 | ---- | M] () -- C:\Users\WIENERBLUT\Axl Anderle 6_10.pdf [2011/08/01 14:36:42 | 000,229,269 | ---- | M] () -- C:\Users\WIENERBLUT\Bernd Hinterschuster 7_10.pdf [2011/07/24 20:49:52 | 000,229,115 | ---- | M] () -- C:\Users\WIENERBLUT\Boris Futschek 1_10.pdf [2011/08/01 14:34:58 | 000,229,186 | ---- | M] () -- C:\Users\WIENERBLUT\Christian Pachta 5_10.pdf [2012/02/25 02:54:43 | 3830,088,838 | ---- | M] () -- C:\Users\WIENERBLUT\Client1.5.3.569583.7z [2011/07/20 13:23:54 | 000,229,599 | ---- | M] () -- C:\Users\WIENERBLUT\Eine Karte French 2_10.pdf [2011/07/24 19:20:55 | 000,229,467 | ---- | M] () -- C:\Users\WIENERBLUT\Erik Blume 4_10 .pdf [2011/07/24 20:50:43 | 000,229,112 | ---- | M] () -- C:\Users\WIENERBLUT\Florian Handle 2_10.pdf [2011/08/01 21:40:41 | 000,229,146 | ---- | M] () -- C:\Users\WIENERBLUT\frei ticket 10_10.pdf [2011/08/01 21:38:49 | 000,229,858 | ---- | M] () -- C:\Users\WIENERBLUT\frei ticket 8_10.pdf [2011/08/01 21:39:41 | 000,229,768 | ---- | M] () -- C:\Users\WIENERBLUT\freiticket 9_10.pdf [2011/07/24 19:53:04 | 000,229,692 | ---- | M] () -- C:\Users\WIENERBLUT\Helmut SCHMIED 8_10.pdf [2011/07/24 19:52:14 | 000,229,177 | ---- | M] () -- C:\Users\WIENERBLUT\Ines BÜRGER 7_10.pdf [2011/07/20 12:23:32 | 000,229,495 | ---- | M] () -- C:\Users\WIENERBLUT\Julia Stockinger 1_10.pdf [2011/07/24 20:47:53 | 000,229,297 | ---- | M] () -- C:\Users\WIENERBLUT\Karin Hace 10_10.pdf [2012/02/24 01:25:34 | 510,163,640 | ---- | M] () -- C:\Users\WIENERBLUT\Knight_Online_03072011.exe [2011/08/22 18:48:55 | 002,773,410 | ---- | M] () -- C:\Users\WIENERBLUT\LARP-L Auszeichnungslied für den Orden der ewigen Schwerter.mp3 [2011/07/24 20:47:19 | 000,229,749 | ---- | M] () -- C:\Users\WIENERBLUT\Manuel Gruber 9_10.pdf [2011/08/22 18:49:20 | 001,899,392 | ---- | M] () -- C:\Users\WIENERBLUT\Nirgendwo ist es so schön wie im Osten - Lied des Ostens.mp3 [2012/04/11 20:59:33 | 006,815,744 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat [2012/04/11 20:59:33 | 000,262,144 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat.LOG1 [2010/11/25 16:01:08 | 000,000,000 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat.LOG2 [2011/05/28 02:39:24 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TM.blf [2011/05/28 02:39:24 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TMContainer00000000000000000001.regtrans-ms [2011/05/28 02:39:24 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TMContainer00000000000000000002.regtrans-ms [2010/11/25 16:33:21 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/11/25 16:33:21 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/11/25 16:33:21 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/11/26 07:25:01 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TM.blf [2010/11/26 07:25:01 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TMContainer00000000000000000001.regtrans-ms [2010/11/26 07:25:01 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TMContainer00000000000000000002.regtrans-ms [2010/11/25 16:01:09 | 000,000,020 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.ini [2012/01/29 03:21:56 | 000,846,336 | ---- | M] () -- C:\Users\WIENERBLUT\pbsetup.exe [2012/01/29 03:22:00 | 002,580,552 | ---- | M] () -- C:\Users\WIENERBLUT\pbsvc.exe [2011/07/24 20:52:01 | 000,229,903 | ---- | M] () -- C:\Users\WIENERBLUT\Richard Bsteh 3_10.pdf [2011/07/24 19:18:49 | 000,229,643 | ---- | M] () -- C:\Users\WIENERBLUT\Sandro Vacilotto 3_10.pdf [2011/07/24 19:51:37 | 000,230,324 | ---- | M] () -- C:\Users\WIENERBLUT\Sebastian SEIBT 6_10.pdf [2012/02/24 03:29:14 | 039,815,848 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_10182011_G1_Xfire.exe [2012/02/24 03:35:47 | 2103,158,624 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin1 [2012/02/24 03:35:43 | 2055,359,392 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin2 [2012/02/24 03:35:43 | 1798,227,496 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin3 [2012/02/24 03:35:44 | 720,051,672 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin4 [2011/07/24 19:22:00 | 000,229,953 | ---- | M] () -- C:\Users\WIENERBLUT\Tobias Joppen 5_10 .pdf [2012/02/24 01:30:04 | 922,460,208 | ---- | M] () -- C:\Users\WIENERBLUT\War_Rock_10182011_G1_Xfire.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
11.04.2012, 20:24
| #4 |
| | Trojan.Win32.Mediyes hi 2. OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 4/11/2012 8:39:20 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\WIENERBLUT\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.54% Memory free 5.98 Gb Paging File | 3.85 Gb Available in Paging File | 64.33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356.17 Gb Total Space | 1151.13 Gb Free Space | 84.88% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 14.12 Gb Free Space | 35.29% Space Free | Partition Type: NTFS Computer Name: WIENERBLUT-PC | User Name: WIENERBLUT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/11 20:35:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/12 17:53:20 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe PRC - [2012/03/12 17:53:19 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012/03/07 23:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012/02/15 05:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012/02/15 05:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012/02/01 11:46:36 | 003,357,584 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe PRC - [2012/01/22 09:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe PRC - [2012/01/17 14:04:40 | 000,162,856 | ---- | M] (Nokia Corporation) -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\NokiaLink.exe PRC - [2012/01/17 13:16:56 | 001,556,864 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpEngine.exe PRC - [2012/01/03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011/12/14 13:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011/12/14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/04/11 17:17:41 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012/04/11 17:17:41 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012/04/07 17:02:52 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012/04/07 17:02:52 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012/03/12 17:53:19 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012/02/15 19:42:56 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll MOD - [2012/02/15 19:41:47 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll MOD - [2012/02/15 17:56:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll MOD - [2012/02/15 17:56:34 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll MOD - [2012/02/15 17:56:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/02/15 17:56:21 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll MOD - [2012/02/15 17:56:10 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/02/15 17:56:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/02/15 17:56:03 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll MOD - [2012/02/15 17:55:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012/02/15 17:55:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/15 17:55:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/15 17:55:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/02/14 23:13:24 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2012/01/17 14:04:56 | 000,315,944 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qtiff4.dll MOD - [2012/01/17 14:04:54 | 000,268,840 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qmng4.dll MOD - [2012/01/17 14:04:52 | 000,216,104 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qjpeg4.dll MOD - [2012/01/17 14:04:52 | 000,036,392 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qico4.dll MOD - [2012/01/17 14:04:50 | 000,298,536 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtXml4.dll MOD - [2012/01/17 14:04:50 | 000,032,808 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qgif4.dll MOD - [2012/01/17 14:04:48 | 001,250,856 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtScript4.dll MOD - [2012/01/17 14:04:48 | 000,169,512 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtSql4.dll MOD - [2012/01/17 14:04:46 | 006,768,168 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtGui4.dll MOD - [2012/01/17 14:04:46 | 000,855,080 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtNetwork4.dll MOD - [2012/01/17 14:04:44 | 002,096,680 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtDeclarative4.dll MOD - [2012/01/17 14:04:44 | 002,012,712 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtCore4.dll MOD - [2012/01/17 13:17:12 | 000,609,664 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpiTunes.dll MOD - [2012/01/17 13:17:10 | 001,167,232 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpWpdPlugin.dll MOD - [2012/01/17 13:17:08 | 000,621,952 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpWMP.dll MOD - [2012/01/17 13:17:00 | 000,593,280 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpMSLPG.dll MOD - [2012/01/17 13:17:00 | 000,519,040 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpImageParser.dll MOD - [2012/01/17 13:16:56 | 001,556,864 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpEngine.exe MOD - [2012/01/17 13:16:56 | 000,921,472 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpFileSystem.dll MOD - [2012/01/17 13:16:52 | 000,722,816 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpAVParser.dll MOD - [2012/01/17 13:16:50 | 000,470,912 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpAPI.dll MOD - [2011/10/13 18:43:34 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll MOD - [2011/10/13 18:42:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2011/03/02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010/05/12 15:13:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ========== Win32 Services (SafeList) ========== SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/30 17:01:10 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/23 02:44:58 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/03/12 17:53:20 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0) SRV - [2012/02/15 05:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012/01/22 09:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/12/14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/12/14 13:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011/12/14 05:57:44 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service) SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011/06/19 19:56:16 | 004,122,968 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010/11/25 23:07:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva351.sys -- (XDva351) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/02/15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012/02/15 04:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011/12/05 21:47:16 | 000,086,032 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011/11/02 11:13:28 | 000,034,768 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2011/11/02 11:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc) DRV - [2011/11/01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/11/01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011/11/01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/10/20 12:48:16 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2011/04/20 15:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011/03/10 19:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2010/05/06 11:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010/05/05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2010/04/27 18:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 18:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010/04/12 08:24:12 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2009/11/26 01:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009/11/02 21:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{13B6DECC-2E07-47FC-94F2-9B0929F674E3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=4506ca31-8013-473f-9b1b-71a0614bd86a&apn_sauid=41894784-7CDF-4CB5-BF8D-CDF6CD06F353 IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d60194296&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\..