|
Plagegeister aller Art und deren Bekämpfung: Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.11.2012, 15:06 | #1 |
| Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) Hallo. Vor ein paar Tagen wurde mein Bildschirm auf einmal schwarz. Nach kurzer Zeit kam wieder ein Bild, doch die Auflösung war sehr niedrig und es hat nichts wirklich funktioniert. Danach wurde es nochmal sehr kurz schwarz und mein normaler Desktop war zu sehen, in normaler Auflösung mit verrückten/verschwundenen(?) Icons. Ich glaube es war gestern, oder vorgestern, als sich die Firewall meldete und ein spanisches Freeware-Programm(?) meldete. Hab natürlich keine Freigabe erteilt und den Prozesss(woher kam das Teil?!) beendet. Hab dann mal Malwarebytes drüber laufen gelassen(1. Bericht) und alles gelöscht (jaja, sorry, aber ich glaub es waren nur false-positives. Eins davon war mit dem TDSS Killer quarantäniert worden *g*). Dachte wäre soweit alles gut, bis gestern dann im MSN beim einmaligen Drücken vom ^Knopf sofort zwei(^^) kamen.(Ich weiß normalerweise einmal ^drücken und Leertaste damit es erscheint, so wie jetzt, aber es kamen sofort zwei Stück und NUR in msn). Bin dann mal auf Start-Programme, und siehe da "3D Vision aktivieren". Neugierig draufgeklickt und stellte sich als NVIDIA Applikation heraus... trotz NVIDIA GraKa sehr mysteriös, denn ich habe sowas nie wissentlich runtergeladen. Wegen dem ^-Problem habe ich mal Google bemüht und da kam auch der Verdacht, dass Viren/Spyware dafür verantwortlich sein könnte. 1. Bericht: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.18.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Max :: MAX-PC [Administrator] 18.11.2012 15:59:56 mbam-log-2012-11-18 (15-59-56).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|J:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 388732 Laufzeit: 55 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Max\LOCALS~1\Temp\msvkqkzoc.pif -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\TDSSKiller_Quarantine\11.08.2012_21.21.53\susp0000\svc0000\tsk0000.dta (Rootkit.Necurs.64) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.19.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Max :: MAX-PC [Administrator] 19.11.2012 13:57:54 mbam-log-2012-11-19 (13-57-54).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|J:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 389024 Laufzeit: 53 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Habe im Selbstversuch ein paar seltsame Prozesse beendet, die vielleicht für das ein oder andere Problem hätten verantwortlich sein können. Bei meinen Nachforschungen bin ich auch auf "winlogon.exe" gestoßen, welches sich nicht beenden ließ. Ob es jetzt ein Virus, ein normales Programm oder beides ist, weiß ich nicht zu sagen, aber bei Verweigerung werde ich immer stutzig. Edit2: Bei dem spanischen Programm gab die Firewall Folgendes an: Name: Questo Programma è FreeWare Herausgeber: Compagnia ? quale Compagnia? Pfad: C:\users\max\appdata\roaming\owysne\voag.exe Im Taskmanager - Prozess: voag.exe Taucht immer wieder auf und PC wird langsam... |
20.11.2012, 18:28 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) Hallo und
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Code:
ATTFilter HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Max\LOCALS~1\Temp\msvkqkzoc.pif -> Löschen bei Neustart. C:\TDSSKiller_Quarantine\11.08.2012_21.21.53\susp0000\svc0000\tsk0000.dta (Rootkit.Necurs.64) -> Erfolgreich gelöscht und in Quarantäne gestellt. Das zweite ist zwar auch ein Schädlin, der aber nicht aktiviert ist und nur zu Backupzwecken noch in der Q vom TDSS-Killer liegt 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ |
20.11.2012, 21:11 | #3 | |
| Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) Hi!
__________________Kennen uns doch noch hiervon: http://www.trojaner-board.de/121177-...tivierbar.html Zitat:
Zu den Logs: aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-20 20:18:21 ----------------------------- 20:18:21.678 OS Version: Windows x64 6.1.7601 Service Pack 1 20:18:21.678 Number of processors: 2 586 0x4302 20:18:21.678 ComputerName: MAX-PC UserName: Max 20:18:23.491 Initialize success 20:49:08.915 AVAST engine defs: 12111901 20:49:50.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 20:49:50.994 Disk 0 Vendor: SAMSUNG_HD160JJ ZM100-37 Size: 152627MB BusType: 3 20:49:50.994 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-6 20:49:50.994 Disk 1 Vendor: ExcelStor_Technology_G280 ESACAL17 Size: 76293MB BusType: 3 20:49:51.025 Disk 0 MBR read successfully 20:49:51.025 Disk 0 MBR scan 20:49:51.041 Disk 0 Windows 7 default MBR code 20:49:51.041 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63 20:49:51.087 Disk 0 scanning C:\Windows\system32\drivers 20:50:02.197 Service scanning 20:50:26.134 Modules scanning 20:50:26.134 Disk 0 trace - called modules: 20:50:26.150 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 20:50:26.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80023bc060] 20:50:26.150 3 CLASSPNP.SYS[fffff880019cf43f] -> nt!IofCallDriver -> [0xfffffa800228d520] 20:50:26.166 5 ACPI.sys[fffff88000f027a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8002292060] 20:50:26.728 AVAST engine scan C:\Windows 20:50:29.103 AVAST engine scan C:\Windows\system32 20:53:46.134 AVAST engine scan C:\Windows\system32\drivers 20:53:58.822 AVAST engine scan C:\Users\Max 20:58:13.900 AVAST engine scan C:\ProgramData 20:59:03.384 Scan finished successfully 20:59:35.275 Disk 0 MBR has been saved successfully to "C:\Users\Max\Desktop\MBR.dat" 20:59:35.291 The log file has been saved successfully to "C:\Users\Max\Desktop\aswMBR.txt" Code:
ATTFilter 21:01:54.0520 3684 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:01:54.0536 3684 ============================================================ 21:01:54.0536 3684 Current date / time: 2012/11/20 21:01:54.0536 21:01:54.0536 3684 SystemInfo: 21:01:54.0536 3684 21:01:54.0536 3684 OS Version: 6.1.7601 ServicePack: 1.0 21:01:54.0536 3684 Product type: Workstation 21:01:54.0536 3684 ComputerName: MAX-PC 21:01:54.0536 3684 UserName: Max 21:01:54.0536 3684 Windows directory: C:\Windows 21:01:54.0536 3684 System windows directory: C:\Windows 21:01:54.0536 3684 Running under WOW64 21:01:54.0536 3684 Processor architecture: Intel x64 21:01:54.0536 3684 Number of processors: 2 21:01:54.0536 3684 Page size: 0x1000 21:01:54.0536 3684 Boot type: Normal boot 21:01:54.0536 3684 ============================================================ 21:01:55.0864 3684 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:01:55.0879 3684 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:01:55.0879 3684 ============================================================ 21:01:55.0879 3684 \Device\Harddisk1\DR1: 21:01:55.0879 3684 MBR partitions: 21:01:55.0879 3684 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9501800 21:01:55.0879 3684 \Device\Harddisk0\DR0: 21:01:55.0879 3684 MBR partitions: 21:01:55.0879 3684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1 21:01:55.0879 3684 ============================================================ 21:01:55.0911 3684 C: <-> \Device\Harddisk0\DR0\Partition1 21:01:55.0958 3684 D: <-> \Device\Harddisk1\DR1\Partition1 21:01:55.0989 3684 ============================================================ 21:01:55.0989 3684 Initialize success 21:01:55.0989 3684 ============================================================ 21:02:06.0145 2608 ============================================================ 21:02:06.0145 2608 Scan started 21:02:06.0145 2608 Mode: Manual; SigCheck; TDLFS; 21:02:06.0145 2608 ============================================================ 21:02:07.0489 2608 ================ Scan system memory ======================== 21:02:07.0489 2608 System memory - ok 21:02:07.0489 2608 ================ Scan services ============================= 21:02:07.0676 2608 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:02:07.0911 2608 1394ohci - ok 21:02:07.0973 2608 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:02:07.0989 2608 ACPI - ok 21:02:08.0051 2608 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:02:08.0145 2608 AcpiPmi - ok 21:02:08.0301 2608 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys 21:02:08.0458 2608 acsock - ok 21:02:08.0598 2608 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:02:08.0614 2608 AdobeARMservice - ok 21:02:08.0754 2608 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:02:08.0770 2608 AdobeFlashPlayerUpdateSvc - ok 21:02:08.0817 2608 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 21:02:08.0833 2608 adp94xx - ok 21:02:08.0864 2608 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 21:02:08.0879 2608 adpahci - ok 21:02:08.0895 2608 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 21:02:08.0911 2608 adpu320 - ok 21:02:08.0958 2608 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:02:09.0098 2608 AeLookupSvc - ok 21:02:09.0176 2608 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 21:02:09.0270 2608 AFD - ok 21:02:09.0317 2608 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:02:09.0333 2608 agp440 - ok 21:02:09.0348 2608 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 21:02:09.0411 2608 ALG - ok 21:02:09.0426 2608 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 21:02:09.0442 2608 aliide - ok 21:02:09.0473 2608 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 21:02:09.0489 2608 amdide - ok 21:02:09.0536 2608 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:02:09.0598 2608 AmdK8 - ok 21:02:09.0598 2608 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 21:02:09.0661 2608 AmdPPM - ok 21:02:09.0692 2608 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:02:09.0708 2608 amdsata - ok 21:02:09.0739 2608 