| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner doch nicht weg ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.10.2012, 15:03
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  BKA Trojaner doch nicht weg ? Ok, eine Kontrolle bitte
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.10.2012, 15:41
| #17 |
 | BKA Trojaner doch nicht weg ? so die Dateien
__________________Code:
ATTFilter OTL logfile created on: 25.10.2012 16:26:17 - Run 4 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\sweety\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,13 Gb Available Physical Memory | 6,60% Memory free 4,21 Gb Paging File | 2,10 Gb Available in Paging File | 49,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,63 Gb Total Space | 0,29 Gb Free Space | 0,47% Space Free | Partition Type: NTFS Drive D: | 29,18 Gb Total Space | 26,53 Gb Free Space | 90,92% Space Free | Partition Type: NTFS Drive E: | 29,19 Gb Total Space | 1,04 Gb Free Space | 3,55% Space Free | Partition Type: NTFS Drive G: | 298,02 Gb Total Space | 115,07 Gb Free Space | 38,61% Space Free | Partition Type: FAT32 Drive R: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32 Computer Name: NOTEBOOK | User Name: sweety | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Users\sweety\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\FDM\FUM\fumoei.exe () PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Launch Manager\LaunchAp.exe () Code:
ATTFilter OTL Extras logfile created on: 25.10.2012 16:26:17 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\sweety\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,13 Gb Available Physical Memory | 6,60% Memory free
4,21 Gb Paging File | 2,10 Gb Available in Paging File | 49,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60,63 Gb Total Space | 0,29 Gb Free Space | 0,47% Space Free | Partition Type: NTFS
Drive D: | 29,18 Gb Total Space | 26,53 Gb Free Space | 90,92% Space Free | Partition Type: NTFS
Drive E: | 29,19 Gb Total Space | 1,04 Gb Free Space | 3,55% Space Free | Partition Type: NTFS
Drive G: | 298,02 Gb Total Space | 115,07 Gb Free Space | 38,61% Space Free | Partition Type: FAT32
Drive R: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32
Computer Name: NOTEBOOK | User Name: sweety | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4191780963-2002099150-675310161-1003\SOFTWARE\Classes\<extension>]
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-
|
|
25.10.2012, 15:45
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner doch nicht weg ? Die Logs sind unvollständig
__________________
__________________ |
|
25.10.2012, 16:00
| #19 |
| | BKA Trojaner doch nicht weg ? ok jetzt OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.10.2012 16:50:55 - Run 4 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\sweety\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,45 Gb Available Physical Memory | 22,48% Memory free 4,21 Gb Paging File | 1,83 Gb Available in Paging File | 43,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,63 Gb Total Space | 0,24 Gb Free Space | 0,40% Space Free | Partition Type: NTFS Drive D: | 29,18 Gb Total Space | 26,53 Gb Free Space | 90,92% Space Free | Partition Type: NTFS Drive E: | 29,19 Gb Total Space | 1,04 Gb Free Space | 3,55% Space Free | Partition Type: NTFS Drive G: | 298,02 Gb Total Space | 115,07 Gb Free Space | 38,61% Space Free | Partition Type: FAT32 Drive R: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32 Computer Name: NOTEBOOK | User Name: sweety | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Users\sweety\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\FDM\FUM\fumoei.exe () PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Launch Manager\LaunchAp.exe () ========== Modules (SafeList) ========== MOD - C:\Users\sweety\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (Microsoft Office Groove Audit Service) -- D:\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.f95.de/ IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\..\URLSearchHook: {013a635f-e3aa-4371-b682-ece95ca974b0} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.f95.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\sweety\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\sweety\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.07 07:00:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.07 07:00:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.16 07:33:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.06 18:56:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.06 18:56:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\sweety\AppData\Roaming\5025 [2011.09.12 17:39:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.06 18:56:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.06 18:56:10 | 000,000,000 | ---D | M] [2010.01.19 20:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Extensions [2012.10.25 15:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\20qd0ckc.default\extensions [2010.04.27 21:13:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\20qd0ckc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.25 11:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\extensions [2012.10.06 18:39:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.06.22 17:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.24 18:32:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- [2012.10.06 08:06:08 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.08 08:03:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.05.30 20:25:56 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.29 19:07:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.06 08:06:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.29 19:07:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.29 19:07:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.29 19:07:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.29 19:07:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.11 11:32:14 | 000,288,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 9953 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\..\Toolbar\WebBrowser: (no name) - {013A635F-E3AA-4371-B682-ECE95CA974B0} - No CLSID value found. O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003..\Run: [Free Uploader Oe Integration] C:\Programme\FDM\FUM\fumoei.exe () O4 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003..\Run: [KiesTrayAgent] File not found O4 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003 Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk G:\ O33 - MountPoints2\{96e98f84-f047-11dd-9ba5-0016d3836a2b}\Shell\AutoRun\command - "" = wscript.exe open_website.vbs O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\...com [@ = ComFile] -- Reg Error: Key error. File not found O37 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2012.10.25 15:59:11 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.06 18:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.10.06 18:54:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.06 18:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2007.07.12 04:57:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\sweety\AppData\Roaming\*.tmp files -> C:\Users\sweety\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.25 16:47:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.25 16:00:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.25 15:58:14 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.25 15:51:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.25 15:51:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.25 15:51:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.25 15:51:05 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys [2012.10.25 11:35:10 | 000,538,941 | ---- | M] () -- C:\Users\sweety\Desktop\adwcleaner.exe [2012.10.09 08:47:45 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.09 08:47:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.06 18:55:51 | 000,001,733 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\sweety\AppData\Roaming\*.tmp files -> C:\Users\sweety\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.25 11:35:10 | 000,538,941 | ---- | C] () -- C:\Users\sweety\Desktop\adwcleaner.exe [2012.10.06 18:55:51 | 000,001,733 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.08.10 17:52:49 | 000,000,045 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\msconfig.ini [2012.08.10 17:29:44 | 000,027,520 | ---- | C] () -- C:\Users\sweety\AppData\Local\dt.dat [2012.07.25 23:09:20 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad [2012.07.07 06:47:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.05.28 07:54:18 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.05.28 07:54:17 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.05.27 13:23:46 | 000,000,000 | ---- | C] () -- C:\ProgramData\d992532e37af609d5c90b4bdac3a340a_c [2011.12.11 20:48:10 | 000,000,000 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\ASC001.bin [2011.08.07 16:52:55 | 000,000,552 | ---- | C] () -- C:\Users\sweety\AppData\Local\d3d8caps.dat [2011.08.07 16:41:49 | 000,001,356 | ---- | C] () -- C:\Users\sweety\AppData\Local\d3d9caps.dat [2010.09.11 17:00:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.11 17:00:30 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.09.25 20:43:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.25 20:41:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.02.07 20:25:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2009.02.07 20:25:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2009.02.07 20:25:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2009.02.07 20:25:20 | 000,049,152 | ---- | C] () -- C:\Windows\VFIND.exe [2008.10.02 17:21:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.05.22 21:41:38 | 000,130,805 | ---- | C] () -- C:\Windows\hpoins18.dat [2008.05.22 21:40:28 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2008.03.16 18:01:30 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini [2007.10.18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll [2007.10.14 20:16:09 | 000,051,712 | ---- | C] () -- C:\Users\sweety\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.16 17:26:32 | 000,000,000 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\wklnhst.dat [2007.09.06 21:28:44 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.09.06 15:44:14 | 000,000,094 | ---- | C] () -- C:\Users\sweety\AppData\Local\fusioncache.dat [2007.08.24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.07.12 04:57:45 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.07.09 17:32:04 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe [2007.07.06 07:39:12 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.07.06 07:39:06 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.07.06 07:12:57 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007.07.06 06:41:51 | 000,241,664 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.07.06 06:41:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007.06.20 13:39:38 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.06.20 13:39:38 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.06.11 14:43:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.06.11 14:43:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,432,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.10.2012 16:50:55 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\sweety\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,45 Gb Available Physical Memory | 22,48% Memory free
4,21 Gb Paging File | 1,83 Gb Available in Paging File | 43,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60,63 Gb Total Space | 0,24 Gb Free Space | 0,40% Space Free | Partition Type: NTFS
Drive D: | 29,18 Gb Total Space | 26,53 Gb Free Space | 90,92% Space Free | Partition Type: NTFS
Drive E: | 29,19 Gb Total Space | 1,04 Gb Free Space | 3,55% Space Free | Partition Type: NTFS
Drive G: | 298,02 Gb Total Space | 115,07 Gb Free Space | 38,61% Space Free | Partition Type: FAT32
Drive R: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32
Computer Name: NOTEBOOK | User Name: sweety | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4191780963-2002099150-675310161-1003\SOFTWARE\Classes\<extension>]