\SearchScopes\{338D09FC-E690-4F6A-96D7-E772C3A749B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7FF1ABD6-5043-4AFA-9773-61460CF44C12}&mid=66dc38181af047d18338bd2b2b69d7da-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2011-12-12 19:50:50&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.linkury.com" FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.8.0.8 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.0.8 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100009 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_US&apn_uid=4506ca31-8013-473f-9b1b-71a0614bd86a&apn_ptnrs=^AAA&apn_sauid=41894784-7CDF-4CB5-BF8D-CDF6CD06F353&apn_dtid=^YYYYYY^YY^AT&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/11 14:42:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/16 18:11:01 | 000,000,000 | ---D | M] [2011/10/01 01:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Extensions [2011/10/01 01:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2012/02/25 14:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions [2012/02/25 01:39:56 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012/02/15 22:49:22 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012/02/14 21:42:25 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011/12/21 14:02:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\ffxtlbr@babylon.com [2012/02/01 17:52:05 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\toolbar@ask.com [2012/04/11 20:20:08 | 000,002,404 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\askcom.xml [2011/07/24 15:30:04 | 000,000,931 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\conduit.xml [2012/02/25 01:25:49 | 000,002,412 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\Linkury Smartbar Search.xml [2012/01/04 18:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/10/18 19:53:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/11/12 02:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} () (No name found) -- C:\USERS\WIENERBLUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POLPNUPY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/02/11 14:42:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/12 17:53:18 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011/03/24 02:11:26 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011/12/21 06:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/08/02 00:48:02 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011/12/21 06:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2304157 CHR - default_search_provider: suggest_url = Conduit Search CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Modul zur Link-Untersuchung = C:\Users\WIENERBLUT\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsi Software GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Nokia Link] C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\NokiaLink.exe (Nokia Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/11 20:34:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe [2012/04/10 12:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012/04/10 12:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2012/04/10 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\Documents\Anti-Malware [2012/04/09 22:53:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/04/09 15:47:22 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\GameSpy [2012/04/09 06:37:52 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\UnknownApplicationVendor [2012/04/09 06:11:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE} [2012/04/09 02:32:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8} [2012/04/09 01:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura [2012/04/09 01:02:36 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012/04/09 01:02:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2012/04/09 00:57:16 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\Downloaded Installations [2012/04/09 00:21:54 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\Origin [2012/04/09 00:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012/04/09 00:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2012/04/07 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\Malwarebytes [2012/04/07 17:15:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/04/07 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/07 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/07 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/07 17:02:47 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\SUPERAntiSpyware.com [2012/04/07 17:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/04/07 17:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/04/07 17:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/03/28 22:46:19 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\Documents\Spartan [2012/03/26 18:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012/03/17 14:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012/03/17 14:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012/03/17 14:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT [2012/03/17 14:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2012/03/17 14:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012/03/15 23:30:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [89 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/11 20:35:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe [2012/04/11 20:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/11 19:48:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/11 19:48:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/11 17:21:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/11 17:21:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/11 17:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/11 17:14:10 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012/04/11 00:34:20 | 000,139,224 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012/04/10 23:45:38 | 000,183,152 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012/04/10 14:09:57 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/04/10 12:26:13 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/04/10 06:49:22 | 000,002,294 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/09 23:30:04 | 000,411,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/04/09 16:00:09 | 000,707,540 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/04/09 16:00:09 | 000,661,158 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/09 16:00:09 | 000,152,874 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/04/09 16:00:09 | 000,125,090 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/09 15:45:22 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Crysis Wars(R) Updates.job [2012/04/09 02:41:02 | 000,001,512 | ---- | M] () -- C:\Users\WIENERBLUT\Desktop\MWLL Launcher.lnk [2012/04/09 02:33:11 | 000,022,328 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\PnkBstrK.sys [2012/04/09 02:32:42 | 000,669,184 | ---- | M] () -- C:\Windows\System32\pbsvc.exe [2012/04/09 02:32:10 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Crysis Wars.lnk [2012/04/09 02:27:20 | 000,002,346 | ---- | M] () -- C:\Windows\System32\ealregsnapshot1.reg [2012/04/09 01:03:15 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012/04/09 00:21:45 | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012/04/09 00:09:00 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk [2012/04/07 17:02:25 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/03/30 23:34:58 | 000,042,088 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\11.04.08 Tanzaufführung.jpg [2012/03/30 23:32:23 | 000,629,190 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\PIC_0609 (2).JPG [2012/03/27 23:05:21 | 004,210,865 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\DSCF1501.JPG [2012/03/26 18:11:34 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012/03/19 00:35:31 | 000,066,342 | ---- | M] () -- C:\Users\WIENERBLUT\Desktop\ultimate-untot.htm [2012/03/17 14:05:21 | 000,002,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk [89 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/10 12:26:13 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012/04/09 02:41:02 | 000,001,512 | ---- | C] () -- C:\Users\WIENERBLUT\Desktop\MWLL Launcher.lnk [2012/04/09 02:34:58 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\Crysis Wars(R) Updates.job [2012/04/09 02:32:10 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Crysis Wars.lnk [2012/04/09 00:57:42 | 000,002,346 | ---- | C] () -- C:\Windows\System32\ealregsnapshot1.reg [2012/04/09 00:21:45 | 000,000,669 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012/04/09 00:09:00 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk [2012/04/07 17:15:55 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/04/07 17:02:25 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/03/30 23:34:46 | 000,042,088 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\11.04.08 Tanzaufführung.jpg [2012/03/30 23:30:54 | 000,629,190 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\PIC_0609 (2).JPG [2012/03/30 16:11:48 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/27 22:58:41 | 004,210,865 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\DSCF1501.JPG [2012/03/26 18:11:34 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012/03/26 18:11:03 | 000,002,294 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/03/19 00:34:58 | 000,066,342 | ---- | C] () -- C:\Users\WIENERBLUT\Desktop\ultimate-untot.htm [2012/03/17 14:05:21 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk [2012/02/23 21:22:01 | 000,036,292 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Roaming\icarus-dxdiag.xml [2012/02/15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012/02/15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012/01/29 03:25:02 | 000,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012/01/29 03:24:40 | 000,183,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012/01/29 03:24:39 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012/01/29 03:24:38 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2012/01/10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011/12/23 19:07:02 | 000,017,408 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\WebpageIcons.db [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011/10/14 16:32:35 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011/07/29 02:09:53 | 000,007,605 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\Resmon.ResmonCfg [2011/03/11 13:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2011/02/28 19:40:33 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010/12/25 20:07:40 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010/12/25 20:07:40 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010/12/07 18:20:12 | 000,022,328 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Roaming\PnkBstrK.sys [2010/12/07 18:19:55 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2010/11/27 02:55:50 | 000,000,098 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\fusioncache.dat [2010/11/26 18:41:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/08/30 20:41:04 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010/08/30 20:33:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/08/30 20:11:24 | 000,000,018 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2010/08/30 11:46:44 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2010/05/12 15:13:56 | 000,707,540 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/05/12 15:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/05/12 15:13:56 | 000,152,874 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/05/12 15:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== LOP Check ========== [2011/07/01 17:11:01 | 000,000,000 | -HSD | M] -- C:\Users\WIENERBLUT\AppData\Roaming\.# [2011/04/30 02:00:39 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\BabylonToolbar [2012/04/11 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DesktopPlatform [2012/04/07 15:33:11 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DVDVideoSoft [2012/04/07 15:30:43 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DVDVideoSoftIEHelpers [2012/02/29 22:41:15 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Firefly Studios [2012/01/14 01:05:44 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\FOG Downloader [2011/10/08 20:21:37 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\go [2011/06/19 12:40:28 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Hi-Rez Studios [2011/06/20 03:15:19 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\ijjigame [2010/11/25 23:41:45 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\LolClient [2012/01/17 22:52:34 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Might & Magic Heroes VI [2011/08/21 05:24:23 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Might & Magic Heroes VI - Public Closed Beta [2011/06/16 00:30:34 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade [2011/06/15 18:20:32 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade Warband [2011/05/08 02:25:12 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade With Fire and Sword [2012/01/02 14:43:45 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mumble [2012/02/04 16:15:20 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Nokia [2012/02/25 13:49:05 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\OpenCandy [2011/12/21 13:21:01 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Origin [2012/01/20 20:48:55 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PC Suite [2011/07/20 11:56:38 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PDF Writer [2011/06/24 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PriceGong [2011/10/01 01:29:53 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Prism [2011/03/09 22:03:00 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Rift [2011/07/29 22:55:43 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Screaming Bee [2012/04/09 07:02:09 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\SoftGrid Client [2011/12/23 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\The Creative Assembly [2010/12/01 20:33:53 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TP [2011/11/22 20:35:58 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TS3Client [2011/09/02 23:46:11 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\ts3overlay [2011/10/30 22:28:01 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TuneUp Software [2010/11/27 04:32:24 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Turbine [2011/07/30 14:00:30 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Ubisoft [2012/04/09 06:37:52 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\UnknownApplicationVendor [2011/08/21 22:33:27 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\wargaming.net [2012/04/09 15:45:22 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\Crysis Wars(R) Updates.job [2012/03/16 17:01:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/08/02 00:43:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011/05/13 16:04:54 | 000,000,000 | ---D | M] -- C:\5bdff36955a43bb53c21dd30 [2012/02/04 16:15:51 | 000,000,000 | ---D | M] -- C:\AMD [2011/10/29 03:41:26 | 000,000,000 | ---D | M] -- C:\ATI [2012/04/09 23:27:37 