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 21:02:09.0754 2608 amdsbs - ok 21:02:09.0770 2608 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:02:09.0770 2608 amdxata - ok 21:02:09.0864 2608 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 21:02:09.0911 2608 AntiVirSchedulerService - ok 21:02:09.0973 2608 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 21:02:09.0989 2608 AntiVirService - ok 21:02:10.0020 2608 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 21:02:10.0176 2608 AppID - ok 21:02:10.0208 2608 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:02:10.0286 2608 AppIDSvc - ok 21:02:10.0317 2608 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 21:02:10.0379 2608 Appinfo - ok 21:02:10.0442 2608 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 21:02:10.0458 2608 arc - ok 21:02:10.0473 2608 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 21:02:10.0473 2608 arcsas - ok 21:02:10.0520 2608 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:02:10.0583 2608 AsyncMac - ok 21:02:10.0614 2608 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 21:02:10.0629 2608 atapi - ok 21:02:10.0692 2608 [ 64F07381335E37C142F6D176705FFCA6 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys 21:02:10.0723 2608 atksgt - ok 21:02:10.0786 2608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:02:10.0864 2608 AudioEndpointBuilder - ok 21:02:10.0879 2608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:02:10.0911 2608 AudioSrv - ok 21:02:10.0942 2608 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 21:02:10.0958 2608 avgntflt - ok 21:02:11.0036 2608 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 21:02:11.0051 2608 avipbb - ok 21:02:11.0083 2608 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 21:02:11.0083 2608 avkmgr - ok 21:02:11.0129 2608 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:02:11.0223 2608 AxInstSV - ok 21:02:11.0254 2608 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 21:02:11.0317 2608 b06bdrv - ok 21:02:11.0364 2608 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:02:11.0458 2608 b57nd60a - ok 21:02:11.0504 2608 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 21:02:11.0567 2608 BDESVC - ok 21:02:11.0598 2608 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 21:02:11.0708 2608 Beep - ok 21:02:11.0770 2608 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 21:02:11.0817 2608 BFE - ok 21:02:11.0879 2608 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 21:02:11.0958 2608 BITS - ok 21:02:11.0989 2608 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:02:12.0036 2608 blbdrive - ok 21:02:12.0083 2608 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:02:12.0114 2608 bowser - ok 21:02:12.0129 2608 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:02:12.0208 2608 BrFiltLo - ok 21:02:12.0223 2608 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:02:12.0239 2608 BrFiltUp - ok 21:02:12.0286 2608 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 21:02:12.0333 2608 BridgeMP - ok 21:02:12.0364 2608 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 21:02:12.0395 2608 Browser - ok 21:02:12.0411 2608 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:02:12.0489 2608 Brserid - ok 21:02:12.0504 2608 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:02:12.0551 2608 BrSerWdm - ok 21:02:12.0551 2608 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:02:12.0614 2608 BrUsbMdm - ok 21:02:12.0614 2608 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:02:12.0645 2608 BrUsbSer - ok 21:02:12.0723 2608 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 21:02:13.0036 2608 BthEnum - ok 21:02:13.0067 2608 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 21:02:13.0098 2608 BTHMODEM - ok 21:02:13.0192 2608 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 21:02:13.0223 2608 BthPan - ok 21:02:13.0286 2608 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 21:02:13.0348 2608 BTHPORT - ok 21:02:13.0395 2608 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 21:02:13.0442 2608 bthserv - ok 21:02:13.0583 2608 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 21:02:13.0614 2608 BTHUSB - ok 21:02:13.0645 2608 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:02:13.0708 2608 cdfs - ok 21:02:13.0770 2608 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:02:13.0817 2608 cdrom - ok 21:02:13.0848 2608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 21:02:13.0895 2608 CertPropSvc - ok 21:02:13.0942 2608 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 21:02:13.0958 2608 circlass - ok 21:02:13.0989 2608 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 21:02:14.0004 2608 CLFS - ok 21:02:14.0083 2608 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:02:14.0098 2608 clr_optimization_v2.0.50727_32 - ok 21:02:14.0161 2608 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:02:14.0176 2608 clr_optimization_v2.0.50727_64 - ok 21:02:14.0254 2608 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:02:14.0301 2608 clr_optimization_v4.0.30319_32 - ok 21:02:14.0333 2608 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:02:14.0348 2608 clr_optimization_v4.0.30319_64 - ok 21:02:14.0364 2608 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:02:14.0395 2608 CmBatt - ok 21:02:14.0426 2608 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:02:14.0442 2608 cmdide - ok 21:02:14.0504 2608 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 21:02:14.0598 2608 CNG - ok 21:02:14.0614 2608 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:02:14.0629 2608 Compbatt - ok 21:02:14.0676 2608 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:02:14.0708 2608 CompositeBus - ok 21:02:14.0708 2608 COMSysApp - ok 21:02:14.0739 2608 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 21:02:14.0754 2608 crcdisk - ok 21:02:14.0801 2608 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:02:14.0864 2608 CryptSvc - ok 21:02:14.0911 2608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:02:14.0973 2608 DcomLaunch - ok 21:02:15.0020 2608 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 21:02:15.0083 2608 defragsvc - ok 21:02:15.0161 2608 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:02:15.0208 2608 DfsC - ok 21:02:15.0254 2608 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 21:02:15.0317 2608 Dhcp - ok 21:02:15.0348 2608 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 21:02:15.0395 2608 discache - ok 21:02:15.0426 2608 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 21:02:15.0442 2608 Disk - ok 21:02:15.0458 2608 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:02:15.0520 2608 Dnscache - ok 21:02:15.0567 2608 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:02:15.0629 2608 dot3svc - ok 21:02:15.0661 2608 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 21:02:15.0723 2608 DPS - ok 21:02:15.0754 2608 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:02:15.0801 2608 drmkaud - ok 21:02:15.0895 2608 [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 21:02:15.0911 2608 dtsoftbus01 - ok 21:02:15.0973 2608 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:02:16.0020 2608 DXGKrnl - ok 21:02:16.0051 2608 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 21:02:16.0098 2608 EapHost - ok 21:02:16.0223 2608 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 21:02:16.0364 2608 ebdrv - ok 21:02:16.0411 2608 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 21:02:16.0473 2608 EFS - ok 21:02:16.0654 2608 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:02:16.0857 2608 ehRecvr - ok 21:02:16.0880 2608 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 21:02:16.0904 2608 ehSched - ok 21:02:16.0943 2608 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 21:02:16.0966 2608 elxstor - ok 21:02:17.0013 2608 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:02:17.0060 2608 ErrDev - ok 21:02:17.0216 2608 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 21:02:17.0357 2608 EventSystem - ok 21:02:17.0388 2608 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 21:02:17.0451 2608 exfat - ok 21:02:17.0513 2608 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:02:17.0591 2608 fastfat - ok 21:02:17.0638 2608 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 21:02:17.0733 2608 Fax - ok 21:02:17.0749 2608 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:02:17.0772 2608 fdc - ok 21:02:17.0803 2608 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 21:02:17.0858 2608 fdPHost - ok 21:02:17.0881 2608 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 21:02:17.0936 2608 FDResPub - ok 21:02:17.0975 2608 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:02:17.0983 2608 FileInfo - ok 21:02:17.0991 2608 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:02:18.0053 2608 Filetrace - ok 21:02:18.0092 2608 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:02:18.0124 2608 flpydisk - ok 21:02:18.0163 2608 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:02:18.0186 2608 FltMgr - ok 21:02:18.0249 2608 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 21:02:18.0327 2608 FontCache - ok 21:02:18.0405 2608 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:02:18.0405 2608 FontCache3.0.0.0 - ok 21:02:18.0436 2608 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:02:18.0452 2608 FsDepends - ok 21:02:18.0499 2608 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:02:18.0545 2608 Fs_Rec - ok 21:02:18.0639 2608 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:02:18.0686 2608 fvevol - ok 21:02:18.0764 2608 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 21:02:18.0795 2608 gagp30kx - ok 21:02:18.0905 2608 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 21:02:19.0108 2608 gpsvc - ok 21:02:19.0202 