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35F68AF2-3C32-467E-AA94-A7E1EDA7E959}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E7E378A-AED3-4010-9978-57620F97446C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C6B8240D-F89D-46B0-9D9D-DE8536DA8BFE}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF5CD14-5181-4A4E-8E15-1BBA5CBD9B5F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{22C1BE2D-396A-420F-AA7C-E27722218501}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3CA601D8-3C21-45BE-804B-FC62A5D8028D}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe |
"{6F248541-A5D0-4421-95E9-2AA9B162E33B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{71CBCF50-D35D-4D71-B94C-009D76EE919C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{7A538BF3-4397-4AD2-805C-B796C9AB03A1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{866307CB-FD4E-48AD-964D-1F2A05BCD207}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{867BF6F4-3A54-4197-888E-182F2076FFBC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9AE72B9A-2E82-4891-88C4-550B5E3F3471}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADD6AC58-9C6C-4393-8C81-C521D43DDC98}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AF2B32D8-1B76-438F-97DE-4C8A94230619}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF760623-A9E3-4D0F-AC87-7118320EFA08}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CFF6D2C4-CADF-425B-A086-9CED5169131D}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe |
"{D2F4D050-7FFD-4852-8995-CF49CB35F9E1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1932307-EF6D-4C51-8C4F-B5FF85D1EAAD}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe |
"{F79210B1-08C0-4640-89D7-2EDE132A9B94}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe |
"TCP Query User{07A780C9-D91F-4310-BB6A-889D71CC1878}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{6E0C693F-76D2-4A00-AFC4-F3386D103351}C:\program files\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files\utherverse digital inc\utherverse vww client\utherverse.exe |
"TCP Query User{972EB0D9-3EA5-4550-A613-187C83A86D1E}C:\program files\jlc's software\internet tv\internet tv.exe" = protocol=6 | dir=in | app=c:\program files\jlc's software\internet tv\internet tv.exe |
"TCP Query User{D38CF0CC-A153-4D6E-8C77-911043FFFA69}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{FAABFAA0-B938-4350-9AA4-4C63AAFF934A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{24CE6550-B49F-4BFE-A95B-9DA00C2995E7}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{2A4B8CFA-35CD-4963-A737-6DF2D4AE310E}C:\program files\jlc's software\internet tv\internet tv.exe" = protocol=17 | dir=in | app=c:\program files\jlc's software\internet tv\internet tv.exe |
"UDP Query User{31E54061-DB22-4FD1-AA20-C6C319CC8FE1}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{47268DE1-7368-4E0C-8910-4F1D1789C40E}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5876BCDC-643A-4AD6-BDC0-0A66C4FC6B33}C:\program files\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files\utherverse digital inc\utherverse vww client\utherverse.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}" = HP Driver Diagnostics
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"ClearProg" = ClearProg 1.5.0 Final
"Debut" = Debut Video Capture Software
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Prism" = Prism Video File Converter
"RealPlayer 15.0" = RealPlayer
"Red Light Center 3D Client" = Red Light Center 3D Client
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"ShotOnline" = ShotOnline
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Utherverse VWW Client" = Utherverse VWW Client
"VideoPad" = VideoPad Video Editor
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"Xvid Video Codec 1.3.1" = Xvid Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4191780963-2002099150-675310161-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.10.2012 10:02:21 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:21 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:36 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:36 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 25.10.2012 07:52:57 | Computer Name = notebook | Source = DCOM | ID = 10010
Description =
Error - 25.10.2012 09:44:20 | Computer Name = notebook | Source = Service Control Manager | ID = 7026
Description =
Error - 25.10.2012 09:49:53 | Computer Name = notebook | Source = Service Control Manager | ID = 7043
Description =
Error - 25.10.2012 09:52:10 | Computer Name = notebook | Source = Service Control Manager | ID = 7026
Description =
Error - 25.10.2012 09:52:58 | Computer Name = notebook | Source = Service Control Manager | ID = 7009
Description =
Error - 25.10.2012 09:52:58 | Computer Name = notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 25.10.2012 09:52:57 | Computer Name = notebook | Source = bowser | ID = 8016
Description =
Error - 25.10.2012 09:52:58 | Computer Name = notebook | Source = bowser | ID = 8016
Description =
Error - 25.10.2012 09:53:04 | Computer Name = notebook | Source = bowser | ID = 8016
Description =
Error - 25.10.2012 09:53:06 | Computer Name = notebook | Source = bowser | ID = 8016
Description =
[ TuneUp Events ]
Error - 21.08.2010 17:26:03 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 21.08.2010 17:26:08 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 03.10.2010 03:31:04 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 03.10.2010 03:31:10 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 20.10.2010 14:57:51 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 26.10.2010 13:11:01 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 05.11.2010 13:28:41 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 05.11.2010 13:28:41 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 05.11.2010 13:28:47 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 05.11.2010 13:31:37 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >
|
|
25.10.2012, 19:25
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner doch nicht weg ? Ja, da ist noch einiges. Außerdem hast du eine uralte Version von OTL benutzt, aber das nur btw. Bitte ein Log mit CF machen ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2012, 07:31
| #21 |
| | BKA Trojaner doch nicht weg ? der log file Code:
ATTFilter Combofix Logfile: |
|
27.10.2012, 19:23
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner doch nicht weg ? 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2012, 12:11
| #23 |
| | BKA Trojaner doch nicht weg ?Code:
ATTFilter swMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-01 11:05:48
-----------------------------
11:05:48.515 OS Version: Windows 6.0.6002 Service Pack 2
11:05:48.515 Number of processors: 2 586 0xE0C
11:05:48.515 ComputerName: NOTEBOOK UserName: sweety
11:06:04.520 Initialze error C000010E - driver not loaded
11:08:22.156 AVAST engine defs: 12103101
11:08:48.302 Scan error: Unzulässige Funktion.
11:11:27.172 The log file has been saved successfully to "C:\Users\sweety\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-01 11:13:04
-----------------------------
11:13:04.740 OS Version: Windows 6.0.6002 Service Pack 2
11:13:04.740 Number of processors: 2 586 0xE0C
11:13:04.740 ComputerName: NOTEBOOK UserName: sweety
11:13:10.169 Initialize success
11:13:20.871 AVAST engine defs: 12103101
11:13:33.397 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:13:33.413 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
11:13:33.429 Disk 0 MBR read successfully
11:13:33.429 Disk 0 MBR scan
11:13:33.756 Disk 0 Windows VISTA default MBR code
11:13:33.803 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 62080 MB offset 63
11:13:33.912 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 29881 MB offset 127141888
11:13:34.209 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29890 MB offset 188338176
11:13:34.474 Disk 0 Partition - 00 0F Extended LBA 30772 MB offset 249553710
11:13:34.614 Disk 0 Partition 4 00 0B FAT32 MSWIN4.1 30772 MB offset 249553773
11:13:34.848 Disk 0 scanning sectors +312576705
11:13:35.503 Disk 0 scanning C:\Windows\system32\drivers
11:14:54.735 Service scanning
11:16:37.804 Modules scanning
11:17:14.823 Disk 0 trace - called modules:
11:17:14.901 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
11:17:14.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d4f358]
11:17:14.917 3 CLASSPNP.SYS[891b88b3] -> nt!IofCallDriver -> [0x85df1698]
11:17:14.917 5 acpi.sys[83a436bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85df2030]
11:17:19.566 AVAST engine scan C:\Windows
11:17:34.011 AVAST engine scan C:\Windows\system32
11:30:49.338 AVAST engine scan C:\Windows\system32\drivers
11:31:19.603 AVAST engine scan C:\Users\sweety
11:47:13.217 AVAST engine scan C:\ProgramData
11:54:16.883 Scan finished successfully
12:02:15.210 Disk 0 MBR has been saved successfully to "C:\Users\sweety\Desktop\MBR.dat"
12:02:15.225 The log file has been saved successfully to "C:\Users\sweety\Desktop\aswMBR.txt"
Code:
ATTFilter 12:16:17.0553 3992 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:16:17.0850 3992 ============================================================
12:16:17.0850 3992 Current date / time: 2012/11/01 12:16:17.0850
12:16:17.0850 3992 SystemInfo:
12:16:17.0850 3992
12:16:17.0850 3992 OS Version: 6.0.6002 ServicePack: 2.0
12:16:17.0850 3992 Product type: Workstation
12:16:17.0850 3992 ComputerName: NOTEBOOK
12:16:17.0850 3992 UserName: sweety
12:16:17.0850 3992 Windows directory: C:\Windows
12:16:17.0850 3992 System windows directory: C:\Windows
12:16:17.0850 3992 Processor architecture: Intel x86
12:16:17.0850 3992 Number of processors: 2
12:16:17.0850 3992 Page size: 0x1000
12:16:17.0850 3992 Boot type: Normal boot
12:16:17.0850 3992 ============================================================
12:16:18.0786 3992 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:16:18.0817 3992 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:16:18.0864 3992 ============================================================
12:16:18.0864 3992 \Device\Harddisk0\DR0:
12:16:18.0864 3992 MBR partitions:
12:16:18.0864 3992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x79402EF
12:16:18.0864 3992 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7940800, BlocksNum 0x3A5C800
12:16:18.0864 3992 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xB39D000, BlocksNum 0x3A61000
12:16:18.0879 3992 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0xEDFE36D, BlocksNum 0x3C1A754
12:16:18.0879 3992 \Device\Harddisk1\DR1:
12:16:18.0879 3992 MBR partitions:
12:16:18.0879 3992 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682
12:16:18.0879 3992 ============================================================
12:16:18.0942 3992 C: <-> \Device\Harddisk0\DR0\Partition1
12:16:18.0942 3992 R: <-> \Device\Harddisk0\DR0\Partition4
12:16:18.0973 3992 D: <-> \Device\Harddisk0\DR0\Partition2
12:16:19.0051 3992 E: <-> \Device\Harddisk0\DR0\Partition3
12:16:19.0051 3992 G: <-> \Device\Harddisk1\DR1\Partition1
12:16:19.0051 3992 ============================================================
12:16:19.0051 3992 Initialize success
12:16:19.0051 3992 ============================================================
12:17:10.0190 2936 ============================================================
12:17:10.0190 2936 Scan started
12:17:10.0190 2936 Mode: Manual; SigCheck; TDLFS;
12:17:10.0190 2936 ============================================================
12:17:10.0876 2936 ================ Scan system memory ========================
12:17:10.0876 2936 System memory - ok
12:17:10.0876 2936 ================ Scan services =============================
12:17:11.0001 2936 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:17:11.0157 2936 !SASCORE - ok
12:17:11.0453 2936 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:17:11.0484 2936 ACPI - ok
12:17:11.0594 2936 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:17:11.0609 2936 AdobeARMservice - ok
12:17:11.0718 2936 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:17:11.0734 2936 AdobeFlashPlayerUpdateSvc - ok
12:17:11.0796 2936 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:17:11.0828 2936 adp94xx - ok
12:17:11.0859 2936 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:17:11.0890 2936 adpahci - ok
12:17:11.0921 2936 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:17:11.0937 2936 adpu160m - ok
12:17:11.0952 2936 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:17:11.0984 2936 adpu320 - ok
12:17:12.0015 2936 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:17:12.0140 2936 AeLookupSvc - ok