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2010/11/25 15:53:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/12/02 02:01:54 | 000,000,000 | -HSD | M] -- C:\found.000 [2011/08/21 22:13:30 | 000,000,000 | ---D | M] -- C:\Games [2011/07/30 17:22:46 | 000,000,000 | ---D | M] -- C:\Heatwave Interactive [2010/11/25 16:00:50 | 000,000,000 | ---D | M] -- C:\Internet Explorer [2011/04/29 20:48:52 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011/09/15 17:57:01 | 000,000,000 | ---D | M] -- C:\Netgear [2012/02/20 23:18:17 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment [2012/04/10 12:26:00 | 000,000,000 | R--D | M] -- C:\Program Files [2012/04/09 22:53:52 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/06/07 17:44:45 | 000,000,000 | ---D | M] -- C:\rads [2010/11/25 15:53:16 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/04/11 20:42:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/11/25 16:01:07 | 000,000,000 | R--D | M] -- C:\Users [2012/04/11 17:14:10 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: AHCIX86S.SYS > [2007/11/14 19:44:42 | 000,129,552 | ---- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys [2009/10/26 19:41:10 | 000,189,496 | ---- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys [2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys [2011/04/20 15:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys [2011/03/10 19:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys [2009/11/02 21:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012/02/15 05:13:56 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2011/04/25 00:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll [89 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011/07/20 12:06:14 | 000,298,155 | ---- | M] () -- C:\Users\WIENERBLUT\10 Karten French.pdf [2011/07/20 11:56:51 | 000,228,967 | ---- | M] () -- C:\Users\WIENERBLUT\6 Karten French.pdf [2011/08/01 14:33:37 | 000,229,079 | ---- | M] () -- C:\Users\WIENERBLUT\Alexander Schuller 4_10.pdf [2012/02/25 02:54:27 | 086,405,736 | ---- | M] (K2 Network, Inc.) -- C:\Users\WIENERBLUT\APB_Reloaded_Installer.exe [2011/08/01 14:35:39 | 000,229,674 | ---- | M] () -- C:\Users\WIENERBLUT\Axl Anderle 6_10.pdf [2011/08/01 14:36:42 | 000,229,269 | ---- | M] () -- C:\Users\WIENERBLUT\Bernd Hinterschuster 7_10.pdf [2011/07/24 20:49:52 | 000,229,115 | ---- | M] () -- C:\Users\WIENERBLUT\Boris Futschek 1_10.pdf [2011/08/01 14:34:58 | 000,229,186 | ---- | M] () -- C:\Users\WIENERBLUT\Christian Pachta 5_10.pdf [2012/02/25 02:54:43 | 3830,088,838 | ---- | M] () -- C:\Users\WIENERBLUT\Client1.5.3.569583.7z [2011/07/20 13:23:54 | 000,229,599 | ---- | M] () -- C:\Users\WIENERBLUT\Eine Karte French 2_10.pdf [2011/07/24 19:20:55 | 000,229,467 | ---- | M] () -- C:\Users\WIENERBLUT\Erik Blume 4_10 .pdf [2011/07/24 20:50:43 | 000,229,112 | ---- | M] () -- C:\Users\WIENERBLUT\Florian Handle 2_10.pdf [2011/08/01 21:40:41 | 000,229,146 | ---- | M] () -- C:\Users\WIENERBLUT\frei ticket 10_10.pdf [2011/08/01 21:38:49 | 000,229,858 | ---- | M] () -- C:\Users\WIENERBLUT\frei ticket 8_10.pdf [2011/08/01 21:39:41 | 000,229,768 | ---- | M] () -- C:\Users\WIENERBLUT\freiticket 9_10.pdf [2011/07/24 19:53:04 | 000,229,692 | ---- | M] () -- C:\Users\WIENERBLUT\Helmut SCHMIED 8_10.pdf [2011/07/24 19:52:14 | 000,229,177 | ---- | M] () -- C:\Users\WIENERBLUT\Ines BÜRGER 7_10.pdf [2011/07/20 12:23:32 | 000,229,495 | ---- | M] () -- C:\Users\WIENERBLUT\Julia Stockinger 1_10.pdf [2011/07/24 20:47:53 | 000,229,297 | ---- | M] () -- C:\Users\WIENERBLUT\Karin Hace 10_10.pdf [2012/02/24 01:25:34 | 510,163,640 | ---- | M] () -- C:\Users\WIENERBLUT\Knight_Online_03072011.exe [2011/08/22 18:48:55 | 002,773,410 | ---- | M] () -- C:\Users\WIENERBLUT\LARP-L Auszeichnungslied für den Orden der ewigen Schwerter.mp3 [2011/07/24 20:47:19 | 000,229,749 | ---- | M] () -- C:\Users\WIENERBLUT\Manuel Gruber 9_10.pdf [2011/08/22 18:49:20 | 001,899,392 | ---- | M] () -- C:\Users\WIENERBLUT\Nirgendwo ist es so schön wie im Osten - Lied des Ostens.mp3 [2012/04/11 20:59:33 | 006,815,744 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat [2012/04/11 20:59:33 | 000,262,144 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat.LOG1 [2010/11/25 16:01:08 | 000,000,000 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat.LOG2 [2011/05/28 02:39:24 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TM.blf [2011/05/28 02:39:24 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TMContainer00000000000000000001.regtrans-ms [2011/05/28 02:39:24 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TMContainer00000000000000000002.regtrans-ms [2010/11/25 16:33:21 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/11/25 16:33:21 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/11/25 16:33:21 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/11/26 07:25:01 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TM.blf [2010/11/26 07:25:01 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TMContainer00000000000000000001.regtrans-ms [2010/11/26 07:25:01 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TMContainer00000000000000000002.regtrans-ms [2010/11/25 16:01:09 | 000,000,020 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.ini [2012/01/29 03:21:56 | 000,846,336 | ---- | M] () -- C:\Users\WIENERBLUT\pbsetup.exe [2012/01/29 03:22:00 | 002,580,552 | ---- | M] () -- C:\Users\WIENERBLUT\pbsvc.exe [2011/07/24 20:52:01 | 000,229,903 | ---- | M] () -- C:\Users\WIENERBLUT\Richard Bsteh 3_10.pdf [2011/07/24 19:18:49 | 000,229,643 | ---- | M] () -- C:\Users\WIENERBLUT\Sandro Vacilotto 3_10.pdf [2011/07/24 19:51:37 | 000,230,324 | ---- | M] () -- C:\Users\WIENERBLUT\Sebastian SEIBT 6_10.pdf [2012/02/24 03:29:14 | 039,815,848 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_10182011_G1_Xfire.exe [2012/02/24 03:35:47 | 2103,158,624 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin1 [2012/02/24 03:35:43 | 2055,359,392 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin2 [2012/02/24 03:35:43 | 1798,227,496 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin3 [2012/02/24 03:35:44 | 720,051,672 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin4 [2011/07/24 19:22:00 | 000,229,953 | ---- | M] () -- C:\Users\WIENERBLUT\Tobias Joppen 5_10 .pdf [2012/02/24 01:30:04 | 922,460,208 | ---- | M] () -- C:\Users\WIENERBLUT\War_Rock_10182011_G1_Xfire.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
11.04.2012, 20:26
| #5 |
| | Trojan.Win32.Mediyes 2. extras.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/11/2012 8:39:20 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\WIENERBLUT\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.54% Memory free
5.98 Gb Paging File | 3.85 Gb Available in Paging File | 64.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1151.13 Gb Free Space | 84.88% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 14.12 Gb Free Space | 35.29% Space Free | Partition Type: NTFS
Computer Name: WIENERBLUT-PC | User Name: WIENERBLUT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D46A43D-E720-43AD-80AC-9F434C45FD26}" = MorphVOX Pro
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7B6C9592-EF3B-B71E-F9B6-44FB797C205E}" = AMD Drag and Drop Transcoding
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943B2619-0E00-E9F1-73E3-03090965484E}" = AMD Media Foundation Decoders
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB7A055-0C66-C319-9613-CACDC50DDB38}" = ccc-utility
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A994E9F7-A748-FFB1-01C2-9D64ADE870B4}" = AMD Accelerated Video Transcoding
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C4100721-2D71-CC80-8877-0A7855B6EEFB}" = AMD Catalyst Install Manager
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Conan_is1" = Age of Conan: Unchained
"APB Reloaded" = APB Reloaded
"AVG Secure Search" = AVG Security Toolbar
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RiseOfImmortals" = Rise of Immortals
"Simple Port Forwarding" = Simple Port Forwarding
"Steam App 113420" = Fallen Earth
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 22818" = Bulletstorm - Prima Official Strategy Guide
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 8980" = Borderlands
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Nokia Link" = Nokia Link
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/13/2012 11:24:09 PM | Computer Name = WIENERBLUT-PC | Source = VSS | ID = 13
Description =
Error - 1/13/2012 11:24:09 PM | Computer Name = WIENERBLUT-PC | Source = VSS | ID = 8193
Description =
Error - 1/13/2012 11:24:09 PM | Computer Name = WIENERBLUT-PC | Source = VSS | ID = 13
Description =
Error - 1/13/2012 11:24:09 PM | Computer Name = WIENERBLUT-PC | Source = VSS | ID = 8193
Description =
Error - 1/14/2012 12:57:28 PM | Computer Name = WIENERBLUT-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 1/14/2012 4:04:09 PM | Computer Name = WIENERBLUT-PC | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 1/14/2012 4:07:40 PM | Computer Name = WIENERBLUT-PC | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 1/14/2012 4:10:17 PM | Computer Name = WIENERBLUT-PC | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 1/14/2012 7:21:10 PM | Computer Name = WIENERBLUT-PC | Source = BugSplat | ID = 1
Description =
Error - 1/14/2012 9:19:08 PM | Computer Name = WIENERBLUT-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ShippingPC-StormGame.exe, Version:
1.0.7147.0, Zeitstempel: 0x4dde3f6b Name des fehlerhaften Moduls: ShippingPC-StormGame.exe,
Version: 1.0.7147.0, Zeitstempel: 0x4dde3f6b Ausnahmecode: 0xc0000005 Fehleroffset:
0x00a16d13 ID des fehlerhaften Prozesses: 0xa90 Startzeit der fehlerhaften Anwendung:
0x01ccd32147b440f8 Pfad der fehlerhaften Anwendung: c:\program files\steam\steamapps\common\bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
Pfad
des fehlerhaften Moduls: c:\program files\steam\steamapps\common\bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
Berichtskennung:
ebf17f4b-3f16-11e1-b076-6c626d8d3e29
[ OSession Events ]
Error - 7/20/2011 6:01:20 AM | Computer Name = WIENERBLUT-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 831
seconds with 240 seconds of active time. This session ended with a crash.
Error - 12/17/2011 11:38:55 AM | Computer Name = WIENERBLUT-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/17/2011 1:39:14 PM | Computer Name = WIENERBLUT-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2/26/2012 12:41:33 PM | Computer Name = WIENERBLUT-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 659
seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 4/11/2012 11:14:49 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 4/11/2012 11:14:49 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error - 4/11/2012 11:14:49 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error - 4/11/2012 2:45:42 PM | Computer Name = WIENERBLUT-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.
< End of report >
sry, das mit dem posten hat nicht gleich funktioniert. Nun zu der Kasperskymeldung: wo ich die txt-datei finde weis ich leider nicht. der bericht vom 10.4.2012 sagt 6 trojanische Programme gefunden, der detaillierte Bericht sagt Trojan.Win32.Mediyes.ua, C:\Windows\System32\aptw78cgn.dll danke fürs helfen laurana |
|
12.04.2012, 09:45
| #6 | |
| /// Malware-holic | Trojan.Win32.MediyesCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Trojan.Win32.Mediyes |
|
12.04.2012, 11:12
| #7 |
| | Trojan.Win32.Mediyes hier das ergebnis: Combofix Logfile: Code:
ATTFilter ComboFix 12-04-12.01 - WIENERBLUT 12.04.2012 11:33:49.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3063.1911 [GMT 2:00]
ausgeführt von:: c:\users\WIENERBLUT\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Internet Explorer
c:\internet explorer\Custom\eBay.ico
c:\users\WIENERBLUT\APB_Reloaded_Installer.exe
c:\users\WIENERBLUT\AppData\Roaming\.#
c:\users\WIENERBLUT\AppData\Roaming\.#\MBX@E9C@1B42938.###
c:\users\WIENERBLUT\AppData\Roaming\.#\MBX@E9C@1B42968.###
c:\users\WIENERBLUT\AppData\Roaming\.#\MBX@E9C@1B42998.###
c:\users\WIENERBLUT\AppData\Roaming\PriceGong
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\1.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\a.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\b.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\c.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\d.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\e.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\f.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\g.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\h.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\i.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\J.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\k.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\l.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\m.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\n.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\o.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\p.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\q.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\r.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\s.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\t.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\u.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\v.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\w.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\x.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\y.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\z.xml
c:\users\WIENERBLUT\Erik Blume 4_10 .pdf
c:\users\WIENERBLUT\Tobias Joppen 5_10 .pdf
c:\windows\PFRO.log
c:\windows\system32\tmpB4BF.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-12 bis 2012-04-12 ))))))))))))))))))))))))))))))
.