2608 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:02:19.0311 2608 hcw85cir - ok 21:02:19.0483 2608 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:02:19.0545 2608 HdAudAddService - ok 21:02:19.0608 2608 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 21:02:19.0655 2608 HDAudBus - ok 21:02:19.0686 2608 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 21:02:19.0702 2608 HidBatt - ok 21:02:19.0733 2608 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 21:02:19.0749 2608 HidBth - ok 21:02:19.0764 2608 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 21:02:19.0795 2608 HidIr - ok 21:02:19.0827 2608 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 21:02:19.0936 2608 hidserv - ok 21:02:19.0983 2608 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:02:20.0077 2608 HidUsb - ok 21:02:20.0139 2608 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:02:20.0202 2608 hkmsvc - ok 21:02:20.0233 2608 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:02:20.0295 2608 HomeGroupListener - ok 21:02:20.0342 2608 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:02:20.0374 2608 HomeGroupProvider - ok 21:02:20.0420 2608 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:02:20.0420 2608 HpSAMD - ok 21:02:20.0499 2608 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:02:20.0561 2608 HTTP - ok 21:02:20.0592 2608 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:02:20.0592 2608 hwpolicy - ok 21:02:20.0639 2608 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 21:02:20.0655 2608 i8042prt - ok 21:02:20.0702 2608 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:02:20.0733 2608 iaStorV - ok 21:02:20.0780 2608 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:02:20.0811 2608 idsvc - ok 21:02:20.0827 2608 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 21:02:20.0842 2608 iirsp - ok 21:02:20.0874 2608 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 21:02:20.0936 2608 IKEEXT - ok 21:02:20.0967 2608 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 21:02:20.0983 2608 intelide - ok 21:02:20.0999 2608 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:02:21.0014 2608 intelppm - ok 21:02:21.0061 2608 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:02:21.0108 2608 IPBusEnum - ok 21:02:21.0155 2608 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:02:21.0202 2608 IpFilterDriver - ok 21:02:21.0249 2608 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:02:21.0311 2608 iphlpsvc - ok 21:02:21.0358 2608 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:02:21.0374 2608 IPMIDRV - ok 21:02:21.0389 2608 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:02:21.0420 2608 IPNAT - ok 21:02:21.0436 2608 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:02:21.0499 2608 IRENUM - ok 21:02:21.0514 2608 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:02:21.0530 2608 isapnp - ok 21:02:21.0577 2608 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:02:21.0592 2608 iScsiPrt - ok 21:02:21.0795 2608 [ 78D233D835A8876035AC559AFE02B940 ] jswpsapi C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe 21:02:21.0842 2608 jswpsapi ( UnsignedFile.Multi.Generic ) - warning 21:02:21.0842 2608 jswpsapi - detected UnsignedFile.Multi.Generic (1) 21:02:21.0905 2608 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys 21:02:21.0952 2608 JSWPSLWF - ok 21:02:21.0983 2608 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 21:02:21.0999 2608 kbdclass - ok 21:02:22.0030 2608 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 21:02:22.0077 2608 kbdhid - ok 21:02:22.0092 2608 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 21:02:22.0108 2608 KeyIso - ok 21:02:22.0155 2608 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:02:22.0155 2608 KSecDD - ok 21:02:22.0217 2608 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:02:22.0233 2608 KSecPkg - ok 21:02:22.0280 2608 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:02:22.0327 2608 ksthunk - ok 21:02:22.0374 2608 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 21:02:22.0436 2608 KtmRm - ok 21:02:22.0467 2608 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 21:02:22.0530 2608 LanmanServer - ok 21:02:22.0577 2608 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:02:22.0624 2608 LanmanWorkstation - ok 21:02:22.0655 2608 [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys 21:02:22.0670 2608 lirsgt - ok 21:02:22.0686 2608 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:02:22.0749 2608 lltdio - ok 21:02:22.0795 2608 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:02:22.0842 2608 lltdsvc - ok 21:02:22.0858 2608 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:02:22.0889 2608 lmhosts - ok 21:02:22.0905 2608 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 21:02:22.0920 2608 LSI_FC - ok 21:02:22.0952 2608 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 21:02:22.0952 2608 LSI_SAS - ok 21:02:22.0967 2608 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:02:22.0983 2608 LSI_SAS2 - ok 21:02:22.0999 2608 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:02:23.0014 2608 LSI_SCSI - ok 21:02:23.0030 2608 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 21:02:23.0092 2608 luafv - ok 21:02:23.0124 2608 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys 21:02:23.0139 2608 ManyCam - ok 21:02:23.0202 2608 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:02:23.0249 2608 Mcx2Svc - ok 21:02:23.0264 2608 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 21:02:23.0280 2608 megasas - ok 21:02:23.0295 2608 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 21:02:23.0311 2608 MegaSR - ok 21:02:23.0342 2608 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 21:02:23.0405 2608 MMCSS - ok 21:02:23.0436 2608 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 21:02:23.0483 2608 Modem - ok 21:02:23.0514 2608 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:02:23.0545 2608 monitor - ok 21:02:23.0577 2608 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:02:23.0592 2608 mouclass - ok 21:02:23.0608 2608 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:02:23.0639 2608 mouhid - ok 21:02:23.0686 2608 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:02:23.0686 2608 mountmgr - ok 21:02:23.0764 2608 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 21:02:23.0780 2608 MozillaMaintenance - ok 21:02:23.0811 2608 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 21:02:23.0827 2608 mpio - ok 21:02:23.0842 2608 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:02:23.0905 2608 mpsdrv - ok 21:02:23.0952 2608 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:02:24.0030 2608 MpsSvc - ok 21:02:24.0061 2608 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:02:24.0108 2608 MRxDAV - ok 21:02:24.0139 2608 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:02:24.0186 2608 mrxsmb - ok 21:02:24.0311 2608 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:02:24.0452 2608 mrxsmb10 - ok 21:02:24.0530 2608 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:02:24.0545 2608 mrxsmb20 - ok 21:02:24.0561 2608 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 21:02:24.0577 2608 msahci - ok 21:02:24.0624 2608 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:02:24.0639 2608 msdsm - ok 21:02:24.0655 2608 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 21:02:24.0702 2608 MSDTC - ok 21:02:24.0749 2608 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:02:24.0780 2608 Msfs - ok 21:02:24.0795 2608 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:02:24.0842 2608 mshidkmdf - ok 21:02:24.0905 2608 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:02:24.0920 2608 msisadrv - ok 21:02:24.0952 2608 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:02:24.0999 2608 MSiSCSI - ok 21:02:25.0014 2608 msiserver - ok 21:02:25.0030 2608 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:02:25.0092 2608 MSKSSRV - ok 21:02:25.0124 2608 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:02:25.0170 2608 MSPCLOCK - ok 21:02:25.0202 2608 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:02:25.0264 2608 MSPQM - ok 21:02:25.0311 2608 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:02:25.0327 2608 MsRPC - ok 21:02:25.0358 2608 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:02:25.0374 2608 mssmbios - ok 21:02:25.0389 2608 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:02:25.0452 2608 MSTEE - ok 21:02:25.0467 2608 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 21:02:25.0499 2608 MTConfig - ok 21:02:25.0514 2608 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 21:02:25.0530 2608 Mup - ok 21:02:25.0592 2608 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 21:02:25.0655 2608 napagent - ok 21:02:25.0702 2608 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:02:25.0749 2608 NativeWifiP - ok 21:02:25.0795 2608 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:02:25.0842 2608 NDIS - ok 21:02:25.0858 2608 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:02:25.0905 2608 NdisCap - ok 21:02:25.0936 2608 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:02:25.0983 2608 NdisTapi - ok 21:02:26.0045 2608 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:02:26.0077 2608 Ndisuio - ok 21:02:26.0124 2608 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:02:26.0186 2608 NdisWan - ok 21:02:26.0249 2608 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:02:26.0311 2608 NDProxy - ok 21:02:26.0342 2608 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:02:26.0389 2608 NetBIOS - ok 21:02:26.0483 2608 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:02:26.0530 2608 NetBT - ok 21:02:26.0545 2608 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 21:02:26.0561 2608 Netlogon - ok 