12:17:12.0202 2936 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
12:17:12.0264 2936 AFD - ok
12:17:12.0358 2936 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:17:12.0374 2936 aic78xx - ok
12:17:12.0436 2936 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:17:12.0592 2936 ALG - ok
12:17:12.0639 2936 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys
12:17:12.0654 2936 aliide - ok
12:17:12.0686 2936 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:17:12.0701 2936 amdagp - ok
12:17:12.0748 2936 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys
12:17:12.0764 2936 amdide - ok
12:17:12.0795 2936 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:17:12.0982 2936 AmdK7 - ok
12:17:13.0029 2936 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:17:13.0122 2936 AmdK8 - ok
12:17:13.0200 2936 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:17:13.0216 2936 AntiVirSchedulerService - ok
12:17:13.0263 2936 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:17:13.0278 2936 AntiVirService - ok
12:17:13.0341 2936 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:17:13.0403 2936 Appinfo - ok
12:17:13.0466 2936 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:17:13.0481 2936 Apple Mobile Device - ok
12:17:13.0528 2936 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
12:17:13.0544 2936 arc - ok
12:17:13.0590 2936 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:17:13.0606 2936 arcsas - ok
12:17:13.0653 2936 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:17:13.0715 2936 AsyncMac - ok
12:17:13.0762 2936 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
12:17:13.0778 2936 atapi - ok
12:17:13.0840 2936 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:17:13.0871 2936 AudioEndpointBuilder - ok
12:17:13.0918 2936 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:17:13.0949 2936 Audiosrv - ok
12:17:14.0027 2936 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:17:14.0495 2936 avgntflt - ok
12:17:14.0558 2936 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:17:14.0589 2936 avipbb - ok
12:17:14.0620 2936 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:17:14.0636 2936 avkmgr - ok
12:17:14.0698 2936 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:17:14.0760 2936 Beep - ok
12:17:14.0838 2936 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
12:17:14.0932 2936 BFE - ok
12:17:15.0010 2936 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
12:17:15.0088 2936 BITS - ok
12:17:15.0088 2936 blbdrive - ok
12:17:15.0213 2936 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:17:15.0244 2936 Bonjour Service - ok
12:17:15.0322 2936 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:17:15.0400 2936 bowser - ok
12:17:15.0447 2936 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:17:15.0494 2936 BrFiltLo - ok
12:17:15.0509 2936 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:17:15.0556 2936 BrFiltUp - ok
12:17:15.0603 2936 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:17:15.0650 2936 Browser - ok
12:17:15.0665 2936 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:17:15.0743 2936 Brserid - ok
12:17:15.0790 2936 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:17:15.0868 2936 BrSerWdm - ok
12:17:15.0899 2936 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:17:15.0962 2936 BrUsbMdm - ok
12:17:16.0008 2936 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:17:16.0071 2936 BrUsbSer - ok
12:17:16.0086 2936 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:17:16.0164 2936 BTHMODEM - ok
12:17:16.0336 2936 catchme - ok
12:17:16.0398 2936 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:17:16.0461 2936 cdfs - ok
12:17:16.0523 2936 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:17:16.0570 2936 cdrom - ok
12:17:16.0617 2936 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:17:16.0664 2936 CertPropSvc - ok
12:17:16.0726 2936 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
12:17:16.0773 2936 circlass - ok
12:17:16.0835 2936 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
12:17:16.0866 2936 CLFS - ok
12:17:16.0960 2936 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:16.0976 2936 clr_optimization_v2.0.50727_32 - ok
12:17:17.0116 2936 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:17.0132 2936 clr_optimization_v4.0.30319_32 - ok
12:17:17.0194 2936 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:17:17.0256 2936 CmBatt - ok
12:17:17.0303 2936 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:17:17.0319 2936 cmdide - ok
12:17:17.0412 2936 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:17:17.0428 2936 Compbatt - ok
12:17:17.0428 2936 COMSysApp - ok
12:17:17.0475 2936 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:17:17.0490 2936 crcdisk - ok
12:17:17.0522 2936 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:17:17.0600 2936 Crusoe - ok
12:17:17.0678 2936 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:17:17.0709 2936 CryptSvc - ok
12:17:17.0802 2936 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:17:17.0912 2936 DcomLaunch - ok
12:17:17.0990 2936 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:17:18.0036 2936 DfsC - ok
12:17:18.0146 2936 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
12:17:18.0380 2936 DFSR - ok
12:17:18.0426 2936 dgderdrv - ok
12:17:18.0473 2936 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:17:18.0520 2936 Dhcp - ok
12:17:18.0567 2936 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
12:17:18.0582 2936 disk - ok
12:17:18.0660 2936 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:17:18.0754 2936 Dnscache - ok
12:17:18.0785 2936 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:17:18.0848 2936 dot3svc - ok
12:17:18.0894 2936 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
12:17:18.0957 2936 Dot4 - ok
12:17:19.0004 2936 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:17:19.0050 2936 Dot4Print - ok
12:17:19.0113 2936 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
12:17:19.0160 2936 dot4usb - ok
12:17:19.0222 2936 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:17:19.0284 2936 DPS - ok
12:17:19.0347 2936 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:17:19.0378 2936 drmkaud - ok
12:17:19.0456 2936 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:17:19.0503 2936 DXGKrnl - ok
12:17:19.0550 2936 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:17:19.0659 2936 E1G60 - ok
12:17:19.0690 2936 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:17:19.0737 2936 EapHost - ok
12:17:19.0784 2936 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:17:19.0799 2936 Ecache - ok
12:17:19.0893 2936 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:17:19.0940 2936 ehRecvr - ok
12:17:19.0986 2936 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
12:17:20.0033 2936 ehSched - ok
12:17:20.0049 2936 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
12:17:20.0096 2936 ehstart - ok
12:17:20.0158 2936 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:17:20.0189 2936 elxstor - ok
12:17:20.0267 2936 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:17:20.0376 2936 EMDMgmt - ok
12:17:20.0470 2936 esgiguard - ok
12:17:20.0532 2936 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
12:17:20.0579 2936 EventSystem - ok
12:17:20.0626 2936 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
12:17:20.0673 2936 exfat - ok
12:17:20.0735 2936 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:17:20.0782 2936 fastfat - ok
12:17:20.0829 2936 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:17:20.0907 2936 fdc - ok
12:17:20.0938 2936 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:17:21.0000 2936 fdPHost - ok
12:17:21.0063 2936 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:17:21.0141 2936 FDResPub - ok
12:17:21.0172 2936 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys
12:17:21.0234 2936 FETNDIS - ok
12:17:21.0281 2936 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:17:21.0297 2936 FileInfo - ok
12:17:21.0359 2936 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:17:21.0406 2936 Filetrace - ok
12:17:21.0546 2936 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
12:17:21.0718 2936 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
12:17:21.0718 2936 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
12:17:21.0749 2936 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:17:21.0827 2936 flpydisk - ok
12:17:21.0890 2936 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:17:21.0905 2936 FltMgr - ok
12:17:22.0139 2936 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
12:17:22.0217 2936 FontCache - ok
12:17:22.0326 2936 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:17:22.0342 2936 FontCache3.0.0.0 - ok
12:17:22.0420 2936 [ B07663A810E861EEBFD0EAC7E82CA62D ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
12:17:22.0467 2936 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
12:17:22.0467 2936 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
12:17:22.0514 2936 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:17:22.0560 2936 Fs_Rec - ok
12:17:22.0607 2936 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:17:22.0623 2936 gagp30kx - ok
12:17:22.0685 2936 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:17:22.0685 2936 GEARAspiWDM - ok
12:17:22.0732 2936 [ 51B2D8629E1A0F463682F365D56325CB ] GnabService c:\program files\common files\gnab\service\servicecontroller.exe
12:17:22.0748 2936 GnabService ( UnsignedFile.Multi.Generic ) - warning
12:17:22.0748 2936 GnabService - detected UnsignedFile.Multi.Generic (1)
12:17:22.0794 2936 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:17:22.0888 2936 gpsvc - ok
12:17:22.0919 2936 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:17:22.0997 2936 HdAudAddService - ok
12:17:23.0060 2936 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:17:23.0153 2936 HDAudBus - ok
12:17:23.0184 2936 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:17:23.0262 2936 HidBth - ok
12:17:23.0278 2936 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:17:23.0340 2936 HidIr - ok
12:17:23.0403 2936 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
12:17:23.0465 2936 hidserv - ok
12:17:23.0512 2936 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:17:23.0543 2936 HidUsb - ok
12:17:23.0606 2936 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:17:23.0637 2936 hkmsvc - ok
12:17:23.0684 2936 [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey C:\Windows\system32\drivers\Hotkey.sys
12:17:23.0699 2936 Hotkey ( UnsignedFile.Multi.Generic ) - warning
12:17:23.0699 2936 Hotkey - detected UnsignedFile.Multi.Generic (1)
12:17:23.0730 2936 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:17:23.0746 2936 HpCISSs - ok
12:17:23.0886 2936 [ 682358F730B84B63E09C6B4EDC1DE7AE ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:17:23.0902 2936 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:17:23.0902 2936 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:17:23.0933 2936 [ 2E7BEE4AA776CF1C37836B26D1D29403 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:17:23.0964 2936 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:17:23.0964 2936 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:17:24.0011 2936 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:17:24.0074 2936 HTTP - ok
12:17:24.0120 2936 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:17:24.0136 2936 i2omp - ok
12:17:24.0198 2936 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:17:24.0432 2936 i8042prt - ok
12:17:24.0495 2936 [ D72F2A013ADA9E2DDA417887A8DFD217 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
12:17:24.0557 2936 IAANTMON ( UnsignedFile.Multi.Generic ) - warning
12:17:24.0557 2936 IAANTMON - detected UnsignedFile.Multi.Generic (1)
12:17:24.0666 2936 [ 09CDBB81837D7F17668164707FF9B34B ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
12:17:24.0869 2936 ialm - ok
12:17:24.0932 2936 [ DE01BF14FFB150C779FD561BD0E3C5C5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:17:24.0963 2936 iaStor - ok
12:17:25.0010 2936 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:17:25.0025 2936 iaStorV - ok
12:17:25.0119 2936 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:17:25.0228 2936 idsvc - ok
12:17:25.0322 2936 [ 09CDBB81837D7F17668164707FF9B34B ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:17:25.0431 2936 igfx - ok