.
2012-04-11 21:06 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 21:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 21:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 21:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 21:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 21:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 04:01 . 2012-04-12 09:34 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EBCFDD5-DB36-464C-B4E9-344C3C85F96E}\offreg.dll
2012-04-10 11:14 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EBCFDD5-DB36-464C-B4E9-344C3C85F96E}\mpengine.dll
2012-04-10 10:26 . 2012-04-12 09:29 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-04-09 13:47 . 2012-04-09 14:06 -------- d-----w- c:\users\WIENERBLUT\AppData\Local\GameSpy
2012-04-09 04:37 . 2012-04-09 04:37 -------- d-----w- c:\users\WIENERBLUT\AppData\Roaming\UnknownApplicationVendor
2012-04-09 04:11 . 2012-04-09 04:11 -------- dc-h--w- c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2012-04-09 00:32 . 2012-04-09 04:11 -------- dc-h--w- c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2012-04-08 23:34 . 2012-04-09 14:01 -------- d-----w- c:\programdata\Desura
2012-04-08 23:02 . 2012-04-08 23:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-04-08 23:02 . 2012-04-08 23:02 -------- dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2012-04-08 22:21 . 2012-04-08 22:21 -------- d-----w- c:\users\WIENERBLUT\AppData\Local\Origin
2012-04-08 03:01 . 2012-04-08 03:01 0 ----a-w- c:\windows\system32\sho4204.tmp
2012-04-07 15:15 . 2012-04-07 15:15 -------- d-----w- c:\users\WIENERBLUT\AppData\Roaming\Malwarebytes
2012-04-07 15:15 . 2012-04-07 15:15 -------- d-----w- c:\programdata\Malwarebytes
2012-04-07 15:15 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-07 15:15 . 2012-04-10 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-07 15:02 . 2012-04-07 15:02 -------- d-----w- c:\users\WIENERBLUT\AppData\Roaming\SUPERAntiSpyware.com
2012-04-07 15:02 . 2012-04-07 15:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-07 15:02 . 2012-04-07 15:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-02 03:25 . 2012-04-02 03:25 0 ----a-w- c:\windows\system32\sho1D13.tmp
2012-03-30 14:11 . 2012-03-30 15:01 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-26 16:54 . 2012-03-26 16:54 0 ----a-w- c:\windows\system32\sho8D80.tmp
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-19 18:53 . 2012-03-19 18:53 0 ----a-w- c:\windows\system32\sho9C41.tmp
2012-03-17 12:10 . 2012-03-17 12:10 -------- d-----w- c:\programdata\ATI
2012-03-17 12:05 . 2012-03-17 12:05 -------- d-----w- c:\programdata\AMD
2012-03-17 12:05 . 2012-03-17 12:05 -------- d-----w- c:\program files\AMD AVT
2012-03-17 12:05 . 2012-03-17 12:05 -------- d-----w- c:\program files\AMD APP
2012-03-15 21:30 . 2012-03-15 21:30 -------- d-sh--w- c:\programdata\SecuROM
2012-03-14 16:15 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 16:15 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 16:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 16:15 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 16:15 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 16:15 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 16:15 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 16:15 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 21:33 . 2012-01-29 01:25 139224 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-04-11 21:33 . 2012-01-29 01:24 183152 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-04-10 22:33 . 2010-11-26 21:45 183152 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-04-09 00:33 . 2010-12-07 16:20 22328 ----a-w- c:\users\WIENERBLUT\AppData\Roaming\PnkBstrK.sys
2012-04-09 00:32 . 2012-01-29 01:24 669184 ----a-w- c:\windows\system32\pbsvc.exe
2012-03-30 15:01 . 2011-05-18 18:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 11:33 . 2012-03-07 11:33 0 ----a-w- c:\windows\system32\sho7E34.tmp
2012-02-24 01:29 . 2012-02-23 21:10 39815848 ----a-w- c:\users\WIENERBLUT\Sword_2_10182011_G1_Xfire.exe
2012-02-23 23:30 . 2012-02-23 23:19 922460208 ----a-w- c:\users\WIENERBLUT\War_Rock_10182011_G1_Xfire.exe
2012-02-23 23:25 . 2012-02-23 23:20 510163640 ----a-w- c:\users\WIENERBLUT\Knight_Online_03072011.exe
2012-02-23 08:18 . 2010-08-30 16:46 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 20:16 . 2012-01-29 01:24 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-21 20:16 . 2010-11-26 21:45 282864 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-15 03:47 . 2012-02-15 03:47 9182208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-09-08 17:34 791040 ----a-w- c:\windows\system32\aticfx32.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:12 . 2012-02-15 03:12 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-02-15 03:10 . 2012-02-15 03:10 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-02-15 03:07 . 2011-09-08 17:24 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\system32\atioglxx.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\system32\aticaldd.dll
2012-02-15 02:16 . 2010-05-27 16:35 51200 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-02-15 02:12 . 2012-02-15 02:12 264704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-09-08 16:51 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05 54784 ----a-w- c:\windows\system32\OVDecode.dll
2012-02-14 21:04 . 2012-02-14 21:04 13238272 ----a-w- c:\windows\system32\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03 48128 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 22:50 . 2011-06-20 01:12 5265 ----a-w- c:\windows\system32\nppt9x.vxd
2012-02-02 22:50 . 2011-06-20 01:12 4774 ----a-w- c:\windows\system32\npptNT2.sys
2012-01-31 05:00 . 2012-01-31 05:00 16896 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-01-29 01:22 . 2012-01-29 01:21 2580552 ----a-w- c:\users\WIENERBLUT\pbsvc.exe
2012-01-29 01:21 . 2012-01-29 01:21 846336 ----a-w- c:\users\WIENERBLUT\pbsetup.exe
2012-02-11 12:42 . 2012-01-04 16:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 15:53 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia Link"="c:\users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\NokiaLink.exe" [2012-01-17 162856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-8-16 2589808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"IAStorIcon"=c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 136176]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 136176]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-06-19 4122968]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-25 1343400]
R3 XDva351;XDva351;c:\windows\system32\XDva351.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2011-11-02 34768]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-22 3025112]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 163328]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 9182208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 264704]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-10-20 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:01]
.
2012-04-09 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2012-04-09 00:32]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 13:58]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 13:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.linkury.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_US&apn_uid=4506ca31-8013-473f-9b1b-71a0614bd86a&apn_ptnrs=^AAA&apn_sauid=41894784-7CDF-4CB5-BF8D-CDF6CD06F353&apn_dtid=^YYYYYY^YY^AT&&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
SafeBoot-BsScanner
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2517004976-3295302337-4199221813-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b1,4d,7b,66,20,08,25,53,6a,fe,e9,35,d8,7e,0a,30,b6,3c,0a,0e,f9,7f,3a,
79,29,36,2d,f2,03,ff,59,da,ad,66,a7,28,dd,1c,58,76,38,bf,94,e2,d0,1c,fa,36,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2517004976-3295302337-4199221813-1000\Software\SecuROM\License information*]
"datasecu"=hex:60,3c,ca,ab,87,f9,b2,0e,42,59,94,7a,63,8d,3b,57,5a,63,3d,60,31,
4c,6b,4c,79,25,1f,07,23,c3,01,82,0d,4b,7e,1c,f1,43,09,88,2d,c0,21,ca,21,aa,\
"rkeysecu"=hex:fe,41,82,14,0e,02,b3,67,a5,ca,ea,50,7e,c1,c2,d0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-12 11:53:56
ComboFix-quarantined-files.txt 2012-04-12 09:53
.
Vor Suchlauf: 13 Verzeichnis(se), 1.235.040.960.512 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 1.236.111.765.504 Bytes frei
.