21:02:26.0592 2608 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 21:02:26.0655 2608 Netman - ok 21:02:26.0702 2608 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 21:02:26.0764 2608 netprofm - ok 21:02:26.0795 2608 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:02:26.0811 2608 NetTcpPortSharing - ok 21:02:26.0842 2608 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 21:02:26.0842 2608 nfrd960 - ok 21:02:26.0889 2608 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:02:26.0936 2608 NlaSvc - ok 21:02:26.0967 2608 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:02:26.0999 2608 Npfs - ok 21:02:27.0014 2608 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 21:02:27.0077 2608 nsi - ok 21:02:27.0108 2608 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:02:27.0170 2608 nsiproxy - ok 21:02:27.0249 2608 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:02:27.0295 2608 Ntfs - ok 21:02:27.0327 2608 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 21:02:27.0374 2608 Null - ok 21:02:27.0702 2608 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:02:28.0139 2608 nvlddmkm - ok 21:02:28.0186 2608 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:02:28.0202 2608 nvraid - ok 21:02:28.0249 2608 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:02:28.0264 2608 nvstor - ok 21:02:28.0342 2608 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 21:02:28.0389 2608 nvsvc - ok 21:02:28.0499 2608 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 21:02:28.0530 2608 nvUpdatusService - ok 21:02:28.0577 2608 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:02:28.0592 2608 nv_agp - ok 21:02:28.0639 2608 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:02:28.0670 2608 ohci1394 - ok 21:02:28.0717 2608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:02:28.0780 2608 p2pimsvc - ok 21:02:28.0811 2608 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 21:02:28.0842 2608 p2psvc - ok 21:02:28.0874 2608 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 21:02:28.0874 2608 Parport - ok 21:02:28.0920 2608 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:02:28.0936 2608 partmgr - ok 21:02:28.0983 2608 [ 304E6AC43613A9C43896C4300009442B ] PCAMp50a64 C:\Windows\system32\Drivers\PCAMp50a64.sys 21:02:28.0983 2608 PCAMp50a64 - ok 21:02:29.0030 2608 [ 18B6869E23937175144E6F1D3CB85FC2 ] PCASp50a64 C:\Windows\system32\Drivers\PCASp50a64.sys 21:02:29.0045 2608 PCASp50a64 - ok 21:02:29.0077 2608 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:02:29.0124 2608 PcaSvc - ok 21:02:29.0139 2608 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 21:02:29.0155 2608 pci - ok 21:02:29.0170 2608 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 21:02:29.0186 2608 pciide - ok 21:02:29.0217 2608 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 21:02:29.0233 2608 pcmcia - ok 21:02:29.0249 2608 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 21:02:29.0264 2608 pcw - ok 21:02:29.0295 2608 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:02:29.0358 2608 PEAUTH - ok 21:02:29.0436 2608 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:02:29.0483 2608 PerfHost - ok 21:02:29.0624 2608 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 21:02:29.0764 2608 pla - ok 21:02:29.0811 2608 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:02:29.0842 2608 PlugPlay - ok 21:02:29.0874 2608 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:02:29.0874 2608 PNRPAutoReg - ok 21:02:29.0905 2608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:02:29.0920 2608 PNRPsvc - ok 21:02:29.0967 2608 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:02:30.0030 2608 PolicyAgent - ok 21:02:30.0077 2608 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 21:02:30.0139 2608 Power - ok 21:02:30.0202 2608 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:02:30.0233 2608 PptpMiniport - ok 21:02:30.0264 2608 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 21:02:30.0295 2608 Processor - ok 21:02:30.0327 2608 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 21:02:30.0358 2608 ProfSvc - ok 21:02:30.0374 2608 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:02:30.0374 2608 ProtectedStorage - ok 21:02:30.0420 2608 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:02:30.0483 2608 Psched - ok 21:02:30.0545 2608 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys 21:02:30.0545 2608 PSI - ok 21:02:30.0608 2608 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 21:02:30.0655 2608 ql2300 - ok 21:02:30.0686 2608 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 21:02:30.0686 2608 ql40xx - ok 21:02:30.0717 2608 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 21:02:30.0764 2608 QWAVE - ok 21:02:30.0795 2608 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:02:30.0827 2608 QWAVEdrv - ok 21:02:30.0858 2608 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:02:30.0920 2608 RasAcd - ok 21:02:30.0952 2608 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:02:30.0983 2608 RasAgileVpn - ok 21:02:30.0999 2608 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 21:02:31.0061 2608 RasAuto - ok 21:02:31.0139 2608 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:02:31.0186 2608 Rasl2tp - ok 21:02:31.0233 2608 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 21:02:31.0295 2608 RasMan - ok 21:02:31.0311 2608 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:02:31.0374 2608 RasPppoe - ok 21:02:31.0405 2608 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:02:31.0467 2608 RasSstp - ok 21:02:31.0530 2608 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:02:31.0592 2608 rdbss - ok 21:02:31.0624 2608 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:02:31.0639 2608 rdpbus - ok 21:02:31.0670 2608 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:02:31.0733 2608 RDPCDD - ok 21:02:31.0749 2608 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:02:31.0811 2608 RDPENCDD - ok 21:02:31.0842 2608 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:02:31.0874 2608 RDPREFMP - ok 21:02:31.0920 2608 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:02:31.0967 2608 RDPWD - ok 21:02:32.0030 2608 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:02:32.0045 2608 rdyboost - ok 21:02:32.0077 2608 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:02:32.0124 2608 RemoteAccess - ok 21:02:32.0170 2608 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:02:32.0233 2608 RemoteRegistry - ok 21:02:32.0311 2608 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 21:02:32.0342 2608 RFCOMM - ok 21:02:32.0358 2608 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:02:32.0420 2608 RpcEptMapper - ok 21:02:32.0436 2608 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 21:02:32.0467 2608 RpcLocator - ok 21:02:32.0530 2608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 21:02:32.0561 2608 RpcSs - ok 21:02:32.0608 2608 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:02:32.0655 2608 rspndr - ok 21:02:32.0733 2608 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 21:02:32.0749 2608 RTL8167 - ok 21:02:32.0764 2608 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 21:02:32.0780 2608 SamSs - ok 21:02:32.0827 2608 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:02:32.0842 2608 sbp2port - ok 21:02:32.0874 2608 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:02:32.0936 2608 SCardSvr - ok 21:02:32.0967 2608 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:02:33.0014 2608 scfilter - ok 21:02:33.0077 2608 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 21:02:33.0155 2608 Schedule - ok 21:02:33.0186 2608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:02:33.0217 2608 SCPolicySvc - ok 21:02:33.0264 2608 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:02:33.0327 2608 SDRSVC - ok 21:02:33.0358 2608 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:02:33.0405 2608 secdrv - ok 21:02:33.0436 2608 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 21:02:33.0483 2608 seclogon - ok 21:02:33.0608 2608 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe 21:02:33.0639 2608 Secunia PSI Agent - ok 21:02:33.0655 2608 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe 21:02:33.0670 2608 Secunia Update Agent - ok 21:02:33.0702 2608 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 21:02:33.0764 2608 SENS - ok 21:02:33.0795 2608 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:02:33.0827 2608 SensrSvc - ok 21:02:33.0842 2608 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 21:02:33.0858 2608 Serenum - ok 21:02:33.0889 2608 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 21:02:33.0920 2608 Serial - ok 21:02:33.0967 2608 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 21:02:33.0983 2608 sermouse - ok 21:02:34.0045 2608 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 21:02:34.0092 2608 SessionEnv - ok 21:02:34.0124 2608 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:02:34.0186 2608 sffdisk - ok 21:02:34.0202 2608 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:02:34.0233 2608 sffp_mmc - ok 21:02:34.0264 2608 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:02:34.0295 2608 sffp_sd - ok 21:02:34.0327 2608 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 21:02:34.0342 2608 sfloppy - ok 21:02:34.0389 2608 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:02:34.0452 2608 SharedAccess - ok 21:02:34.0530 2608 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:02:34.0592 2608 ShellHWDetection - ok 21:02:34.0608 2608 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:02:34.0624 2608 SiSRaid2 - ok 21:02:34.0639 2608 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 21:02:34.0655 2608 SiSRaid4 - ok 21:02:34.0733 2608 