12:17:25.0462 2936 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:17:25.0509 2936 iirsp - ok
12:17:25.0587 2936 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:17:25.0665 2936 IKEEXT - ok
12:17:25.0774 2936 [ AEF2FA29204056B81BC4CBF30260DEE1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:17:25.0930 2936 IntcAzAudAddService - ok
12:17:25.0961 2936 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
12:17:25.0977 2936 intelide - ok
12:17:26.0039 2936 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:17:26.0086 2936 intelppm - ok
12:17:26.0148 2936 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:17:26.0195 2936 IPBusEnum - ok
12:17:26.0258 2936 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:17:26.0304 2936 IpFilterDriver - ok
12:17:26.0367 2936 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:17:26.0429 2936 iphlpsvc - ok
12:17:26.0429 2936 IpInIp - ok
12:17:26.0538 2936 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:17:26.0616 2936 IPMIDRV - ok
12:17:26.0866 2936 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:17:26.0897 2936 IPNAT - ok
12:17:26.0975 2936 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:17:27.0038 2936 iPod Service - ok
12:17:27.0084 2936 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:17:27.0131 2936 IRENUM - ok
12:17:27.0194 2936 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:17:27.0209 2936 isapnp - ok
12:17:27.0287 2936 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:17:27.0318 2936 iScsiPrt - ok
12:17:27.0350 2936 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:17:27.0365 2936 iteatapi - ok
12:17:27.0412 2936 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:17:27.0428 2936 iteraid - ok
12:17:27.0490 2936 [ 5DCE7EED60BAE992BAB7F5FF1CE60641 ] Iviaspi C:\Windows\system32\drivers\iviaspi.sys
12:17:27.0506 2936 Iviaspi - ok
12:17:27.0537 2936 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:17:27.0552 2936 IviRegMgr - ok
12:17:27.0615 2936 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:17:27.0630 2936 kbdclass - ok
12:17:27.0662 2936 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:17:27.0708 2936 kbdhid - ok
12:17:27.0755 2936 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
12:17:27.0786 2936 KeyIso - ok
12:17:27.0849 2936 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:17:27.0880 2936 KSecDD - ok
12:17:27.0927 2936 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:17:28.0005 2936 KtmRm - ok
12:17:28.0067 2936 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
12:17:28.0114 2936 LanmanServer - ok
12:17:28.0192 2936 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:17:28.0239 2936 LanmanWorkstation - ok
12:17:28.0286 2936 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:17:28.0317 2936 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:17:28.0317 2936 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:17:28.0364 2936 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:17:28.0410 2936 lltdio - ok
12:17:28.0488 2936 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:17:28.0535 2936 lltdsvc - ok
12:17:28.0582 2936 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:17:28.0644 2936 lmhosts - ok
12:17:28.0691 2936 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:17:28.0707 2936 LSI_FC - ok
12:17:28.0754 2936 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:17:28.0769 2936 LSI_SAS - ok
12:17:28.0800 2936 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:17:28.0816 2936 LSI_SCSI - ok
12:17:28.0894 2936 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:17:29.0097 2936 luafv - ok
12:17:29.0097 2936 mailKmd - ok
12:17:29.0253 2936 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:17:29.0268 2936 MBAMProtector - ok
12:17:29.0424 2936 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:17:29.0471 2936 MBAMScheduler - ok
12:17:29.0549 2936 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:17:29.0612 2936 MBAMService - ok
12:17:29.0674 2936 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:17:29.0705 2936 Mcx2Svc - ok
12:17:29.0752 2936 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
12:17:29.0783 2936 megasas - ok
12:17:29.0861 2936 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service D:\Microsoft Office\Office12\GrooveAuditService.exe
12:17:29.0877 2936 Microsoft Office Groove Audit Service - ok
12:17:29.0955 2936 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:17:30.0002 2936 MMCSS - ok
12:17:30.0064 2936 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:17:30.0111 2936 Modem - ok
12:17:30.0173 2936 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:17:30.0236 2936 monitor - ok
12:17:30.0282 2936 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:17:30.0298 2936 mouclass - ok
12:17:30.0345 2936 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:17:30.0392 2936 mouhid - ok
12:17:30.0454 2936 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:17:30.0470 2936 MountMgr - ok
12:17:30.0548 2936 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:17:30.0563 2936 MozillaMaintenance - ok
12:17:30.0626 2936 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
12:17:30.0641 2936 mpio - ok
12:17:30.0704 2936 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:17:30.0750 2936 mpsdrv - ok
12:17:30.0797 2936 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:17:30.0875 2936 MpsSvc - ok
12:17:30.0906 2936 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:17:30.0922 2936 Mraid35x - ok
12:17:30.0969 2936 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:17:31.0016 2936 MRxDAV - ok
12:17:31.0062 2936 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:17:31.0125 2936 mrxsmb - ok
12:17:31.0187 2936 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:17:31.0218 2936 mrxsmb10 - ok
12:17:31.0250 2936 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:17:31.0296 2936 mrxsmb20 - ok
12:17:31.0343 2936 [ 86068B8B54A5EB092F51657F00B2222A ] msahci C:\Windows\system32\drivers\msahci.sys
12:17:31.0374 2936 msahci - ok
12:17:31.0406 2936 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:17:31.0421 2936 msdsm - ok
12:17:31.0484 2936 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:17:31.0608 2936 MSDTC - ok
12:17:31.0686 2936 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:17:31.0749 2936 Msfs - ok
12:17:31.0796 2936 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:17:31.0811 2936 msisadrv - ok
12:17:31.0874 2936 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:17:31.0952 2936 MSiSCSI - ok
12:17:31.0952 2936 msiserver - ok
12:17:32.0030 2936 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:17:32.0076 2936 MSKSSRV - ok
12:17:32.0139 2936 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:17:32.0186 2936 MSPCLOCK - ok
12:17:32.0232 2936 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:17:32.0279 2936 MSPQM - ok
12:17:32.0357 2936 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:17:32.0373 2936 MsRPC - ok
12:17:32.0404 2936 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:17:32.0420 2936 mssmbios - ok
12:17:32.0451 2936 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:17:32.0498 2936 MSTEE - ok
12:17:32.0544 2936 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
12:17:32.0560 2936 Mup - ok
12:17:32.0622 2936 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
12:17:32.0669 2936 napagent - ok
12:17:32.0732 2936 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:17:32.0763 2936 NativeWifiP - ok
12:17:32.0872 2936 [ 9576CC8E84F7CEDA9189CDDA1CFD4BC1 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:17:32.0950 2936 NBService ( UnsignedFile.Multi.Generic ) - warning
12:17:32.0950 2936 NBService - detected UnsignedFile.Multi.Generic (1)
12:17:32.0997 2936 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:17:33.0044 2936 NDIS - ok
12:17:33.0090 2936 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:17:33.0138 2936 NdisTapi - ok
12:17:33.0216 2936 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:17:33.0263 2936 Ndisuio - ok
12:17:33.0310 2936 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:17:33.0341 2936 NdisWan - ok
12:17:33.0403 2936 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:17:33.0419 2936 NDProxy - ok
12:17:33.0481 2936 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:17:33.0513 2936 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:17:33.0513 2936 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:17:33.0559 2936 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:17:33.0606 2936 NetBIOS - ok
12:17:33.0653 2936 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:17:33.0934 2936 netbt - ok
12:17:33.0965 2936 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
12:17:33.0981 2936 Netlogon - ok
12:17:34.0059 2936 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:17:34.0168 2936 Netman - ok
12:17:34.0215 2936 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:17:34.0261 2936 netprofm - ok
12:17:34.0324 2936 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:17:34.0339 2936 NetTcpPortSharing - ok
12:17:34.0386 2936 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:17:34.0402 2936 nfrd960 - ok
12:17:34.0464 2936 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:17:34.0527 2936 NlaSvc - ok
12:17:34.0605 2936 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:17:34.0651 2936 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
12:17:34.0651 2936 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
12:17:34.0698 2936 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:17:34.0745 2936 Npfs - ok
12:17:34.0823 2936 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:17:34.0870 2936 nsi - ok
12:17:34.0917 2936 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:17:34.0963 2936 nsiproxy - ok
12:17:35.0041 2936 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:17:35.0166 2936 Ntfs - ok
12:17:35.0213 2936 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:17:35.0291 2936 ntrigdigi - ok
12:17:35.0353 2936 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:17:35.0400 2936 Null - ok
12:17:35.0431 2936 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:17:35.0447 2936 nvraid - ok
12:17:35.0494 2936 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:17:35.0509 2936 nvstor - ok
12:17:35.0541 2936 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:17:35.0572 2936 nv_agp - ok
12:17:35.0587 2936 NwlnkFlt - ok
12:17:35.0587 2936 NwlnkFwd - ok
12:17:35.0728 2936 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:17:35.0775 2936 odserv - ok
12:17:35.0837 2936 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:17:35.0899 2936 ohci1394 - ok
12:17:35.0977 2936 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:17:35.0993 2936 ose - ok
12:17:36.0071 2936 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:17:36.0289 2936 p2pimsvc - ok
12:17:36.0352 2936 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:17:36.0383 2936 p2psvc - ok
12:17:36.0461 2936 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:17:36.0555 2936 Parport - ok
12:17:36.0601 2936 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:17:36.0617 2936 partmgr - ok
12:17:36.0648 2936 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:17:36.0726 2936 Parvdm - ok
12:17:36.0789 2936 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:17:36.0851 2936 PcaSvc - ok
12:17:36.0913 2936 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
12:17:36.0945 2936 pci - ok
12:17:37.0007 2936 [ 304048C2565A803D091CCA1AC945F593 ] pciide C:\Windows\system32\drivers\pciide.sys
12:17:37.0023 2936 pciide - ok
12:17:37.0069 2936 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:17:37.0085 2936 pcmcia - ok
12:17:37.0147 2936 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:17:37.0303 2936 PEAUTH - ok
12:17:37.0428 2936 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:17:37.0569 2936 pla - ok
12:17:37.0615 2936 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:17:37.0678 2936 PlugPlay - ok
12:17:37.0709 2936 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:17:37.0725 2936 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:17:37.0725 2936 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:17:37.0771 2936 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:17:37.0818 2936 PNRPAutoReg - ok
12:17:37.0865 2936 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:17:37.0896 2936 PNRPsvc - ok
12:17:37.0974 2936 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:17:38.0052 2936 PolicyAgent - ok