- - End Of File - - 9D731696B3C41425F0CD02235C074CB9
|
|
12.04.2012, 16:09
| #8 |
| /// Malware-holic | Trojan.Win32.Mediyes findet kaspersky im moment noch etwas?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.04.2012, 16:44
| #9 |
| | Trojan.Win32.Mediyes nein, beim hochfahren zumindest nicht wie es bei mediyes der fall war, der complett scan gestern mit emsisoft hat auch nichts angezeigt |
|
12.04.2012, 20:06
| #10 |
| /// Malware-holic | Trojan.Win32.Mediyes download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.04.2012, 21:21
| #11 |
| | Trojan.Win32.Mediyes 22:16:46.0725 7304 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05 22:16:48.0420 7304 ============================================================ 22:16:48.0420 7304 Current date / time: 2012/04/12 22:16:48.0420 22:16:48.0420 7304 SystemInfo: 22:16:48.0420 7304 22:16:48.0420 7304 OS Version: 6.1.7601 ServicePack: 1.0 22:16:48.0420 7304 Product type: Workstation 22:16:48.0420 7304 ComputerName: WIENERBLUT-PC 22:16:48.0420 7304 UserName: WIENERBLUT 22:16:48.0420 7304 Windows directory: C:\Windows 22:16:48.0420 7304 System windows directory: C:\Windows 22:16:48.0420 7304 Processor architecture: Intel x86 22:16:48.0420 7304 Number of processors: 4 22:16:48.0420 7304 Page size: 0x1000 22:16:48.0420 7304 Boot type: Normal boot 22:16:48.0420 7304 ============================================================ 22:16:55.0113 7304 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:16:55.0125 7304 \Device\Harddisk0\DR0: 22:16:55.0126 7304 MBR used 22:16:55.0126 7304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:16:55.0126 7304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854800 22:16:55.0126 7304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000 22:16:55.0195 7304 Initialize success 22:16:55.0195 7304 ============================================================ 22:17:49.0963 10212 ============================================================ 22:17:49.0963 10212 Scan started 22:17:49.0963 10212 Mode: Manual; SigCheck; TDLFS; 22:17:49.0963 10212 ============================================================ 22:17:52.0606 10212 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 22:17:52.0667 10212 !SASCORE - ok 22:17:52.0781 10212 1394hub - ok 22:17:52.0834 10212 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 22:17:52.0902 10212 1394ohci - ok 22:17:52.0998 10212 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys 22:17:53.0027 10212 a2acc - ok 22:17:53.0117 10212 a2AntiMalware (5a65a77f7a4a091e896c21db4ef18e1f) C:\Program Files\Emsisoft Anti-Malware\a2service.exe 22:17:53.0191 10212 a2AntiMalware - ok 22:17:53.0253 10212 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys 22:17:53.0264 10212 A2DDA - ok 22:17:53.0288 10212 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys 22:17:53.0298 10212 a2injectiondriver - ok 22:17:53.0319 10212 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys 22:17:53.0330 10212 a2util - ok 22:17:53.0405 10212 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 22:17:53.0420 10212 ACPI - ok 22:17:53.0466 10212 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 22:17:53.0531 10212 AcpiPmi - ok 22:17:53.0605 10212 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 22:17:53.0616 10212 AdobeFlashPlayerUpdateSvc - ok 22:17:53.0652 10212 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 22:17:53.0671 10212 adp94xx - ok 22:17:53.0711 10212 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 22:17:53.0727 10212 adpahci - ok 22:17:53.0769 10212 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 22:17:53.0783 10212 adpu320 - ok 22:17:53.0815 10212 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 22:17:53.0858 10212 AeLookupSvc - ok 22:17:53.0908 10212 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 22:17:53.0966 10212 AFD - ok 22:17:53.0997 10212 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 22:17:54.0010 10212 agp440 - ok 22:17:54.0018 10212 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 22:17:54.0031 10212 aic78xx - ok 22:17:54.0062 10212 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 22:17:54.0106 10212 ALG - ok 22:17:54.0121 10212 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 22:17:54.0133 10212 aliide - ok 22:17:54.0180 10212 AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe 22:17:54.0217 10212 AMD External Events Utility - ok 22:17:54.0237 10212 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 22:17:54.0249 10212 amdagp - ok 22:17:54.0264 10212 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 22:17:54.0276 10212 amdide - ok 22:17:54.0289 10212 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 22:17:54.0335 10212 AmdK8 - ok 22:17:54.0490 10212 amdkmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys 22:17:54.0705 10212 amdkmdag - ok 22:17:54.0746 10212 amdkmdap (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys 22:17:54.0802 10212 amdkmdap - ok 22:17:54.0811 10212 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 22:17:54.0861 10212 AmdPPM - ok 22:17:54.0895 10212 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 22:17:54.0908 10212 amdsata - ok 22:17:54.0918 10212 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 22:17:54.0931 10212 amdsbs - ok 22:17:54.0964 10212 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 22:17:54.0975 10212 amdxata - ok 22:17:55.0005 10212 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 22:17:55.0092 10212 AppID - ok 22:17:55.0124 10212 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 22:17:55.0149 10212 AppIDSvc - ok 22:17:55.0177 10212 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 22:17:55.0207 10212 Appinfo - ok 22:17:55.0244 10212 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 22:17:55.0257 10212 arc - ok 22:17:55.0276 10212 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 22:17:55.0289 10212 arcsas - ok 22:17:55.0360 10212 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 22:17:55.0387 10212 aspnet_state - ok 22:17:55.0410 10212 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 22:17:55.0501 10212 AsyncMac - ok 22:17:55.0557 10212 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 22:17:55.0569 10212 atapi - ok 22:17:55.0596 10212 AtiHDAudioService (4d201d8b576be4473405b2a86a2d28b3) C:\Windows\system32\drivers\AtihdW73.sys 22:17:55.0608 10212 AtiHDAudioService - ok 22:17:55.0640 10212 AtiHdmiService (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys 22:17:55.0653 10212 AtiHdmiService - ok 22:17:55.0707 10212 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 22:17:55.0735 10212 AudioEndpointBuilder - ok 22:17:55.0756 10212 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 22:17:55.0783 10212 Audiosrv - ok 22:17:55.0847 10212 AVP - ok 22:17:55.0905 10212 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 22:17:55.0987 10212 AxInstSV - ok 22:17:56.0029 10212 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 22:17:56.0119 10212 b06bdrv - ok 22:17:56.0156 10212 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 22:17:56.0189 10212 b57nd60x - ok 22:17:56.0220 10212 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 22:17:56.0291 10212 BDESVC - ok 22:17:56.0396 10212 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 22:17:56.0440 10212 Beep - ok 22:17:56.0497 10212 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 22:17:56.0571 10212 BFE - ok 22:17:56.0608 10212 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll 22:17:56.0692 10212 BITS - ok 22:17:56.0709 10212 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 22:17:56.0723 10212 blbdrive - ok 22:17:56.0753 10212 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 22:17:56.0792 10212 bowser - ok 22:17:56.0806 10212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:17:56.0856 10212 BrFiltLo - ok 22:17:56.0865 10212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:17:56.0901 10212 BrFiltUp - ok 22:17:56.0968 10212 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 22:17:57.0003 10212 BridgeMP - ok 22:17:57.0055 10212 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 22:17:57.0081 10212 Browser - ok 22:17:57.0113 10212 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 22:17:57.0181 10212 Brserid - ok 22:17:57.0200 10212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 22:17:57.0226 10212 BrSerWdm - ok 22:17:57.0255 10212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 22:17:57.0290 10212 BrUsbMdm - ok 22:17:57.0329 10212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 22:17:57.0372 10212 BrUsbSer - ok 22:17:57.0498 10212 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 22:17:57.0514 10212 BTHMODEM - ok 22:17:57.0560 10212 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 22:17:57.0587 10212 bthserv - ok 22:17:57.0672 10212 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS 22:17:57.0695 10212 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning 22:17:57.0695 10212 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1) 22:17:57.0800 10212 catchme - ok 22:17:57.0826 10212 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 22:17:57.0861 10212 cdfs - ok 22:17:57.0946 10212 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 22:17:57.0987 10212 cdrom - ok 22:17:58.0029 10212 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 22:17:58.0068 10212 CertPropSvc - ok 22:17:58.0107 10212 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 22:17:58.0149 10212 circlass - ok 22:17:58.0168 10212 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 22:17:58.0182 10212 CLFS - ok 22:17:58.0272 10212 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:17:58.0282 10212 clr_optimization_v2.0.50727_32 - ok 22:17:58.0318 10212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:17:58.0373 10212 clr_optimization_v4.0.30319_32 - ok 22:17:58.0395 10212 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 22:17:58.0436 10212 CmBatt - ok 22:17:58.0483 10212 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 22:17:58.0495 10212 cmdide - ok 22:17:58.0534 10212 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 22:17:58.0554 10212 CNG - ok 22:17:58.0589 10212 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 22:17:58.0601 10212 Compbatt - ok 22:17:58.0661 10212 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 22:17:58.0678 10212 CompositeBus - ok 22:17:58.0685 10212 COMSysApp - ok 22:17:58.0702 10212 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 22:17:58.0714 10212 crcdisk - ok 22:17:58.0755 10212 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 22:17:58.0781 10212 CryptSvc - ok 22:17:58.0882 10212 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 22:17:58.0908 10212 cvhsvc - ok 22:17:58.0936 10212 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 22:17:58.0976 10212 DcomLaunch - ok 22:17:59.0018 10212 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 22:17:59.0060 10212 defragsvc - ok 22:17:59.0078 10212 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 22:17:59.0118 10212 DfsC - ok 22:17:59.0151 10212 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 22:17:59.0178 10212 Dhcp - ok 22:17:59.0193 10212 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 22:17:59.0232 10212 discache - ok 22:17:59.0268 10212 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 22:17:59.0279 10212 Disk - ok 22:17:59.0313 10212 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 22:17:59.0391 10212 Dnscache - ok 22:17:59.0432 10212 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 22:17:59.0476 10212 dot3svc - ok 22:17:59.0511 10212 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 22:17:59.0565 10212 DPS - ok 22:17:59.0606 10212 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 22:17:59.0630 10212 drmkaud - ok 22:17:59.0669 10212 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 22:17:59.0691 10212 DXGKrnl - ok 22:17:59.0714 10212 EagleXNt - ok 22:17:59.0735 10212 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 22:17:59.0773 10212 EapHost - ok 22:17:59.0843 10212 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 22:17:59.0942 10212 ebdrv - ok 22:17:59.0977 10212 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 22:18:00.0002 10212 EFS - ok 22:18:00.0040 10212 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 22:18:00.0090 10212 ehRecvr - ok 22:18:00.0125 10212 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 22:18:00.0171 10212 ehSched - ok 22:18:00.0213 10212 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 22:18:00.0234 10212 elxstor - ok 22:18:00.0259 10212 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 22:18:00.0272 10212 ErrDev - ok 22:18:00.0313 10212 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 22:18:00.0343 10212 EventSystem - ok 22:18:00.0455 10212 EverestDriver - ok 22:18:00.0726 10212 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 22:18:00.0754 10212 exfat - ok 22:18:00.0806 10212 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 22:18:00.0846 10212 fastfat - ok 22:18:00.0916 10212 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 