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 21:02:34.0749 2608 SkypeUpdate - ok 21:02:34.0764 2608 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:02:34.0811 2608 Smb - ok 21:02:34.0905 2608 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:02:34.0936 2608 SNMPTRAP - ok 21:02:35.0233 2608 [ 37D91C6385BB1104D67925FC43800ED0 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys 21:02:35.0577 2608 SNPSTD3 - ok 21:02:35.0608 2608 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 21:02:35.0624 2608 spldr - ok 21:02:35.0686 2608 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 21:02:35.0733 2608 Spooler - ok 21:02:35.0858 2608 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 21:02:35.0983 2608 sppsvc - ok 21:02:36.0045 2608 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:02:36.0092 2608 sppuinotify - ok 21:02:36.0155 2608 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 21:02:36.0202 2608 srv - ok 21:02:36.0233 2608 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:02:36.0280 2608 srv2 - ok 21:02:36.0311 2608 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:02:36.0342 2608 srvnet - ok 21:02:36.0374 2608 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:02:36.0436 2608 SSDPSRV - ok 21:02:36.0483 2608 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:02:36.0514 2608 SstpSvc - ok 21:02:36.0545 2608 Steam Client Service - ok 21:02:36.0639 2608 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 21:02:36.0655 2608 Stereo Service - ok 21:02:36.0702 2608 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 21:02:36.0717 2608 stexstor - ok 21:02:36.0764 2608 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 21:02:36.0795 2608 stisvc - ok 21:02:36.0842 2608 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 21:02:36.0858 2608 swenum - ok 21:02:36.0874 2608 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 21:02:36.0936 2608 swprv - ok 21:02:37.0014 2608 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 21:02:37.0092 2608 SysMain - ok 21:02:37.0124 2608 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:02:37.0170 2608 TabletInputService - ok 21:02:37.0202 2608 [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 21:02:37.0249 2608 tap0901 - ok 21:02:37.0295 2608 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:02:37.0358 2608 TapiSrv - ok 21:02:37.0405 2608 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 21:02:37.0452 2608 TBS - ok 21:02:37.0561 2608 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:02:37.0608 2608 Tcpip - ok 21:02:37.0655 2608 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:02:37.0686 2608 TCPIP6 - ok 21:02:37.0733 2608 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:02:37.0764 2608 tcpipreg - ok 21:02:37.0795 2608 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:02:37.0842 2608 TDPIPE - ok 21:02:37.0874 2608 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:02:37.0905 2608 TDTCP - ok 21:02:37.0967 2608 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:02:38.0030 2608 tdx - ok 21:02:38.0061 2608 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 21:02:38.0077 2608 TermDD - ok 21:02:38.0139 2608 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 21:02:38.0202 2608 TermService - ok 21:02:38.0233 2608 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 21:02:38.0280 2608 Themes - ok 21:02:38.0311 2608 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 21:02:38.0342 2608 THREADORDER - ok 21:02:38.0358 2608 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 21:02:38.0420 2608 TrkWks - ok 21:02:38.0499 2608 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:02:38.0545 2608 TrustedInstaller - ok 21:02:38.0577 2608 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:02:38.0624 2608 tssecsrv - ok 21:02:38.0670 2608 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:02:38.0733 2608 TsUsbFlt - ok 21:02:38.0780 2608 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:02:38.0842 2608 tunnel - ok 21:02:38.0874 2608 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 21:02:38.0889 2608 uagp35 - ok 21:02:38.0936 2608 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:02:38.0983 2608 udfs - ok 21:02:39.0014 2608 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:02:39.0045 2608 UI0Detect - ok 21:02:39.0077 2608 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:02:39.0077 2608 uliagpkx - ok 21:02:39.0124 2608 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 21:02:39.0155 2608 umbus - ok 21:02:39.0186 2608 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 21:02:39.0186 2608 UmPass - ok 21:02:39.0233 2608 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 21:02:39.0295 2608 upnphost - ok 21:02:39.0342 2608 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 21:02:39.0358 2608 usbaudio - ok 21:02:39.0405 2608 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:02:39.0467 2608 usbccgp - ok 21:02:39.0530 2608 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:02:39.0545 2608 usbcir - ok 21:02:39.0592 2608 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:02:39.0592 2608 usbehci - ok 21:02:39.0639 2608 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:02:39.0670 2608 usbhub - ok 21:02:39.0702 2608 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 21:02:39.0733 2608 usbohci - ok 21:02:39.0764 2608 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:02:39.0795 2608 usbprint - ok 21:02:39.0827 2608 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:02:39.0874 2608 USBSTOR - ok 21:02:39.0936 2608 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:02:40.0014 2608 usbuhci - ok 21:02:40.0077 2608 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 21:02:40.0139 2608 UxSms - ok 21:02:40.0249 2608 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 21:02:40.0264 2608 VaultSvc - ok 21:02:40.0295 2608 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:02:40.0311 2608 vdrvroot - ok 21:02:40.0358 2608 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 21:02:40.0405 2608 vds - ok 21:02:40.0420 2608 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:02:40.0452 2608 vga - ok 21:02:40.0483 2608 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 21:02:40.0545 2608 VgaSave - ok 21:02:40.0577 2608 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:02:40.0592 2608 vhdmp - ok 21:02:40.0639 2608 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 21:02:40.0655 2608 viaide - ok 21:02:40.0670 2608 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:02:40.0686 2608 volmgr - ok 21:02:40.0749 2608 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:02:40.0780 2608 volmgrx - ok 21:02:40.0795 2608 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:02:40.0811 2608 volsnap - ok 21:02:40.0905 2608 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 21:02:40.0920 2608 vpnagent - ok 21:02:40.0983 2608 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys 21:02:40.0983 2608 vpnva - ok 21:02:41.0014 2608 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 21:02:41.0030 2608 vsmraid - ok 21:02:41.0108 2608 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 21:02:41.0186 2608 VSS - ok 21:02:41.0217 2608 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 21:02:41.0249 2608 vwifibus - ok 21:02:41.0295 2608 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:02:41.0311 2608 vwififlt - ok 21:02:41.0342 2608 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 21:02:41.0358 2608 vwifimp - ok 21:02:41.0389 2608 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 21:02:41.0436 2608 W32Time - ok 21:02:41.0452 2608 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 21:02:41.0483 2608 WacomPen - ok 21:02:41.0514 2608 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:02:41.0577 2608 WANARP - ok 21:02:41.0608 2608 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:02:41.0639 2608 Wanarpv6 - ok 21:02:41.0655 2608 wanatw - ok 21:02:41.0749 2608 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 21:02:41.0795 2608 wbengine - ok 21:02:41.0827 2608 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:02:41.0842 2608 WbioSrvc - ok 21:02:41.0889 2608 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:02:41.0920 2608 wcncsvc - ok 21:02:41.0936 2608 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:02:41.0952 2608 WcsPlugInService - ok 21:02:41.0967 2608 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 21:02:41.0967 2608 Wd - ok 21:02:42.0030 2608 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:02:42.0061 2608 Wdf01000 - ok 21:02:42.0077 2608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:02:42.0170 2608 WdiServiceHost - ok 21:02:42.0186 2608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:02:42.0202 2608 WdiSystemHost - ok 21:02:42.0264 2608 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 21:02:42.0295 2608 WebClient - ok 21:02:42.0327 2608 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:02:42.0389 2608 Wecsvc - ok 21:02:42.0405 2608 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:02:42.0467 2608 wercplsupport - ok 21:02:42.0514 2608 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:02:42.0561 2608 WerSvc - ok 21:02:42.0577 2608 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:02:42.0624 2608 WfpLwf - ok 21:02:42.0639 2608 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:02:42.0639 2608 WIMMount - ok 21:02:42.0655 2608 WinDefend - ok 21:02:42.0670 2608 WinHttpAutoProxySvc - ok 21:02:42.0717 2608 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:02:42.0780 2608 Winmgmt - ok 21:02:42.0874 2608 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 21:02:42.0936 2608 WinRM - ok 21:02:42.0999 2608 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:02:43.0045 2608 WinUsb - ok 21:02:43.0108 2608 