12:17:38.0099 2936 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:17:38.0161 2936 PptpMiniport - ok
12:17:38.0208 2936 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
12:17:38.0286 2936 Processor - ok
12:17:38.0458 2936 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:17:38.0520 2936 ProfSvc - ok
12:17:38.0551 2936 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:17:38.0583 2936 ProtectedStorage - ok
12:17:38.0614 2936 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:17:38.0645 2936 PSched - ok
12:17:38.0707 2936 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
12:17:38.0723 2936 PSI - ok
12:17:38.0770 2936 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:17:38.0863 2936 ql2300 - ok
12:17:38.0895 2936 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:17:38.0910 2936 ql40xx - ok
12:17:38.0957 2936 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:17:38.0988 2936 QWAVE - ok
12:17:39.0051 2936 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:17:39.0066 2936 QWAVEdrv - ok
12:17:39.0160 2936 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
12:17:39.0378 2936 R300 - ok
12:17:39.0441 2936 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
12:17:39.0503 2936 RapiMgr - ok
12:17:39.0565 2936 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:17:39.0628 2936 RasAcd - ok
12:17:39.0675 2936 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:17:39.0721 2936 RasAuto - ok
12:17:39.0799 2936 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:17:39.0862 2936 Rasl2tp - ok
12:17:39.0940 2936 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
12:17:40.0002 2936 RasMan - ok
12:17:40.0033 2936 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:17:40.0065 2936 RasPppoe - ok
12:17:40.0127 2936 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:17:40.0143 2936 RasSstp - ok
12:17:40.0205 2936 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:17:40.0252 2936 rdbss - ok
12:17:40.0314 2936 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:17:40.0361 2936 RDPCDD - ok
12:17:40.0408 2936 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:17:40.0470 2936 rdpdr - ok
12:17:40.0579 2936 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:17:40.0611 2936 RDPENCDD - ok
12:17:40.0657 2936 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:17:40.0735 2936 RDPWD - ok
12:17:40.0813 2936 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:17:40.0985 2936 RemoteAccess - ok
12:17:41.0016 2936 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:17:41.0079 2936 RemoteRegistry - ok
12:17:41.0110 2936 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
12:17:41.0141 2936 rimmptsk - ok
12:17:41.0203 2936 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
12:17:41.0235 2936 rimsptsk - ok
12:17:41.0250 2936 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
12:17:41.0297 2936 rismxdp - ok
12:17:41.0328 2936 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:17:41.0391 2936 RpcLocator - ok
12:17:41.0437 2936 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
12:17:41.0484 2936 RpcSs - ok
12:17:41.0531 2936 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:17:41.0593 2936 rspndr - ok
12:17:41.0656 2936 [ B8B159FA669C6386A458FCD468EBB1E6 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
12:17:41.0687 2936 RTL8169 - ok
12:17:41.0765 2936 [ 0F2D736066656DEE1C791087E0751E99 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
12:17:41.0812 2936 RTL8187B - ok
12:17:41.0843 2936 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
12:17:41.0859 2936 SamSs - ok
12:17:41.0921 2936 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:17:41.0937 2936 SASDIFSV - ok
12:17:41.0968 2936 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:17:41.0983 2936 SASKUTIL - ok
12:17:42.0030 2936 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:17:42.0046 2936 sbp2port - ok
12:17:42.0108 2936 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:17:42.0155 2936 SCardSvr - ok
12:17:42.0217 2936 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
12:17:42.0295 2936 Schedule - ok
12:17:42.0358 2936 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:17:42.0389 2936 SCPolicySvc - ok
12:17:42.0498 2936 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
12:17:42.0529 2936 sdbus - ok
12:17:42.0592 2936 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:17:42.0639 2936 SDRSVC - ok
12:17:42.0701 2936 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:17:42.0779 2936 secdrv - ok
12:17:42.0857 2936 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:17:42.0904 2936 seclogon - ok
12:17:43.0044 2936 [ 7198BBFBE46C0070257278C536386687 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
12:17:43.0107 2936 Secunia PSI Agent - ok
12:17:43.0294 2936 [ D2FCA567F9BE87E29B9A9FA32FFE79CA ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
12:17:43.0325 2936 Secunia Update Agent - ok
12:17:43.0403 2936 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
12:17:43.0450 2936 SENS - ok
12:17:43.0497 2936 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:17:43.0575 2936 Serenum - ok
12:17:43.0637 2936 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:17:43.0715 2936 Serial - ok
12:17:43.0793 2936 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:17:43.0824 2936 sermouse - ok
12:17:43.0902 2936 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:17:43.0949 2936 SessionEnv - ok
12:17:43.0996 2936 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:17:44.0074 2936 sffdisk - ok
12:17:44.0089 2936 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:17:44.0183 2936 sffp_mmc - ok
12:17:44.0214 2936 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:17:44.0277 2936 sffp_sd - ok
12:17:44.0308 2936 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:17:44.0370 2936 sfloppy - ok
12:17:44.0448 2936 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:17:44.0511 2936 SharedAccess - ok
12:17:44.0557 2936 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:17:44.0620 2936 ShellHWDetection - ok
12:17:44.0667 2936 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:17:44.0682 2936 SiSRaid2 - ok
12:17:44.0713 2936 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:17:44.0729 2936 SiSRaid4 - ok
12:17:44.0932 2936 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:17:45.0166 2936 Skype C2C Service - ok
12:17:45.0228 2936 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:17:45.0244 2936 SkypeUpdate - ok
12:17:45.0649 2936 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
12:17:45.0915 2936 slsvc - ok
12:17:45.0946 2936 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:17:45.0993 2936 SLUINotify - ok
12:17:46.0071 2936 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:17:46.0102 2936 Smb - ok
12:17:46.0195 2936 [ D9BFD2298F5CF116D8EAAE3B02DCEE2E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
12:17:46.0305 2936 smserial - ok
12:17:46.0351 2936 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:17:46.0383 2936 SNMPTRAP - ok
12:17:46.0492 2936 [ 53D1E2ECBF26B313FFDD2B8BA3D2F66E ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
12:17:46.0648 2936 SNP2UVC - ok
12:17:46.0710 2936 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:17:46.0726 2936 spldr - ok
12:17:46.0788 2936 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
12:17:46.0835 2936 Spooler - ok
12:17:46.0913 2936 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:17:46.0944 2936 srv - ok
12:17:47.0007 2936 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:17:47.0053 2936 srv2 - ok
12:17:47.0178 2936 [ EB01C4D6E5F540538306DB1108B5A084 ] srvcPVR C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
12:17:47.0334 2936 srvcPVR ( UnsignedFile.Multi.Generic ) - warning
12:17:47.0334 2936 srvcPVR - detected UnsignedFile.Multi.Generic (1)
12:17:47.0412 2936 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:17:47.0443 2936 srvnet - ok
12:17:47.0506 2936 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus C:\Windows\system32\DRIVERS\sscebus.sys
12:17:47.0521 2936 sscebus - ok
12:17:47.0615 2936 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl C:\Windows\system32\DRIVERS\sscemdfl.sys
12:17:47.0631 2936 sscemdfl - ok
12:17:47.0662 2936 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm C:\Windows\system32\DRIVERS\sscemdm.sys
12:17:47.0677 2936 sscemdm - ok
12:17:47.0755 2936 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:17:47.0787 2936 SSDPSRV - ok
12:17:47.0818 2936 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
12:17:47.0833 2936 ssmdrv - ok
12:17:47.0989 2936 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:17:48.0036 2936 SstpSvc - ok
12:17:48.0114 2936 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
12:17:48.0192 2936 stisvc - ok
12:17:48.0223 2936 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:17:48.0239 2936 swenum - ok
12:17:48.0301 2936 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
12:17:48.0348 2936 swprv - ok
12:17:48.0395 2936 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:17:48.0411 2936 Symc8xx - ok
12:17:48.0457 2936 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:17:48.0473 2936 Sym_hi - ok
12:17:48.0504 2936 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:17:48.0520 2936 Sym_u3 - ok
12:17:48.0567 2936 [ 3196C5DF63D5E86FC0041AE0C816B80F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:17:48.0582 2936 SynTP - ok
12:17:48.0660 2936 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
12:17:48.0738 2936 SysMain - ok
12:17:48.0863 2936 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:17:48.0879 2936 TabletInputService - ok
12:17:48.0957 2936 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:17:49.0019 2936 TapiSrv - ok
12:17:49.0066 2936 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:17:49.0113 2936 TBS - ok
12:17:49.0191 2936 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:17:49.0253 2936 Tcpip - ok
12:17:49.0315 2936 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:17:49.0378 2936 Tcpip6 - ok
12:17:49.0425 2936 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:17:49.0471 2936 tcpipreg - ok
12:17:49.0549 2936 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:17:49.0596 2936 TDPIPE - ok
12:17:49.0659 2936 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:17:49.0721 2936 TDTCP - ok
12:17:49.0752 2936 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:17:49.0799 2936 tdx - ok
12:17:49.0861 2936 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:17:49.0877 2936 TermDD - ok
12:17:49.0955 2936 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
12:17:50.0002 2936 TermService - ok
12:17:50.0033 2936 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
12:17:50.0049 2936 Themes - ok
12:17:50.0080 2936 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:17:50.0127 2936 THREADORDER - ok
12:17:50.0173 2936 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:17:50.0329 2936 TrkWks - ok
12:17:50.0407 2936 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:17:50.0454 2936 TrustedInstaller - ok
12:17:50.0517 2936 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:17:50.0563 2936 tssecsrv - ok
12:17:50.0610 2936 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:17:50.0641 2936 tunmp - ok
12:17:50.0704 2936 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:17:50.0735 2936 tunnel - ok
12:17:50.0782 2936 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:17:50.0797 2936 uagp35 - ok
12:17:50.0860 2936 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:17:50.0907 2936 udfs - ok
12:17:50.0969 2936 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:17:51.0000 2936 UI0Detect - ok
12:17:51.0047 2936 [ F13DA74969897359A88F2A739F54A250 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
12:17:51.0078 2936 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
12:17:51.0078 2936 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
12:17:51.0094 2936 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:17:51.0125 2936 uliagpkx - ok
12:17:51.0156 2936 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:17:51.0172 2936 uliahci - ok
12:17:51.0203 2936 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:17:51.0219 2936 UlSata - ok
12:17:51.0281 2936 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:17:51.0312 2936 ulsata2 - ok
12:17:51.0343 2936 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:17:51.0390 2936 umbus - ok