22:18:01.0001 10212 Fax - ok 22:18:01.0031 10212 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 22:18:01.0045 10212 fdc - ok 22:18:01.0072 10212 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 22:18:01.0114 10212 fdPHost - ok 22:18:01.0141 10212 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 22:18:01.0182 10212 FDResPub - ok 22:18:01.0202 10212 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 22:18:01.0212 10212 FileInfo - ok 22:18:01.0225 10212 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 22:18:01.0259 10212 Filetrace - ok 22:18:01.0357 10212 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 22:18:01.0384 10212 flpydisk - ok 22:18:01.0393 10212 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 22:18:01.0405 10212 FltMgr - ok 22:18:01.0452 10212 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 22:18:01.0551 10212 FontCache - ok 22:18:01.0620 10212 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 22:18:01.0739 10212 FontCache3.0.0.0 - ok 22:18:01.0759 10212 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 22:18:01.0771 10212 FsDepends - ok 22:18:01.0807 10212 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys 22:18:01.0817 10212 fssfltr - ok 22:18:01.0951 10212 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 22:18:01.0984 10212 fsssvc - ok 22:18:02.0023 10212 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 22:18:02.0114 10212 Fs_Rec - ok 22:18:02.0151 10212 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 22:18:02.0166 10212 fvevol - ok 22:18:02.0208 10212 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 22:18:02.0221 10212 gagp30kx - ok 22:18:02.0243 10212 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 22:18:02.0286 10212 gpsvc - ok 22:18:02.0321 10212 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 22:18:02.0332 10212 gupdate - ok 22:18:02.0338 10212 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 22:18:02.0347 10212 gupdatem - ok 22:18:02.0428 10212 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 22:18:02.0473 10212 hcw85cir - ok 22:18:02.0513 10212 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 22:18:02.0560 10212 HdAudAddService - ok 22:18:02.0625 10212 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 22:18:02.0657 10212 HDAudBus - ok 22:18:02.0665 10212 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 22:18:02.0702 10212 HidBatt - ok 22:18:02.0736 10212 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 22:18:02.0795 10212 HidBth - ok 22:18:02.0849 10212 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 22:18:02.0876 10212 HidIr - ok 22:18:02.0932 10212 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll 22:18:02.0971 10212 hidserv - ok 22:18:02.0994 10212 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 22:18:03.0022 10212 HidUsb - ok 22:18:03.0061 10212 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 22:18:03.0099 10212 hkmsvc - ok 22:18:03.0148 10212 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 22:18:03.0345 10212 HomeGroupListener - ok 22:18:03.0377 10212 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 22:18:03.0413 10212 HomeGroupProvider - ok 22:18:03.0454 10212 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 22:18:03.0466 10212 HpSAMD - ok 22:18:03.0515 10212 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 22:18:03.0545 10212 HTTP - ok 22:18:03.0580 10212 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 22:18:03.0590 10212 hwpolicy - ok 22:18:03.0633 10212 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 22:18:03.0664 10212 i8042prt - ok 22:18:03.0689 10212 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys 22:18:03.0705 10212 iaStor - ok 22:18:03.0762 10212 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 22:18:03.0773 10212 IAStorDataMgrSvc - ok 22:18:03.0799 10212 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 22:18:03.0817 10212 iaStorV - ok 22:18:03.0997 10212 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 22:18:04.0023 10212 IDriverT ( UnsignedFile.Multi.Generic ) - warning 22:18:04.0023 10212 IDriverT - detected UnsignedFile.Multi.Generic (1) 22:18:04.0073 10212 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:18:04.0097 10212 idsvc - ok 22:18:04.0130 10212 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 22:18:04.0142 10212 iirsp - ok 22:18:04.0199 10212 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 22:18:04.0245 10212 IKEEXT - ok 22:18:04.0343 10212 IntcAzAudAddService (4be85cf5831a41104c2dded55fbc3565) C:\Windows\system32\drivers\RTKVHDA.sys 22:18:04.0428 10212 IntcAzAudAddService - ok 22:18:04.0476 10212 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 22:18:04.0487 10212 intelide - ok 22:18:04.0534 10212 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 22:18:04.0562 10212 intelppm - ok 22:18:04.0592 10212 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 22:18:04.0640 10212 IPBusEnum - ok 22:18:04.0667 10212 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:18:04.0693 10212 IpFilterDriver - ok 22:18:04.0736 10212 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 22:18:04.0773 10212 iphlpsvc - ok 22:18:04.0812 10212 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 22:18:04.0828 10212 IPMIDRV - ok 22:18:04.0836 10212 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 22:18:04.0874 10212 IPNAT - ok 22:18:04.0900 10212 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 22:18:04.0929 10212 IRENUM - ok 22:18:04.0988 10212 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 22:18:05.0000 10212 isapnp - ok 22:18:05.0040 10212 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 22:18:05.0055 10212 iScsiPrt - ok 22:18:05.0080 10212 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 22:18:05.0093 10212 kbdclass - ok 22:18:05.0104 10212 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 22:18:05.0130 10212 kbdhid - ok 22:18:05.0160 10212 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 22:18:05.0173 10212 KeyIso - ok 22:18:05.0217 10212 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys 22:18:05.0229 10212 KL1 - ok 22:18:05.0254 10212 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys 22:18:05.0265 10212 kl2 - ok 22:18:05.0318 10212 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys 22:18:05.0339 10212 KLIF - ok 22:18:05.0376 10212 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys 22:18:05.0387 10212 KLIM6 - ok 22:18:05.0444 10212 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys 22:18:05.0455 10212 klmouflt - ok 22:18:05.0470 10212 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 22:18:05.0482 10212 KSecDD - ok 22:18:05.0493 10212 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 22:18:05.0505 10212 KSecPkg - ok 22:18:05.0544 10212 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 22:18:05.0619 10212 KtmRm - ok 22:18:05.0673 10212 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll 22:18:05.0699 10212 LanmanServer - ok 22:18:05.0731 10212 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 22:18:05.0776 10212 lltdio - ok 22:18:05.0810 10212 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 22:18:05.0839 10212 lltdsvc - ok 22:18:05.0860 10212 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 22:18:05.0934 10212 lmhosts - ok 22:18:05.0976 10212 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 22:18:05.0989 10212 LSI_FC - ok 22:18:06.0024 10212 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 22:18:06.0036 10212 LSI_SAS - ok 22:18:06.0069 10212 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:18:06.0081 10212 LSI_SAS2 - ok 22:18:06.0116 10212 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:18:06.0129 10212 LSI_SCSI - ok 22:18:06.0147 10212 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 22:18:06.0173 10212 luafv - ok 22:18:06.0242 10212 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 22:18:06.0251 10212 MBAMProtector - ok 22:18:06.0316 10212 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 22:18:06.0334 10212 MBAMService - ok 22:18:06.0484 10212 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 22:18:06.0500 10212 Mcx2Svc - ok 22:18:06.0513 10212 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 22:18:06.0525 10212 megasas - ok 22:18:06.0540 10212 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 22:18:06.0556 10212 MegaSR - ok 22:18:06.0718 10212 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 22:18:06.0729 10212 Microsoft Office Groove Audit Service - ok 22:18:06.0762 10212 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 22:18:06.0797 10212 MMCSS - ok 22:18:06.0816 10212 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 22:18:06.0853 10212 Modem - ok 22:18:06.0905 10212 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 22:18:06.0935 10212 monitor - ok 22:18:06.0986 10212 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 22:18:06.0997 10212 mouclass - ok 22:18:07.0058 10212 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 22:18:07.0089 10212 mouhid - ok 22:18:07.0129 10212 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 22:18:07.0140 10212 mountmgr - ok 22:18:07.0172 10212 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 22:18:07.0185 10212 mpio - ok 22:18:07.0197 10212 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 22:18:07.0239 10212 mpsdrv - ok 22:18:07.0285 10212 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 22:18:07.0343 10212 MpsSvc - ok 22:18:07.0406 10212 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 22:18:07.0442 10212 MRxDAV - ok 22:18:07.0469 10212 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:18:07.0501 10212 mrxsmb - ok 22:18:07.0520 10212 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:18:07.0535 10212 mrxsmb10 - ok 22:18:07.0544 10212 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:18:07.0574 10212 mrxsmb20 - ok 22:18:07.0608 10212 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 22:18:07.0620 10212 msahci - ok 22:18:07.0648 10212 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 22:18:07.0661 10212 msdsm - ok 22:18:07.0705 10212 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 22:18:07.0721 10212 MSDTC - ok 22:18:07.0734 10212 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 22:18:07.0760 10212 Msfs - ok 22:18:07.0818 10212 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 22:18:07.0856 10212 mshidkmdf - ok 22:18:07.0880 10212 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 22:18:07.0890 10212 msisadrv - ok 22:18:07.0911 10212 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 22:18:07.0955 10212 MSiSCSI - ok 22:18:07.0962 10212 msiserver - ok 22:18:07.0988 10212 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 22:18:08.0028 10212 MSKSSRV - ok 22:18:08.0056 10212 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 22:18:08.0083 10212 MSPCLOCK - ok 22:18:08.0095 10212 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 22:18:08.0121 10212 MSPQM - ok 22:18:08.0136 10212 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 22:18:08.0149 10212 MsRPC - ok 22:18:08.0168 10212 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 22:18:08.0180 10212 mssmbios - ok 22:18:08.0200 10212 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 22:18:08.0225 10212 MSTEE - ok 22:18:08.0256 10212 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 22:18:08.0288 10212 MTConfig - ok 22:18:08.0314 10212 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 22:18:08.0325 10212 Mup - ok 22:18:08.0361 10212 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 22:18:08.0407 10212 napagent - ok 22:18:08.0443 10212 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 22:18:08.0462 10212 NativeWifiP - ok 22:18:08.0484 10212 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 22:18:08.0506 10212 NDIS - ok 22:18:08.0534 10212 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 22:18:08.0561 10212 NdisCap - ok 22:18:08.0590 10212 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 22:18:08.0630 10212 NdisTapi - ok 22:18:08.0680 10212 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 22:18:08.0716 10212 Ndisuio - ok 22:18:08.0738 10212 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 22:18:08.0765 10212 NdisWan - ok 22:18:08.0790 10212 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 22:18:08.0829 10212 NDProxy - ok 22:18:08.0838 10212 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 22:18:08.0862 10212 NetBIOS - ok 22:18:08.0897 10212 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 22:18:08.0936 10212 NetBT - ok 22:18:08.0965 10212 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 22:18:08.0979 10212 Netlogon - ok 22:18:09.0032 10212 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 22:18:09.0079 10212 Netman - ok 22:18:09.0132 10212 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 22:18:09.0144 10212 NetMsmqActivator - ok 22:18:09.0157 10212 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 22:18:09.0167 10212 NetPipeActivator - ok 22:18:09.0185 10212 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 