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:02:43.0155 2608 Wlansvc - ok 21:02:43.0295 2608 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:02:43.0358 2608 wlidsvc - ok 21:02:43.0420 2608 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:02:43.0452 2608 WmiAcpi - ok 21:02:43.0483 2608 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:02:43.0530 2608 wmiApSrv - ok 21:02:43.0545 2608 WMPNetworkSvc - ok 21:02:43.0592 2608 [ B5A32905B0C2E676AB5432AE1028E847 ] WN111v2 C:\Windows\system32\DRIVERS\WN111v2x.sys 21:02:43.0686 2608 WN111v2 ( UnsignedFile.Multi.Generic ) - warning 21:02:43.0686 2608 WN111v2 - detected UnsignedFile.Multi.Generic (1) 21:02:43.0764 2608 [ B972C12DE88299E78F6656A31046DD99 ] WNDA3100 C:\Windows\system32\DRIVERS\WNDA31w7x.sys 21:02:43.0827 2608 WNDA3100 - ok 21:02:43.0858 2608 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:02:43.0874 2608 WPCSvc - ok 21:02:43.0920 2608 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:02:43.0936 2608 WPDBusEnum - ok 21:02:43.0967 2608 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:02:44.0030 2608 ws2ifsl - ok 21:02:44.0045 2608 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 21:02:44.0092 2608 wscsvc - ok 21:02:44.0092 2608 WSearch - ok 21:02:44.0202 2608 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:02:44.0264 2608 wuauserv - ok 21:02:44.0327 2608 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:02:44.0374 2608 WudfPf - ok 21:02:44.0389 2608 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:02:44.0405 2608 WUDFRd - ok 21:02:44.0452 2608 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:02:44.0483 2608 wudfsvc - ok 21:02:44.0530 2608 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 21:02:44.0592 2608 WwanSvc - ok 21:02:44.0686 2608 ================ Scan global =============================== 21:02:44.0733 2608 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:02:44.0780 2608 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 21:02:44.0795 2608 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 21:02:44.0827 2608 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:02:44.0858 2608 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:02:44.0874 2608 [Global] - ok 21:02:44.0874 2608 ================ Scan MBR ================================== 21:02:44.0874 2608 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 21:02:45.0139 2608 \Device\Harddisk1\DR1 - ok 21:02:45.0170 2608 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:02:46.0311 2608 \Device\Harddisk0\DR0 - ok 21:02:46.0311 2608 ================ Scan VBR ================================== 21:02:46.0327 2608 [ DD1BF1320ED4B47B365FB2BF0EDB415F ] \Device\Harddisk1\DR1\Partition1 21:02:46.0327 2608 \Device\Harddisk1\DR1\Partition1 - ok 21:02:46.0327 2608 [ 057F9DF218CCC1F695E514C78962A820 ] \Device\Harddisk0\DR0\Partition1 21:02:46.0327 2608 \Device\Harddisk0\DR0\Partition1 - ok 21:02:46.0327 2608 ============================================================ 21:02:46.0327 2608 Scan finished 21:02:46.0327 2608 ============================================================ 21:02:46.0342 0280 Detected object count: 2 21:02:46.0342 0280 Actual detected object count: 2 21:02:58.0561 0280 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user 21:02:58.0561 0280 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:02:58.0561 0280 WN111v2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:02:58.0561 0280 WN111v2 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
20.11.2012, 21:16 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) Überbleibsel sind Überbleibsel Mit False Positive wird gemeint, dass eine völlig harmlos/legitime Datei vom Virenscanner "erkannt" wird als Schädling. Wenn aber Schädling die noch in einer Q stecken erkannt werden ist das folgerichtig und nicht falsch Mach bitte einen CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig netsvcs safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*. %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles %SYSTEMROOT%\System32\config\*.sav %SYSTEMROOT%\*. /mp /s %SYSTEMROOT%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
20.11.2012, 22:14 | #5 | |
| Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)Zitat:
Hier der OTL-Bericht (hab vergessen Antivir zu beenden, aber es stand nichts davon in deinem Post; falls es Probleme gab,einfach sagen): Code:
ATTFilter OTL logfile created on: 20.11.2012 21:36:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,03% Memory free 4,00 Gb Paging File | 2,74 Gb Available in Paging File | 68,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 29,23 Gb Free Space | 19,61% Space Free | Partition Type: NTFS Drive D: | 74,50 Gb Total Space | 71,53 Gb Free Space | 96,00% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.20 21:34:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe PRC - [2012.10.17 18:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.02.27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2012.01.21 13:25:34 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011.10.14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2009.09.21 16:56:32 | 001,736,704 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Services (SafeList) ========== SRV - [2012.10.27 16:20:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.17 18:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.09 16:14:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.17 16:02:30 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.02.29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.17 18:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.08.03 20:38:55 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.10 12:07:45 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.05.15 13:00:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.05.15 13:00:42 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2009.10.21 12:01:34 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WNDA31w7x.sys -- (WNDA3100) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.01.13 09:30:00 | 000,560,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111v2x.sys -- (WN111v2) DRV:64bit: - [2008.10.01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2008.03.13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2007.03.27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) DRV:64bit: - [2006.11.28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64) DRV:64bit: - [2006.11.28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 5D CE 40 DC C5 CD 01 [binary data] IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 204.93.211.219:80 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..network.proxy.http: "81.27.79.181" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 16:20:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 16:20:18 | 000,000,000 | ---D | M] [2011.05.15 10:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions [2012.10.23 20:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\e8jea1mp.default\extensions [2012.09.25 00:10:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\e8jea1mp.default\extensions\ich@maltegoetz.de [2012.03.29 21:35:13 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012.07.26 00:01:50 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.12.22 20:51:14 | 000,001,182 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\acronym-finder.xml [2011.08.12 12:45:14 | 000,002,571 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\amazon-search-suggestions.xml [2011.07.30 00:11:19 | 000,002,251 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\dc-database-en.xml [2011.05.31 21:25:04 | 000,002,321 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\dictcc.xml [2011.12.04 21:09:35 | 000,002,279 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\elder-scrolls-en.xml [2011.08.14 17:36:23 | 000,001,660 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\leo-deu-eng.xml [2011.07.30 00:11:09 | 000,002,262 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\marvel-database-en.xml [2011.07.15 02:28:43 | 000,002,322 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\openthesaurus.xml [2011.11.18 16:37:29 | 000,001,597 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\the-pirate-bay.xml [2011.11.06 12:39:53 | 000,001,218 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\uespwiki-en.xml [2011.05.31 21:24:58 | 000,002,006 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\urban-dictionary.xml [2011.05.16 18:51:19 | 000,001,330 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\wikipedia-en.xml [2012.03.18 22:11:17 | 000,001,997 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\wolframalpha.xml [2011.12.10 02:02:33 | 000,002,057 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\youtube-videosuche.xml [2012.10.27 16:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.27 16:20:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.27 16:20:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.21 12:50:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 20:04:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.21 12:50:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 12:50:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 12:50:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 12:50:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.08.11 23:34:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [Duyci] C:\Users\Max\AppData\Roaming\Wiyvvo\iqzy.exe (Compagnia ? quale Compagnia?) O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [Feipsa] C:\Users\Max\AppData\Roaming\Osuhy\neve.exe (Compagnia ? quale Compagnia?) O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [Fyagweo] C:\Users\Max\AppData\Roaming\Owysne\voag.exe (Compagnia ? quale Compagnia?) O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0 File not found O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found F3:64bit: - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000 WinNT: Load - (C:\Users\Max\LOCALS~1\Temp\mszxfa.cmd) - C:\Users\Max\LOCALS~1\Temp\mszxfa.cmd (Compagnia ? quale Compagnia?) F3 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000 WinNT: Load - (C:\Users\Max\LOCALS~1\Temp\mszxfa.cmd) - C:\Users\Max\LOCALS~1\Temp\mszxfa.cmd (Compagnia ? quale Compagnia?) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O15 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1E5EB5F-F821-46DC-A7F2-FFC51F45EA77}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: nMdQvhGrqSMKfoq.exe - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.20 21:34:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2012.11.20 20:16:35 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe [2012.11.20 20:14:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe [2012.11.20 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Uni [2012.11.19 23:13:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Xoux [2012.11.19 23:13:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Owysne [2012.11.19 23:13:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Lioby [2012.11.19 20:12:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Osuhy [2012.11.19 20:12:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Fygee [2012.11.19 20:12:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Ciowd [2012.11.19 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{319151FB-D44F-4963-BBFE-F447B76F7028} [2012.11.18 23:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Ricoh [2012.11.18 19:38:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Wiyvvo [2012.11.18 19:38:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Ibxyyr [2012.11.18 19:38:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Asnya [2012.11.18 15:49:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CF9C6E5A-6805-4E30-80C2-FBA789A66888} [2012.11.18 03:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.11.18 02:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\Local Settings [2012.11.17 16:30:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E30551CE-C126-4FE2-8EF4-B78B8E67D9C1} [2012.11.17 02:38:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{39CC731D-E6F2-4043-A189-126C183D05F7} [2012.11.16 14:38:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{393E2046-49FA-4435-B953-545C5CD9BC6E} [2012.11.15 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{AAAB3978-2FB7-4010-B8FF-F96DF703CB67} [2012.11.14 21:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2012.11.14 18:33:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HorizonWimba [2012.11.14 14:33:31 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{132CF4EB-668D-4CEC-AF72-9280A301C40B} [2012.11.13 16:04:11 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CD7D94D8-7EDA-4102-B301-8A4CA81A7869} [2012.11.13 02:38:53 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{ADF65CF9-C573-4918-B21C-C986B9FF50BE} [2012.11.12 14:38:40 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5B05614E-C789-46F8-AB79-4E512626C558} [2012.11.11 13:28:06 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{67E568EB-F635-4EA2-99BB-179A1D74E326} [2012.11.10 14:41:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{170F3778-958A-4CE9-A661-7EBF167B838D} [2012.11.09 16:18:06 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{19AFFE43-CCCB-4BF9-84D6-72D69242F8D4} [2012.11.09 04:17:41 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3CE167C9-8B04-4CD0-BC22-F8FBBC69CB0A} [2012.11.08 16:17:29 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{6AF193CC-2276-4233-9EB5-0556FC14DC41} [2012.11.07 16:21:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{FC0AC3C4-50F1-4675-9D98-05F305973D86} [2012.11.06 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5725FC92-6474-40FB-98FB-59695D715A82} [2012.11.05 17:02:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{BC8DD572-3ED7-474A-8491-F059BB0B3AB0} [2012.11.04 16:44:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{82F022E1-189B-4C17-8339-0E73EDF023A3} [2012.11.04 03:08:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3156638E-AB14-4D47-A472-73543CDB1035} [2012.11.03 15:08:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{6FEADE73-6CC7-48E4-B563-C8C04B3A12C2} [2012.11.02 18:22:54 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9007DA8B-C8F5-4C8E-A654-7E025E5D5CD9} [2012.11.01 20:20:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D80794D0-D0BF-46D6-B0EF-26B301045328} [2012.10.31 16:31:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CB602A12-4D47-4D31-9C9C-27901E9C9F6C} [2012.10.30 15:12:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DE07DC95-4A65-4733-A630-84E9BB061675} [2012.10.29 17:20:38 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F4F82240-FDB0-4058-B07B-2DB65F7DFEAB} [2012.10.28 14:57:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D46D8015-BBCA-46D7-BC43-0D7E47229EF1} [2012.10.28 01:10:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{149BE589-BD71-47ED-AF1C-16EDAD357724} [2012.10.27 16:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{7F26638A-FCCE-4958-942A-958B1E22CD82} [2012.10.26 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B9A3AF11-591B-49CE-B89A-DBB18A79BEFA} [2012.10.25 15:45:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{A8DF5CD7-B4EB-4871-B098-C2003D13E6EC} [2012.10.24 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DEFA80BC-9DE2-4287-B264-8CBD8F27A968} [2012.10.23 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5391A965-1368-44D7-BA15-57D455D6B735} [2012.10.22 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9B7FCCA5-0E30-4A8F-8AF1-637538EA5E40} ========== Files - Modified Within 30 Days ========== [2012.11.20 21:34:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2012.11.20 21:14:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.20 20:59:35 | 000,000,512 | ---- | M] () -- C:\Users\Max\Desktop\MBR.dat [2012.11.20 20:16:35 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe [2012.11.20 20:15:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe [2012.11.20 19:53:29 | 000,001,392 | ---- | M] () -- C:\Windows\SysNative\ricdb.ini [2012.11.20 19:41:33 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 19:41:33 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 19:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.20 19:33:43 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys [2012.11.18 23:37:17 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.18 23:37:17 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.18 23:37:17 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.18 23:37:17 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.18 23:37:17 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.18 15:22:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.17 14:36:47 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.12 19:44:33 | 002,257,761 | ---- | M] () -- C:\Users\Max\Documents\max2.jpg [2012.11.12 19:40:56 | 002,143,760 | ---- | M] () -- C:\Users\Max\Documents\20121112_174352.jpg [2012.11.12 19:40:53 | 002,300,647 | ---- | M] () -- C:\Users\Max\Documents\crawlinginmyskiiin.jpg [2012.11.12 19:40:47 | 002,245,507 | ---- | M] () -- C:\Users\Max\Documents\20121112_175006.jpg [2012.11.12 19:40:44 | 002,319,717 | ---- | M] () -- C:\Users\Max\Documents\20121112_175908.jpg [2012.11.12 19:40:42 | 002,313,252 | ---- | M] () -- C:\Users\Max\Documents\max1.jpg [2012.11.12 19:40:38 | 002,324,608 | ---- | M] () -- C:\Users\Max\Documents\20121112_180255.jpg [2012.11.12 19:40:37 | 002,311,649 | ---- | M] () -- C:\Users\Max\Documents\20121112_180339.jpg [2012.11.12 19:40:35 | 002,328,168 | ---- | M] () -- C:\Users\Max\Documents\20121112_180349.jpg [2012.11.12 19:40:33 | 002,290,808 | ---- | M] () -- C:\Users\Max\Documents\20121112_180357.jpg [2012.11.12 19:40:31 | 002,263,260 | ---- | M] () -- C:\Users\Max\Documents\20121112_180429.jpg [2012.11.12 19:40:28 | 002,190,795 | ---- | M] () -- C:\Users\Max\Documents\20121112_180451.jpg [2012.11.12 19:40:25 | 002,272,992 | ---- | M] () -- C:\Users\Max\Documents\20121112_180520.jpg [2012.11.07 17:59:09 | 000,001,366 | ---- | M] () -- C:\Users\Max\Desktop\hulk.rtf [2012.10.22 23:08:27 | 003,764,050 | ---- | M] () -- C:\Users\Max\Documents\20121022_151547.jpg [2012.10.22 23:07:32 | 003,375,268 | ---- | M] () -- C:\Users\Max\Documents\20121022_151537.jpg [2012.10.22 23:06:42 | 003,307,656 | ---- | M] () -- C:\Users\Max\Documents\20121022_151523.jpg [2012.10.22 23:05:50 | 002,728,989 | ---- | M] () -- C:\Users\Max\Documents\20121022_151618.jpg [2012.10.22 23:05:08 | 003,267,684 | ---- | M] () -- C:\Users\Max\Documents\20121022_151634.jpg [2012.10.22 23:04:09 | 003,799,515 | ---- | M] () -- C:\Users\Max\Documents\20121022_151702.jpg ========== Files Created - No Company Name ========== [2012.11.20 20:59:35 | 000,000,512 | ---- | C] () -- C:\Users\Max\Desktop\MBR.dat [2012.11.18 23:46:16 | 000,001,392 | ---- | C] () -- C:\Windows\SysNative\ricdb.ini [2012.11.17 03:11:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 03:01:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.12 19:26:28 | 002,143,760 | ---- | C] () -- C:\Users\Max\Documents\20121112_174352.jpg [2012.11.12 19:25:51 | 002,300,647 | ---- | C] () -- C:\Users\Max\Documents\crawlinginmyskiiin.jpg [2012.11.12 19:25:15 | 002,245,507 | ---- | C] () -- C:\Users\Max\Documents\20121112_175006.jpg [2012.11.12 19:24:38 | 002,319,717 | ---- | C] () -- C:\Users\Max\Documents\20121112_175908.jpg [2012.11.12 19:24:01 | 002,313,252 | ---- | C] () -- C:\Users\Max\Documents\max1.jpg [2012.11.12 19:23:26 | 