12:17:51.0437 2936 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:17:51.0484 2936 upnphost - ok
12:17:51.0546 2936 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:17:51.0593 2936 usbccgp - ok
12:17:51.0640 2936 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:17:51.0733 2936 usbcir - ok
12:17:51.0765 2936 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:17:51.0811 2936 usbehci - ok
12:17:51.0858 2936 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:17:51.0905 2936 usbhub - ok
12:17:51.0952 2936 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:17:52.0045 2936 usbohci - ok
12:17:52.0108 2936 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:17:52.0155 2936 usbprint - ok
12:17:52.0217 2936 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:17:52.0264 2936 usbscan - ok
12:17:52.0295 2936 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:17:52.0420 2936 USBSTOR - ok
12:17:52.0467 2936 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:17:52.0498 2936 usbuhci - ok
12:17:52.0545 2936 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:17:52.0654 2936 usbvideo - ok
12:17:52.0685 2936 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
12:17:52.0732 2936 UxSms - ok
12:17:53.0013 2936 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
12:17:53.0091 2936 vds - ok
12:17:53.0137 2936 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:17:53.0215 2936 vga - ok
12:17:53.0496 2936 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:17:53.0543 2936 VgaSave - ok
12:17:53.0668 2936 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:17:53.0683 2936 viaagp - ok
12:17:53.0777 2936 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:17:53.0855 2936 ViaC7 - ok
12:17:53.0917 2936 [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide C:\Windows\system32\drivers\viaide.sys
12:17:53.0964 2936 viaide - ok
12:17:53.0995 2936 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:17:54.0011 2936 volmgr - ok
12:17:54.0136 2936 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:17:54.0167 2936 volmgrx - ok
12:17:54.0276 2936 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:17:54.0354 2936 volsnap - ok
12:17:54.0573 2936 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:17:54.0588 2936 vsmraid - ok
12:17:54.0682 2936 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
12:17:54.0963 2936 VSS - ok
12:17:55.0072 2936 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
12:17:55.0103 2936 W32Time - ok
12:17:55.0134 2936 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:17:55.0290 2936 WacomPen - ok
12:17:55.0462 2936 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:17:55.0540 2936 Wanarp - ok
12:17:55.0540 2936 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:17:55.0587 2936 Wanarpv6 - ok
12:17:55.0883 2936 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
12:17:55.0961 2936 WcesComm - ok
12:17:56.0023 2936 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:17:56.0086 2936 wcncsvc - ok
12:17:56.0148 2936 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:17:56.0211 2936 WcsPlugInService - ok
12:17:56.0257 2936 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
12:17:56.0273 2936 Wd - ok
12:17:56.0335 2936 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:17:56.0382 2936 Wdf01000 - ok
12:17:56.0445 2936 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:17:56.0491 2936 WdiServiceHost - ok
12:17:56.0507 2936 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:17:56.0554 2936 WdiSystemHost - ok
12:17:56.0788 2936 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
12:17:56.0819 2936 WebClient - ok
12:17:57.0037 2936 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:17:57.0162 2936 Wecsvc - ok
12:17:57.0209 2936 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:17:57.0287 2936 wercplsupport - ok
12:17:57.0349 2936 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:17:57.0412 2936 WerSvc - ok
12:17:57.0661 2936 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:17:57.0693 2936 WinDefend - ok
12:17:57.0708 2936 WinHttpAutoProxySvc - ok
12:17:58.0941 2936 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:17:58.0972 2936 Winmgmt - ok
12:17:59.0097 2936 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:17:59.0206 2936 WinRM - ok
12:17:59.0284 2936 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
12:17:59.0331 2936 winusb - ok
12:17:59.0393 2936 [ B0E6FAA0F0EAD4772C545A3737EFB47F ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
12:17:59.0518 2936 WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
12:17:59.0518 2936 WisLMSvc - detected UnsignedFile.Multi.Generic (1)
12:17:59.0799 2936 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:18:00.0485 2936 Wlansvc - ok
12:18:00.0594 2936 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:18:00.0625 2936 WmiAcpi - ok
12:18:01.0078 2936 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:18:01.0125 2936 wmiApSrv - ok
12:18:01.0499 2936 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:18:01.0577 2936 WMPNetworkSvc - ok
12:18:01.0889 2936 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:18:01.0967 2936 WPCSvc - ok
12:18:02.0201 2936 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:18:02.0404 2936 WPDBusEnum - ok
12:18:03.0090 2936 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:18:03.0293 2936 WpdUsb - ok
12:18:03.0901 2936 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:18:03.0995 2936 WPFFontCache_v0400 - ok
12:18:04.0291 2936 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:18:04.0385 2936 ws2ifsl - ok
12:18:04.0791 2936 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
12:18:04.0837 2936 wscsvc - ok
12:18:04.0853 2936 WSearch - ok
12:18:05.0321 2936 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:18:06.0959 2936 wuauserv - ok
12:18:08.0862 2936 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:18:10.0141 2936 WUDFRd - ok
12:18:10.0687 2936 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:18:10.0734 2936 wudfsvc - ok
12:18:10.0750 2936 ================ Scan global ===============================
12:18:11.0031 2936 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:18:11.0109 2936 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:18:11.0140 2936 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:18:11.0265 2936 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:18:11.0280 2936 [Global] - ok
12:18:11.0280 2936 ================ Scan MBR ==================================
12:18:11.0296 2936 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:18:11.0826 2936 \Device\Harddisk0\DR0 - ok
12:18:11.0826 2936 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
12:18:12.0310 2936 \Device\Harddisk1\DR1 - ok
12:18:12.0310 2936 ================ Scan VBR ==================================
12:18:12.0325 2936 [ 64C69251776ED2F9DEF3D5DF0EE74BD1 ] \Device\Harddisk0\DR0\Partition1
12:18:12.0325 2936 \Device\Harddisk0\DR0\Partition1 - ok
12:18:12.0372 2936 [ 8567EB3A0BEC3BAEC37FC311E1808613 ] \Device\Harddisk0\DR0\Partition2
12:18:12.0372 2936 \Device\Harddisk0\DR0\Partition2 - ok
12:18:12.0388 2936 [ C8AD09D6300268C0FBA5D1F99E5AB56B ] \Device\Harddisk0\DR0\Partition3
12:18:12.0388 2936 \Device\Harddisk0\DR0\Partition3 - ok
12:18:12.0388 2936 [ 5C23AA6AB84E7E3D200575660D9F4673 ] \Device\Harddisk0\DR0\Partition4
12:18:12.0388 2936 \Device\Harddisk0\DR0\Partition4 - ok
12:18:12.0403 2936 [ 9DD3F0145DFBAF479F9F6A472F98501D ] \Device\Harddisk1\DR1\Partition1
12:18:12.0403 2936 \Device\Harddisk1\DR1\Partition1 - ok
12:18:12.0403 2936 ============================================================
12:18:12.0403 2936 Scan finished
12:18:12.0403 2936 ============================================================
12:18:12.0435 1008 Detected object count: 15
12:18:12.0435 1008 Actual detected object count: 15
12:18:23.0963 1008 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:23.0963 1008 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:23.0963 1008 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:23.0963 1008 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:23.0979 1008 GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:23.0979 1008 GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:23.0979 1008 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:23.0979 1008 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:23.0979 1008 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:23.0979 1008 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:23.0979 1008 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:23.0979 1008 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:23.0994 1008 IAANTMON ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:23.0994 1008 IAANTMON ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:23.0994 1008 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:23.0994 1008 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:23.0994 1008 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:23.0994 1008 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:23.0994 1008 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:23.0994 1008 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:24.0010 1008 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:24.0010 1008 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:24.0010 1008 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:24.0010 1008 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:24.0010 1008 srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:24.0010 1008 srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:24.0010 1008 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:24.0010 1008 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:18:24.0025 1008 WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:24.0025 1008 WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.11.2012, 15:05
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner doch nicht weg ? Sieht ok aus, eine Kontrolle mit OTL bitte:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2012, 18:49
| #25 |
| | BKA Trojaner doch nicht weg ? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.11.2012 18:08:40 - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\sweety\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,15% Memory free
4,21 Gb Paging File | 2,69 Gb Available in Paging File | 63,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60,63 Gb Total Space | 2,36 Gb Free Space | 3,89% Space Free | Partition Type: NTFS
Drive D: | 29,18 Gb Total Space | 26,53 Gb Free Space | 90,92% Space Free | Partition Type: NTFS
Drive E: | 29,19 Gb Total Space | 1,04 Gb Free Space | 3,55% Space Free | Partition Type: NTFS
Drive G: | 298,02 Gb Total Space | 108,27 Gb Free Space | 36,33% Space Free | Partition Type: FAT32
Drive R: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32
Computer Name: NOTEBOOK | User Name: sweety | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35F68AF2-3C32-467E-AA94-A7E1EDA7E959}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E7E378A-AED3-4010-9978-57620F97446C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C6B8240D-F89D-46B0-9D9D-DE8536DA8BFE}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF5CD14-5181-4A4E-8E15-1BBA5CBD9B5F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{22C1BE2D-396A-420F-AA7C-E27722218501}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3CA601D8-3C21-45BE-804B-FC62A5D8028D}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe |
"{6F248541-A5D0-4421-95E9-2AA9B162E33B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{71CBCF50-D35D-4D71-B94C-009D76EE919C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{7A538BF3-4397-4AD2-805C-B796C9AB03A1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{866307CB-FD4E-48AD-964D-1F2A05BCD207}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{867BF6F4-3A54-4197-888E-182F2076FFBC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9AE72B9A-2E82-4891-88C4-550B5E3F3471}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADD6AC58-9C6C-4393-8C81-C521D43DDC98}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AF2B32D8-1B76-438F-97DE-4C8A94230619}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF760623-A9E3-4D0F-AC87-7118320EFA08}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CFF6D2C4-CADF-425B-A086-9CED5169131D}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe |
"{D2F4D050-7FFD-4852-8995-CF49CB35F9E1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1932307-EF6D-4C51-8C4F-B5FF85D1EAAD}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe |
"{F79210B1-08C0-4640-89D7-2EDE132A9B94}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe |
"TCP Query User{07A780C9-D91F-4310-BB6A-889D71CC1878}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{6E0C693F-76D2-4A00-AFC4-F3386D103351}C:\program files\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files\utherverse digital inc\utherverse vww client\utherverse.exe |
"TCP Query User{972EB0D9-3EA5-4550-A613-187C83A86D1E}C:\program files\jlc's software\internet tv\internet tv.exe" = protocol=6 | dir=in | app=c:\program files\jlc's software\internet tv\internet tv.exe |
"TCP Query User{D38CF0CC-A153-4D6E-8C77-911043FFFA69}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{FAABFAA0-B938-4350-9AA4-4C63AAFF934A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{24CE6550-B49F-4BFE-A95B-9DA00C2995E7}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{2A4B8CFA-35CD-4963-A737-6DF2D4AE310E}C:\program files\jlc's software\internet tv\internet tv.exe" = protocol=17 | dir=in | app=c:\program files\jlc's software\internet tv\internet tv.exe |
"UDP Query User{31E54061-DB22-4FD1-AA20-C6C319CC8FE1}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{47268DE1-7368-4E0C-8910-4F1D1789C40E}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5876BCDC-643A-4AD6-BDC0-0A66C4FC6B33}C:\program files\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files\utherverse digital inc\utherverse vww client\utherverse.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}" = HP Driver Diagnostics
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"ClearProg" = ClearProg 1.5.0 Final
"Debut" = Debut Video Capture Software
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Prism" = Prism Video File Converter
"RealPlayer 15.0" = RealPlayer
"Red Light Center 3D Client" = Red Light Center 3D Client
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"ShotOnline" = ShotOnline
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Utherverse VWW Client" = Utherverse VWW Client
"VideoPad" = VideoPad Video Editor
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"Xvid Video Codec 1.3.1" = Xvid Video Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.10.2012 10:02:36 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:36 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 25.10.2012 10:02:37 | Computer Name = notebook | Source = Windows Search Service | ID = 3013
Description =
Error - 26.10.2012 10:43:20 | Computer Name = notebook | Source = Windows Search Service | ID = 3026
Description =
Error - 27.10.2012 01:45:20 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SearchIndexer.exe, Version 7.0.6002.18005, Zeitstempel
0x49e02459, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel
0x4da47967, Ausnahmecode 0xc0000005, Fehleroffset 0x00049629, Prozess-ID 0xf14,
Anwendungsstartzeit 01cdb405a77bcda9.
[ System Events ]
Error - 28.10.2012 17:16:54 | Computer Name = notebook | Source = DCOM | ID = 10010
Description =
Error - 01.11.2012 05:51:09 | Computer Name = notebook | Source = bowser | ID = 8016
Description =
Error - 01.11.2012 05:51:20 | Computer Name = notebook | Source = bowser | ID = 8016
Description =
Error - 01.11.2012 05:52:28 | Computer Name = notebook | Source = Service Control Manager | ID = 7026
Description =
Error - 01.11.2012 09:19:03 | Computer Name = notebook | Source = DCOM | ID = 10010
Description =
Error - 01.11.2012 13:01:16 | Computer Name = notebook | Source = bowser | ID = 8016
Description =
Error - 01.11.2012 13:01:24 | Computer Name = notebook | Source = bowser | ID = 8016
Description =
Error - 01.11.2012 13:01:59 | Computer Name = notebook | Source = Service Control Manager | ID = 7026
Description =
Error - 01.11.2012 13:02:55 | Computer Name = notebook | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.102 registriert werden. Der Computer mit IP-Adresse 192.168.2.103
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.11.2012 13:08:55 | Computer Name = notebook | Source = bowser | ID = 8003
Description =
[ TuneUp Events ]
Error - 21.08.2010 17:26:03 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 21.08.2010 17:26:08 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 03.10.2010 03:31:04 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 03.10.2010 03:31:10 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 20.10.2010 14:57:51 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 26.10.2010 13:11:01 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 05.11.2010 13:28:41 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 05.11.2010 13:28:41 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 05.11.2010 13:28:47 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 05.11.2010 13:31:37 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.11.2012 18:08:40 - Run 5 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\sweety\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,15% Memory free 4,21 Gb Paging File | 2,69 Gb Available in Paging File | 63,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,63 Gb Total Space | 2,36 Gb Free Space | 3,89% Space Free | Partition Type: NTFS Drive D: | 29,18 Gb Total Space | 26,53 Gb Free Space | 90,92% Space Free | Partition Type: NTFS Drive E: | 29,19 Gb Total Space | 1,04 Gb Free Space | 3,55% Space Free | Partition Type: NTFS Drive G: | 298,02 Gb Total Space | 108,27 Gb Free Space | 36,33% Space Free | Partition Type: FAT32 Drive R: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32 Computer Name: NOTEBOOK | User Name: sweety | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Users\sweety\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\FDM\FUM\fumoei.exe () PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Launch Manager\LaunchAp.exe () ========== Modules (SafeList) ========== MOD - C:\Users\sweety\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (Microsoft Office Groove Audit Service) -- D:\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.f95.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.f95.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\sweety\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\sweety\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.07 06:00:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.07 06:00:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.16 06:33:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 13:39:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 13:39:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\sweety\AppData\Roaming\5025 [2011.09.12 16:39:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 13:39:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 13:39:40 | 000,000,000 | ---D | M] [2010.01.19 19:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Extensions [2012.10.25 14:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\20qd0ckc.default\extensions [2010.04.27 20:13:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\20qd0ckc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.25 15:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\extensions [2012.10.25 15:59:17 | 000,000,000 | ---D | M] (IMVU Inc) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8} [2012.10.06 17:39:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.01 13:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.01 13:39:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- [2012.11.01 13:39:49 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.08 07:03:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.05.30 19:25:56 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.10.28 14:39:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.28 14:39:50 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.28 14:39:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.28 14:39:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.28 14:39:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.28 14:39:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.27 07:22:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Free Uploader Oe Integration] C:\Programme\FDM\FUM\fumoei.exe () O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2012.11.01 13:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.28 10:57:56 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\sweety\Desktop\tdsskiller.exe [2012.10.28 10:57:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\sweety\Desktop\aswMBR.exe [2012.10.27 07:26:34 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Local\temp [2012.10.27 07:24:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.27 07:06:44 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.10.26 16:03:56 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\sweety\Desktop\ComboFix.exe [2012.10.25 15:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012.10.25 15:58:42 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Local\Conduit [2012.10.25 11:25:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.25 11:18:42 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.25 11:18:41 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.06 17:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.10.06 17:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2007.07.12 03:57:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.01 18:07:59 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.01 18:07:59 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.01 18:07:59 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.01 18:07:59 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.01 18:00:38 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.01 18:00:38 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.01 18:00:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.01 18:00:27 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys [2012.11.01 13:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.01 12:02:15 | 000,000,512 | ---- | M] () -- C:\Users\sweety\Desktop\MBR.dat [2012.10.28 15:29:06 | 000,055,808 | ---- | M] () -- C:\Users\sweety\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.28 10:57:58 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\sweety\Desktop\tdsskiller.exe [2012.10.28 10:57:27 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\sweety\Desktop\aswMBR.exe [2012.10.27 07:22:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.27 07:06:00 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\sweety\Desktop\ComboFix.exe [2012.10.25 15:59:22 | 000,000,009 | ---- | M] () -- C:\END [2012.10.25 14:58:14 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.25 10:35:10 | 000,538,941 | ---- | M] () -- C:\Users\sweety\Desktop\adwcleaner.exe [2012.10.09 07:47:45 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.09 07:47:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.06 17:55:51 | 000,001,733 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.01 12:02:15 | 000,000,512 | ---- | C] () -- C:\Users\sweety\Desktop\MBR.dat [2012.10.27 07:06:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.27 07:06:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.25 15:59:21 | 000,000,009 | ---- | C] () -- C:\END [2012.10.25 10:35:10 | 000,538,941 | ---- | C] () -- C:\Users\sweety\Desktop\adwcleaner.exe [2012.10.06 17:55:51 | 000,001,733 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.08.10 16:52:49 | 000,000,045 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\msconfig.ini [2012.08.10 16:29:44 | 000,027,520 | ---- | C] () -- C:\Users\sweety\AppData\Local\dt.dat [2012.05.28 06:54:18 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.05.28 06:54:17 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.12.11 19:48:10 | 000,000,000 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\ASC001.bin [2011.08.07 15:52:55 | 000,000,552 | ---- | C] () -- C:\Users\sweety\AppData\Local\d3d8caps.dat [2011.08.07 15:41:49 | 000,001,356 | ---- | C] () -- C:\Users\sweety\AppData\Local\d3d9caps.dat [2010.09.11 16:00:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.11 16:00:30 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.09.25 19:43:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.25 19:41:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.02.07 19:25:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2009.02.07 19:25:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2009.02.07 19:25:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2008.10.02 16:21:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.05.22 20:41:38 | 000,130,805 | ---- | C] () -- C:\Windows\hpoins18.dat [2008.05.22 20:40:28 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2008.03.16 17:01:30 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini [2007.10.18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll [2007.10.14 19:16:09 | 000,055,808 | ---- | C] () -- C:\Users\sweety\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.16 16:26:32 | 000,000,000 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\wklnhst.dat [2007.09.06 20:28:44 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.09.06 14:44:14 | 000,000,094 | ---- | C] () -- C:\Users\sweety\AppData\Local\fusioncache.dat [2007.08.24 19:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.07.12 03:57:45 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.07.09 16:32:04 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe [2007.07.06 06:39:12 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.07.06 06:39:06 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.07.06 06:12:57 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007.07.06 05:41:51 | 000,241,664 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.07.06 05:41:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007.06.20 12:39:38 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.06.20 12:39:38 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.06.11 13:43:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.06.11 13:43:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 16:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,432,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.20 06:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