22:18:09.0230 10212 netprofm - ok 22:18:09.0246 10212 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 22:18:09.0256 10212 NetTcpActivator - ok 22:18:09.0259 10212 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 22:18:09.0269 10212 NetTcpPortSharing - ok 22:18:09.0298 10212 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 22:18:09.0310 10212 nfrd960 - ok 22:18:09.0325 10212 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 22:18:09.0352 10212 NlaSvc - ok 22:18:09.0400 10212 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys 22:18:09.0458 10212 nmwcd - ok 22:18:09.0467 10212 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys 22:18:09.0494 10212 nmwcdc - ok 22:18:09.0525 10212 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\Windows\system32\drivers\nmwcdnsu.sys 22:18:09.0574 10212 nmwcdnsu - ok 22:18:09.0583 10212 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 22:18:09.0608 10212 Npfs - ok 22:18:09.0638 10212 npggsvc - ok 22:18:09.0670 10212 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 22:18:09.0697 10212 nsi - ok 22:18:09.0717 10212 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 22:18:09.0744 10212 nsiproxy - ok 22:18:09.0776 10212 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 22:18:09.0806 10212 Ntfs - ok 22:18:09.0825 10212 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 22:18:09.0868 10212 Null - ok 22:18:09.0892 10212 nusb3hub (03ad379554b50fa1802be4ec2e291e92) C:\Windows\system32\DRIVERS\nusb3hub.sys 22:18:09.0903 10212 nusb3hub - ok 22:18:09.0949 10212 nusb3xhc (06fe87c9d181af5f04d192e604e10e6c) C:\Windows\system32\DRIVERS\nusb3xhc.sys 22:18:09.0961 10212 nusb3xhc - ok 22:18:10.0003 10212 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 22:18:10.0017 10212 nvraid - ok 22:18:10.0049 10212 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 22:18:10.0062 10212 nvstor - ok 22:18:10.0091 10212 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 22:18:10.0104 10212 nv_agp - ok 22:18:10.0265 10212 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:18:10.0281 10212 odserv - ok 22:18:10.0318 10212 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 22:18:10.0356 10212 ohci1394 - ok 22:18:10.0392 10212 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:18:10.0404 10212 ose - ok 22:18:10.0517 10212 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 22:18:10.0587 10212 osppsvc - ok 22:18:10.0628 10212 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 22:18:10.0743 10212 p2pimsvc - ok 22:18:10.0785 10212 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 22:18:10.0801 10212 p2psvc - ok 22:18:10.0839 10212 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 22:18:10.0867 10212 Parport - ok 22:18:10.0890 10212 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 22:18:10.0901 10212 partmgr - ok 22:18:10.0921 10212 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 22:18:10.0951 10212 Parvdm - ok 22:18:10.0977 10212 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 22:18:11.0020 10212 PcaSvc - ok 22:18:11.0078 10212 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 22:18:11.0113 10212 pccsmcfd - ok 22:18:11.0134 10212 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 22:18:11.0147 10212 pci - ok 22:18:11.0204 10212 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 22:18:11.0215 10212 pciide - ok 22:18:11.0229 10212 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 22:18:11.0248 10212 pcmcia - ok 22:18:11.0380 10212 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 22:18:11.0390 10212 pcw - ok 22:18:11.0424 10212 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 22:18:11.0476 10212 PEAUTH - ok 22:18:11.0560 10212 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 22:18:11.0615 10212 pla - ok 22:18:11.0677 10212 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 22:18:11.0706 10212 PlugPlay - ok 22:18:11.0774 10212 PnkBstrA (205e1b699fd3f2f9b036eea2ec30c620) C:\Windows\system32\PnkBstrA.exe 22:18:11.0866 10212 PnkBstrA - ok 22:18:11.0882 10212 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 22:18:11.0918 10212 PNRPAutoReg - ok 22:18:11.0960 10212 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 22:18:11.0975 10212 PNRPsvc - ok 22:18:11.0997 10212 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 22:18:12.0025 10212 PolicyAgent - ok 22:18:12.0056 10212 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 22:18:12.0104 10212 Power - ok 22:18:12.0134 10212 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 22:18:12.0160 10212 PptpMiniport - ok 22:18:12.0183 10212 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 22:18:12.0204 10212 Processor - ok 22:18:12.0228 10212 Profos - ok 22:18:12.0270 10212 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 22:18:12.0296 10212 ProfSvc - ok 22:18:12.0337 10212 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 22:18:12.0351 10212 ProtectedStorage - ok 22:18:12.0426 10212 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 22:18:12.0466 10212 Psched - ok 22:18:12.0632 10212 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 22:18:12.0730 10212 PSI_SVC_2 - ok 22:18:12.0772 10212 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 22:18:12.0806 10212 ql2300 - ok 22:18:12.0845 10212 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 22:18:12.0858 10212 ql40xx - ok 22:18:12.0892 10212 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 22:18:12.0927 10212 QWAVE - ok 22:18:12.0953 10212 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 22:18:12.0977 10212 QWAVEdrv - ok 22:18:12.0997 10212 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 22:18:13.0022 10212 RasAcd - ok 22:18:13.0065 10212 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 22:18:13.0090 10212 RasAgileVpn - ok 22:18:13.0108 10212 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 22:18:13.0135 10212 RasAuto - ok 22:18:13.0144 10212 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:18:13.0170 10212 Rasl2tp - ok 22:18:13.0198 10212 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 22:18:13.0241 10212 RasMan - ok 22:18:13.0259 10212 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 22:18:13.0298 10212 RasPppoe - ok 22:18:13.0306 10212 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 22:18:13.0331 10212 RasSstp - ok 22:18:13.0360 10212 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 22:18:13.0402 10212 rdbss - ok 22:18:13.0429 10212 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 22:18:13.0449 10212 rdpbus - ok 22:18:13.0474 10212 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:18:13.0497 10212 RDPCDD - ok 22:18:13.0515 10212 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 22:18:13.0553 10212 RDPENCDD - ok 22:18:13.0562 10212 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 22:18:13.0584 10212 RDPREFMP - ok 22:18:13.0621 10212 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 22:18:13.0649 10212 RDPWD - ok 22:18:13.0677 10212 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 22:18:13.0690 10212 rdyboost - ok 22:18:13.0730 10212 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 22:18:13.0756 10212 RemoteAccess - ok 22:18:13.0771 10212 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 22:18:13.0812 10212 RemoteRegistry - ok 22:18:13.0841 10212 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 22:18:13.0868 10212 RpcEptMapper - ok 22:18:13.0908 10212 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 22:18:13.0924 10212 RpcLocator - ok 22:18:13.0960 10212 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 22:18:13.0988 10212 RpcSs - ok 22:18:14.0007 10212 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 22:18:14.0034 10212 rspndr - ok 22:18:14.0081 10212 RTL8167 (0516998076ad894ae7e362c3110aa071) C:\Windows\system32\DRIVERS\Rt86win7.sys 22:18:14.0097 10212 RTL8167 - ok 22:18:14.0139 10212 RTL8192su (9ce8deffaffccbf473015d76ae8ee514) C:\Windows\system32\DRIVERS\RTL8192su.sys 22:18:14.0160 10212 RTL8192su - ok 22:18:14.0197 10212 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 22:18:14.0211 10212 SamSs - ok 22:18:14.0266 10212 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 22:18:14.0277 10212 SASDIFSV - ok 22:18:14.0307 10212 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 22:18:14.0319 10212 SASKUTIL - ok 22:18:14.0356 10212 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 22:18:14.0369 10212 sbp2port - ok 22:18:14.0392 10212 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 22:18:14.0432 10212 SCardSvr - ok 22:18:14.0491 10212 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 22:18:14.0516 10212 scfilter - ok 22:18:14.0558 10212 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 22:18:14.0594 10212 Schedule - ok 22:18:14.0638 10212 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 22:18:14.0661 10212 SCPolicySvc - ok 22:18:14.0681 10212 SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\Windows\system32\drivers\ScreamingBAudio.sys 22:18:14.0692 10212 SCREAMINGBDRIVER - ok 22:18:14.0721 10212 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 22:18:14.0760 10212 SDRSVC - ok 22:18:14.0782 10212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 22:18:14.0823 10212 secdrv - ok 22:18:14.0840 10212 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 22:18:14.0876 10212 seclogon - ok 22:18:14.0894 10212 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll 22:18:14.0927 10212 SENS - ok 22:18:14.0943 10212 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 22:18:14.0982 10212 SensrSvc - ok 22:18:15.0009 10212 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 22:18:15.0038 10212 Serenum - ok 22:18:15.0068 10212 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 22:18:15.0083 10212 Serial - ok 22:18:15.0121 10212 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 22:18:15.0148 10212 sermouse - ok 22:18:15.0179 10212 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 22:18:15.0199 10212 ServiceLayer - ok 22:18:15.0233 10212 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 22:18:15.0259 10212 SessionEnv - ok 22:18:15.0293 10212 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 22:18:15.0333 10212 sffdisk - ok 22:18:15.0349 10212 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 22:18:15.0379 10212 sffp_mmc - ok 22:18:15.0387 10212 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 22:18:15.0406 10212 sffp_sd - ok 22:18:15.0422 10212 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 22:18:15.0436 10212 sfloppy - ok 22:18:15.0478 10212 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys 22:18:15.0497 10212 Sftfs - ok 22:18:15.0676 10212 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe 22:18:15.0696 10212 sftlist - ok 22:18:15.0718 10212 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys 22:18:15.0731 10212 Sftplay - ok 22:18:15.0753 10212 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys 22:18:15.0762 10212 Sftredir - ok 22:18:15.0781 10212 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys 22:18:15.0791 10212 Sftvol - ok 22:18:15.0808 10212 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe 22:18:15.0821 10212 sftvsa - ok 22:18:15.0874 10212 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 22:18:15.0918 10212 SharedAccess - ok 22:18:15.0954 10212 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 22:18:15.0981 10212 ShellHWDetection - ok 22:18:16.0018 10212 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 22:18:16.0030 10212 sisagp - ok 22:18:16.0055 10212 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:18:16.0068 10212 SiSRaid2 - ok 22:18:16.0079 10212 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 22:18:16.0091 10212 SiSRaid4 - ok 22:18:16.0128 10212 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 22:18:16.0171 10212 Smb - ok 22:18:16.0204 10212 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 22:18:16.0228 10212 SNMPTRAP - ok 22:18:16.0449 10212 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 22:18:16.0458 10212 spldr - ok 22:18:16.0506 10212 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 22:18:16.0582 10212 Spooler - ok 22:18:16.0661 10212 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 22:18:16.0712 10212 sppsvc - ok 22:18:16.0770 10212 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 22:18:16.0810 10212 sppuinotify - ok 22:18:16.0830 10212 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 22:18:16.0864 10212 srv - ok 22:18:16.0875 10212 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 22:18:16.0903 10212 srv2 - ok 22:18:16.0913 10212 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 22:18:16.0933 10212 srvnet - ok 22:18:16.0954 10212 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 22:18:16.0994 10212 SSDPSRV - ok 22:18:17.0010 10212 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 22:18:17.0056 10212 SstpSvc - ok 22:18:17.0212 10212 Steam Client Service - ok 22:18:17.0244 10212 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 22:18:17.0256 10212 stexstor - ok 22:18:17.0304 10212 