03.11.2012, 14:33
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner doch nicht weg ?Code:
ATTFilter Version 3.2.26.1
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2012, 00:19
| #27 |
| | BKA Trojaner doch nicht weg ? OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.11.2012 00:06:36 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sweety\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,36% Memory free 4,21 Gb Paging File | 2,79 Gb Available in Paging File | 66,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,63 Gb Total Space | 3,31 Gb Free Space | 5,46% Space Free | Partition Type: NTFS Drive D: | 29,18 Gb Total Space | 26,53 Gb Free Space | 90,92% Space Free | Partition Type: NTFS Drive E: | 29,19 Gb Total Space | 1,04 Gb Free Space | 3,55% Space Free | Partition Type: NTFS Drive G: | 298,02 Gb Total Space | 108,27 Gb Free Space | 36,33% Space Free | Partition Type: FAT32 Drive R: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32 Computer Name: NOTEBOOK | User Name: sweety | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\sweety\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\FDM\FUM\fumoei.exe () PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Launch Manager\LaunchAp.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\System32\igfxTMM.dll () MOD - C:\Programme\FDM\FUM\fumoei.exe () MOD - C:\Programme\Motorola\SMSERIAL\sm56ita.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56esp.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56brz.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56kor.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56ger.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56fra.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56dnk.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56jpn.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56cht.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56chs.dll () MOD - C:\Programme\Launch Manager\WButton.exe () MOD - C:\Programme\Launch Manager\LaunchAp.exe () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (Microsoft Office Groove Audit Service) -- D:\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (mailKmd) -- File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (catchme) -- C:\Users\sweety\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.f95.de/ IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\..\SearchScopes,DefaultScope = {4C7024D6-8A52-4D28-864E-F6BEABB1B52D} IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\..\SearchScopes\{4C7024D6-8A52-4D28-864E-F6BEABB1B52D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669 IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNWN_de IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.f95.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\sweety\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\sweety\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.07 06:00:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.07 06:00:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.16 06:33:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 13:39:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 13:39:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\sweety\AppData\Roaming\5025 [2011.09.12 16:39:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 13:39:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 13:39:40 | 000,000,000 | ---D | M] [2010.01.19 19:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Extensions [2012.10.25 14:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\20qd0ckc.default\extensions [2010.04.27 20:13:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\20qd0ckc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.25 15:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\extensions [2012.10.25 15:59:17 | 000,000,000 | ---D | M] (IMVU Inc) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8} [2012.10.06 17:39:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.01 13:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.01 13:39:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.11.01 13:39:49 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.08 07:03:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.05.30 19:25:56 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.10.28 14:39:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.28 14:39:50 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.28 14:39:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.28 14:39:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.28 14:39:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.28 14:39:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - Extension: YouTube = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.10.27 07:22:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003..\Run: [Free Uploader Oe Integration] C:\Programme\FDM\FUM\fumoei.exe () O4 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2538822-8FA8-4FB7-BABD-7A7E81D14206}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-4191780963-2002099150-675310161-1003\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.04 00:04:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sweety\Desktop\OTL.exe [2012.11.01 13:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.28 10:57:56 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\sweety\Desktop\tdsskiller.exe [2012.10.28 10:57:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\sweety\Desktop\aswMBR.exe [2012.10.27 07:26:34 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Local\temp [2012.10.27 07:24:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.27 07:06:44 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.10.26 16:03:56 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\sweety\Desktop\ComboFix.exe [2012.10.25 15:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012.10.25 15:58:42 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Local\Conduit [2012.10.25 11:25:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.25 11:18:42 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.25 11:18:41 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.06 17:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.10.06 17:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.04 00:04:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sweety\Desktop\OTL.exe [2012.11.03 23:52:04 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 23:52:04 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 23:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 19:56:41 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.03 19:56:41 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.03 19:56:41 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.03 19:56:41 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 19:52:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 19:50:51 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys [2012.11.01 12:02:15 | 000,000,512 | ---- | M] () -- C:\Users\sweety\Desktop\MBR.dat [2012.10.28 15:29:06 | 000,055,808 | ---- | M] () -- C:\Users\sweety\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.28 10:57:58 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\sweety\Desktop\tdsskiller.exe [2012.10.28 10:57:27 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\sweety\Desktop\aswMBR.exe [2012.10.27 07:22:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.27 07:06:00 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\sweety\Desktop\ComboFix.exe [2012.10.25 15:59:22 | 000,000,009 | ---- | M] () -- C:\END [2012.10.25 14:58:14 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.25 10:35:10 | 000,538,941 | ---- | M] () -- C:\Users\sweety\Desktop\adwcleaner.exe [2012.10.09 07:47:45 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.09 07:47:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.06 17:55:51 | 000,001,733 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.01 12:02:15 | 000,000,512 | ---- | C] () -- C:\Users\sweety\Desktop\MBR.dat [2012.10.27 07:06:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.27 07:06:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.25 15:59:21 | 000,000,009 | ---- | C] () -- C:\END [2012.10.25 10:35:10 | 000,538,941 | ---- | C] () -- C:\Users\sweety\Desktop\adwcleaner.exe [2012.10.06 17:55:51 | 000,001,733 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.08.10 16:52:49 | 000,000,045 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\msconfig.ini [2012.08.10 16:29:44 | 000,027,520 | ---- | C] () -- C:\Users\sweety\AppData\Local\dt.dat [2012.06.29 17:37:16 | 000,000,000 | ---- | C] () -- C:\Users\sweety\defogger_reenable [2012.05.28 06:54:18 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.05.28 06:54:17 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.12.11 19:48:10 | 000,000,000 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\ASC001.bin [2011.08.07 15:52:55 | 000,000,552 | ---- | C] () -- C:\Users\sweety\AppData\Local\d3d8caps.dat [2011.08.07 15:41:49 | 000,001,356 | ---- | C] () -- C:\Users\sweety\AppData\Local\d3d9caps.dat [2007.10.14 19:16:09 | 000,055,808 | ---- | C] () -- C:\Users\sweety\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.16 16:26:32 | 000,000,000 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\wklnhst.dat [2007.09.06 20:28:44 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.09.06 14:44:14 | 000,000,094 | ---- | C] () -- C:\Users\sweety\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
04.11.2012, 16:55
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner doch nicht weg ? Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2012.08.10 16:52:49 | 000,000,045 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\msconfig.ini
[2012.08.10 16:29:44 | 000,027,520 | ---- | C] () -- C:\Users\sweety\AppData\Local\dt.dat
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.11.2012, 08:13
| #29 |
| | BKA Trojaner doch nicht weg ? OTL reagierte zum Schluss nicht mehr, aber es kann ein log und ich musste neustarten Code:
ATTFilter Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\JET7BD.tmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
11.11.2012, 19:41
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner doch nicht weg ? Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus. Wiederhol den Fix also nochmal im abgesicherten Modus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu BKA Trojaner doch nicht weg ? |
| aktiv, anwendungen, arbeitsspeicher, bka trojaner, entfern, entfernt, heulen, komplett, nichts, seitdem, troja, trojaner |
Linear-Darstellung