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 22:18:17.0328 10212 StiSvc - ok 22:18:17.0366 10212 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 22:18:17.0378 10212 swenum - ok 22:18:17.0454 10212 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 22:18:17.0510 10212 swprv - ok 22:18:17.0562 10212 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 22:18:17.0629 10212 SysMain - ok 22:18:17.0668 10212 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 22:18:17.0687 10212 TabletInputService - ok 22:18:17.0739 10212 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 22:18:17.0781 10212 TapiSrv - ok 22:18:17.0813 10212 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 22:18:17.0852 10212 TBS - ok 22:18:17.0897 10212 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 22:18:17.0929 10212 Tcpip - ok 22:18:17.0991 10212 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 22:18:18.0017 10212 TCPIP6 - ok 22:18:18.0046 10212 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 22:18:18.0071 10212 tcpipreg - ok 22:18:18.0128 10212 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 22:18:18.0157 10212 TDPIPE - ok 22:18:18.0192 10212 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 22:18:18.0213 10212 TDTCP - ok 22:18:18.0251 10212 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 22:18:18.0288 10212 tdx - ok 22:18:18.0308 10212 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 22:18:18.0320 10212 TermDD - ok 22:18:18.0359 10212 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 22:18:18.0391 10212 TermService - ok 22:18:18.0407 10212 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 22:18:18.0423 10212 Themes - ok 22:18:18.0451 10212 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 22:18:18.0476 10212 THREADORDER - ok 22:18:18.0506 10212 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 22:18:18.0533 10212 TrkWks - ok 22:18:18.0576 10212 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 22:18:18.0614 10212 TrustedInstaller - ok 22:18:18.0636 10212 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:18:18.0671 10212 tssecsrv - ok 22:18:18.0726 10212 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 22:18:18.0752 10212 TsUsbFlt - ok 22:18:18.0914 10212 TuneUp.UtilitiesSvc (60c6ac47323c81712896c5c8c7974dd1) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe 22:18:18.0945 10212 TuneUp.UtilitiesSvc - ok 22:18:18.0995 10212 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys 22:18:19.0006 10212 TuneUpUtilitiesDrv - ok 22:18:19.0046 10212 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 22:18:19.0088 10212 tunnel - ok 22:18:19.0108 10212 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 22:18:19.0120 10212 uagp35 - ok 22:18:19.0154 10212 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 22:18:19.0201 10212 udfs - ok 22:18:19.0222 10212 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 22:18:19.0237 10212 UI0Detect - ok 22:18:19.0257 10212 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 22:18:19.0269 10212 uliagpkx - ok 22:18:19.0323 10212 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 22:18:19.0349 10212 umbus - ok 22:18:19.0378 10212 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 22:18:19.0407 10212 UmPass - ok 22:18:19.0435 10212 Update-Service (1cb3bcf37667867a2db0f68c34c25b8f) C:\Windows\System32\UpdSvc.dll 22:18:19.0448 10212 Update-Service - ok 22:18:19.0473 10212 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 22:18:19.0537 10212 upnphost - ok 22:18:19.0592 10212 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 22:18:19.0628 10212 upperdev - ok 22:18:19.0673 10212 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 22:18:19.0705 10212 usbaudio - ok 22:18:19.0722 10212 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 22:18:19.0749 10212 usbccgp - ok 22:18:19.0778 10212 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 22:18:19.0806 10212 usbcir - ok 22:18:19.0824 10212 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys 22:18:19.0837 10212 usbehci - ok 22:18:19.0850 10212 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 22:18:19.0878 10212 usbhub - ok 22:18:19.0897 10212 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 22:18:19.0912 10212 usbohci - ok 22:18:19.0927 10212 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 22:18:19.0942 10212 usbprint - ok 22:18:19.0996 10212 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\DRIVERS\usbser.sys 22:18:20.0023 10212 usbser - ok 22:18:20.0040 10212 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:18:20.0095 10212 USBSTOR - ok 22:18:20.0102 10212 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys 22:18:20.0128 10212 usbuhci - ok 22:18:20.0143 10212 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 22:18:20.0167 10212 UxSms - ok 22:18:20.0236 10212 UxTuneUp (28d6e820ec76c3a412d638906b840ca9) C:\Windows\System32\uxtuneup.dll 22:18:20.0373 10212 UxTuneUp - ok 22:18:20.0401 10212 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 22:18:20.0414 10212 VaultSvc - ok 22:18:20.0450 10212 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 22:18:20.0461 10212 vdrvroot - ok 22:18:20.0507 10212 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 22:18:20.0557 10212 vds - ok 22:18:20.0580 10212 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 22:18:20.0596 10212 vga - ok 22:18:20.0637 10212 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 22:18:20.0663 10212 VgaSave - ok 22:18:20.0683 10212 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 22:18:20.0697 10212 vhdmp - ok 22:18:20.0735 10212 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 22:18:20.0747 10212 viaagp - ok 22:18:20.0772 10212 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 22:18:20.0787 10212 ViaC7 - ok 22:18:20.0808 10212 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 22:18:20.0820 10212 viaide - ok 22:18:20.0840 10212 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 22:18:20.0851 10212 volmgr - ok 22:18:20.0862 10212 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 22:18:20.0876 10212 volmgrx - ok 22:18:20.0887 10212 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 22:18:20.0901 10212 volsnap - ok 22:18:20.0927 10212 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 22:18:20.0941 10212 vsmraid - ok 22:18:20.0999 10212 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 22:18:21.0037 10212 VSS - ok 22:18:21.0194 10212 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe 22:18:21.0213 10212 vToolbarUpdater10.2.0 - ok 22:18:21.0228 10212 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 22:18:21.0243 10212 vwifibus - ok 22:18:21.0367 10212 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 22:18:21.0438 10212 vwififlt - ok 22:18:21.0482 10212 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 22:18:21.0527 10212 W32Time - ok 22:18:21.0544 10212 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 22:18:21.0558 10212 WacomPen - ok 22:18:21.0588 10212 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 22:18:21.0613 10212 WANARP - ok 22:18:21.0616 10212 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 22:18:21.0639 10212 Wanarpv6 - ok 22:18:21.0693 10212 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 22:18:21.0727 10212 WatAdminSvc - ok 22:18:21.0757 10212 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 22:18:21.0808 10212 wbengine - ok 22:18:21.0823 10212 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 22:18:21.0858 10212 WbioSrvc - ok 22:18:21.0885 10212 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 22:18:21.0915 10212 wcncsvc - ok 22:18:21.0938 10212 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 22:18:21.0984 10212 WcsPlugInService - ok 22:18:21.0997 10212 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 22:18:22.0009 10212 Wd - ok 22:18:22.0032 10212 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 22:18:22.0049 10212 Wdf01000 - ok 22:18:22.0062 10212 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 22:18:22.0121 10212 WdiServiceHost - ok 22:18:22.0124 10212 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 22:18:22.0140 10212 WdiSystemHost - ok 22:18:22.0164 10212 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 22:18:22.0201 10212 WebClient - ok 22:18:22.0218 10212 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 22:18:22.0246 10212 Wecsvc - ok 22:18:22.0254 10212 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 22:18:22.0283 10212 wercplsupport - ok 22:18:22.0335 10212 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 22:18:22.0363 10212 WerSvc - ok 22:18:22.0423 10212 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 22:18:22.0461 10212 WfpLwf - ok 22:18:22.0501 10212 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 22:18:22.0513 10212 WIMMount - ok 22:18:22.0574 10212 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 22:18:22.0599 10212 WinDefend - ok 22:18:22.0603 10212 WinHttpAutoProxySvc - ok 22:18:22.0666 10212 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 22:18:22.0729 10212 Winmgmt - ok 22:18:22.0756 10212 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 22:18:22.0807 10212 WinRM - ok 22:18:22.0879 10212 WinUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys 22:18:22.0908 10212 WinUSB - ok 22:18:22.0938 10212 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 22:18:22.0987 10212 Wlansvc - ok 22:18:23.0138 10212 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 22:18:23.0149 10212 wlcrasvc - ok 22:18:23.0211 10212 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:18:23.0253 10212 wlidsvc - ok 22:18:23.0284 10212 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 22:18:23.0296 10212 WmiAcpi - ok 22:18:23.0339 10212 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 22:18:23.0355 10212 wmiApSrv - ok 22:18:23.0413 10212 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 22:18:23.0470 10212 WMPNetworkSvc - ok 22:18:23.0502 10212 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 22:18:23.0533 10212 WPCSvc - ok 22:18:23.0570 10212 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 22:18:23.0645 10212 WPDBusEnum - ok 22:18:23.0677 10212 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 22:18:23.0703 10212 ws2ifsl - ok 22:18:23.0723 10212 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll 22:18:23.0740 10212 wscsvc - ok 22:18:23.0747 10212 WSearch - ok 22:18:23.0808 10212 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 22:18:23.0878 10212 wuauserv - ok 22:18:23.0917 10212 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 22:18:23.0959 10212 WudfPf - ok 22:18:23.0983 10212 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:18:24.0026 10212 WUDFRd - ok 22:18:24.0063 10212 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 22:18:24.0112 10212 wudfsvc - ok 22:18:24.0136 10212 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 22:18:24.0193 10212 WwanSvc - ok 22:18:24.0238 10212 XDva351 - ok 22:18:24.0275 10212 MBR (0x1B8) (5d949eea3beec2df38a2d7900ad89a60) \Device\Harddisk0\DR0 22:18:26.0061 10212 \Device\Harddisk0\DR0 - ok 22:18:26.0084 10212 Boot (0x1200) (4ba4fab1ab1bb0938c5ce8ca9a40ec46) \Device\Harddisk0\DR0\Partition0 22:18:26.0085 10212 \Device\Harddisk0\DR0\Partition0 - ok 22:18:26.0092 10212 Boot (0x1200) (6906c902f0e51af117d14bdf3646a777) \Device\Harddisk0\DR0\Partition1 22:18:26.0093 10212 \Device\Harddisk0\DR0\Partition1 - ok 22:18:26.0117 10212 Boot (0x1200) (4a6508facea94b9fcabe01bdc850863e) \Device\Harddisk0\DR0\Partition2 22:18:26.0118 10212 \Device\Harddisk0\DR0\Partition2 - ok 22:18:26.0119 10212 ============================================================ 22:18:26.0119 10212 Scan finished 22:18:26.0119 10212 ============================================================ 22:18:26.0125 8876 Detected object count: 2 22:18:26.0125 8876 Actual detected object count: 2 22:18:50.0672 8876 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user 22:18:50.0672 8876 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:18:50.0672 8876 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 22:18:50.0672 8876 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
13.04.2012, 16:45
| #12 |
| /// Malware-holic | Trojan.Win32.Mediyes hi, auf der vorhergehenden seite sagst du auf meine frage, obs meldungen gibt, nein, zumindest beim hochfahren nicht. ich muss also noch mal blöd nachfragen, gibt es überhaupt meldungen oder nicht mehr
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.04.2012, 18:41
| #13 |
| | Trojan.Win32.Mediyes nein, momentan gibt es keine meldungen mehr. |
|
14.04.2012, 17:40
| #14 |
| /// Malware-holic | Trojan.Win32.Mediyes ok, lade den CCleaner standard: CCleaner Download - CCleaner 3.17.1689 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojan.Win32.Mediyes |
| c:\windows, datei, desinfektion, desinfizieren, emsisoft, entdeck, entdeckt, erkenn, erkennt, folge, folgender, hochfahren, hängt, immer wieder, kis, löschen, schlägt, superantispyware, system, system32, trace.registry.seo, troja, trojaner, windows |
Linear-Darstellung