002,257,761 | ---- | C] () -- C:\Users\Max\Documents\max2.jpg [2012.11.12 19:22:46 | 002,324,608 | ---- | C] () -- C:\Users\Max\Documents\20121112_180255.jpg [2012.11.12 19:22:07 | 002,311,649 | ---- | C] () -- C:\Users\Max\Documents\20121112_180339.jpg [2012.11.12 19:21:28 | 002,328,168 | ---- | C] () -- C:\Users\Max\Documents\20121112_180349.jpg [2012.11.12 19:20:49 | 002,290,808 | ---- | C] () -- C:\Users\Max\Documents\20121112_180357.jpg [2012.11.12 19:20:07 | 002,263,260 | ---- | C] () -- C:\Users\Max\Documents\20121112_180429.jpg [2012.11.12 19:19:25 | 002,190,795 | ---- | C] () -- C:\Users\Max\Documents\20121112_180451.jpg [2012.11.12 19:18:44 | 002,272,992 | ---- | C] () -- C:\Users\Max\Documents\20121112_180520.jpg [2012.11.07 17:59:09 | 000,001,366 | ---- | C] () -- C:\Users\Max\Desktop\hulk.rtf [2012.10.22 23:07:33 | 003,764,050 | ---- | C] () -- C:\Users\Max\Documents\20121022_151547.jpg [2012.10.22 23:06:44 | 003,375,268 | ---- | C] () -- C:\Users\Max\Documents\20121022_151537.jpg [2012.10.22 23:05:52 | 003,307,656 | ---- | C] () -- C:\Users\Max\Documents\20121022_151523.jpg [2012.10.22 23:05:10 | 002,728,989 | ---- | C] () -- C:\Users\Max\Documents\20121022_151618.jpg [2012.10.22 23:04:11 | 003,267,684 | ---- | C] () -- C:\Users\Max\Documents\20121022_151634.jpg [2012.10.22 23:03:06 | 003,799,515 | ---- | C] () -- C:\Users\Max\Documents\20121022_151702.jpg [2011.11.10 19:45:57 | 001,420,616 | ---- | C] () -- C:\Users\Max\2011-11-10 19.25.22.jpg [2011.11.10 19:45:38 | 001,638,144 | ---- | C] () -- C:\Users\Max\2011-11-10 19.26.16.jpg [2011.11.10 19:45:22 | 001,443,464 | ---- | C] () -- C:\Users\Max\2011-11-10 19.26.30.jpg [2011.11.10 19:45:03 | 001,601,281 | ---- | C] () -- C:\Users\Max\2011-11-10 19.35.52.jpg [2011.11.10 19:44:42 | 001,647,716 | ---- | C] () -- C:\Users\Max\2011-11-10 19.37.26.jpg [2011.11.10 19:44:25 | 001,505,606 | ---- | C] () -- C:\Users\Max\2011-11-10 19.40.03.jpg [2011.11.10 19:44:09 | 001,392,730 | ---- | C] () -- C:\Users\Max\2011-11-10 19.37.00.jpg [2011.11.10 19:43:52 | 001,430,322 | ---- | C] () -- C:\Users\Max\2011-11-10 19.38.21.jpg [2011.11.10 19:43:32 | 001,545,600 | ---- | C] () -- C:\Users\Max\2011-11-10 19.39.40.jpg [2011.11.10 19:43:15 | 001,503,448 | ---- | C] () -- C:\Users\Max\2011-11-10 19.40.32.jpg [2011.10.23 20:24:27 | 001,390,133 | ---- | C] () -- C:\Users\Max\2011-10-23 19.54.31.jpg [2011.07.01 20:56:42 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.05.15 19:02:15 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2011.05.15 18:25:41 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.15 09:39:17 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== LOP Check ========== [2012.02.15 16:00:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\.minecraft [2012.11.18 19:38:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Asnya [2012.11.19 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ciowd [2011.11.10 12:09:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite [2012.09.23 00:55:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DVDVideoSoft [2012.11.19 20:12:59 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Fygee [2012.11.18 19:38:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ibxyyr [2011.11.12 19:09:41 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ivacy [2012.11.19 23:14:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Lioby [2011.11.13 00:47:34 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ManyCam [2011.09.11 02:43:24 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\MOVAVI [2012.11.19 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Osuhy [2012.11.19 23:13:37 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Owysne [2012.08.10 04:11:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\uTorrent [2012.11.18 19:38:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Wiyvvo [2012.11.19 23:13:37 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Xoux ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.08.12 02:16:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.09.08 21:05:00 | 000,000,000 | ---D | M] -- C:\ac51d54726d99835f64d333096 [2012.01.24 11:11:06 | 000,000,000 | ---D | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.05.14 23:28:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.01.26 03:01:02 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2012.01.24 12:13:32 | 000,000,000 | ---D | M] -- C:\old [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.09.10 16:13:19 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.19 18:35:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.11.18 23:48:43 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.05.14 23:28:37 | 000,000,000 | -HSD | M] -- C:\Programme [2011.05.14 23:28:38 | 000,000,000 | ---D | M] -- C:\Recovery [2012.11.20 21:38:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.08.11 20:24:32 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine [2012.11.18 03:05:23 | 000,000,000 | ---D | M] -- C:\Temp [2012.11.18 03:07:24 | 000,000,000 | R--D | M] -- C:\Users [2012.11.18 15:18:00 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.15 16:00:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\.minecraft [2011.09.08 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Adobe [2012.11.18 19:38:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Asnya [2012.08.02 22:38:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Avira [2012.11.19 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ciowd [2011.11.10 12:09:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite [2012.01.02 02:30:54 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\dvdcss [2012.09.23 00:55:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DVDVideoSoft [2012.11.19 20:12:59 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Fygee [2012.11.18 19:38:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ibxyyr [2011.05.14 23:28:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Identities [2011.11.12 19:09:41 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ivacy [2012.11.19 23:14:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Lioby [2011.09.08 21:03:06 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Macromedia [2012.01.26 15:54:10 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Malwarebytes [2011.11.13 00:47:34 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ManyCam [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Media Center Programs [2012.09.23 00:54:18 | 000,000,000 | --SD | M] -- C:\Users\Max\AppData\Roaming\Microsoft [2011.09.11 02:43:24 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\MOVAVI [2011.09.08 21:03:22 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Mozilla [2011.09.11 02:43:26 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\NVIDIA [2012.11.19 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Osuhy [2012.11.19 23:13:37 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Owysne [2012.10.02 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Skype [2012.08.13 21:10:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\SUPERAntiSpyware.com [2012.08.10 04:11:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\uTorrent [2011.09.08 21:05:59 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\vlc [2011.05.26 23:34:12 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\WinRAR [2012.11.18 19:38:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Wiyvvo [2012.11.19 23:13:37 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Xoux < %APPDATA%\*.exe /s > [2011.08.12 16:34:17 | 000,332,800 | ---- | M] (Compagnia ? quale Compagnia?) -- C:\Users\Max\AppData\Roaming\Osuhy\neve.exe [2011.07.05 21:50:37 | 000,332,800 | ---- | M] (Compagnia ? quale Compagnia?) -- C:\Users\Max\AppData\Roaming\Owysne\voag.exe [2011.11.05 20:11:16 | 000,332,800 | ---- | M] (Compagnia ? quale Compagnia?) -- C:\Users\Max\AppData\Roaming\Wiyvvo\iqzy.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > < End of report > Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 20.11.2012 21:36:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,03% Memory free 4,00 Gb Paging File | 2,74 Gb Available in Paging File | 68,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 29,23 Gb Free Space | 19,61% Space Free | Partition Type: NTFS Drive D: | 74,50 Gb Total Space | 71,53 Gb Free Space | 96,00% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0177D670-E4D9-4A7A-B870-EAC553575309}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{05DC2BF6-3723-40D4-9C4D-5DBD110F9B9D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{0CE4F14A-BC99-4580-BACC-82318E301000}" = rport=137 | protocol=17 | dir=out | app=system | "{181034E0-4BE3-49BE-AA2F-3163D6B8A651}" = rport=138 | protocol=17 | dir=out | app=system | "{1B095E7D-C682-4AFD-9067-E77F958CDC44}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1C976136-78BF-4ECE-8259-8E1B7160AB8A}" = lport=139 | protocol=6 | dir=in | app=system | "{2D058946-38EF-4515-A028-8911F93E2F62}" = lport=2869 | protocol=6 | dir=in | app=system | "{43467CDE-8F8F-480B-8EC6-22BAFEA4985B}" = lport=137 | protocol=17 | dir=in | app=system | "{5349EA37-9515-4348-9050-1C4C5337C911}" = rport=445 | protocol=6 | dir=out | app=system | "{5F8745CF-D48D-4F35-971C-589B6907E0A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6491C8E1-B504-4735-B470-E80DFA928DA8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6E94BF30-7840-4AF3-8DEC-7FBC00C19C4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{74B58830-9741-4B60-B40D-F0B3BF22FBF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8629DAD6-3E8C-4DB2-8C50-41C7730F4EEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A3173C1D-BA58-497D-940D-2BCAC49ABCCC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{A4F42316-2B53-41F2-9597-4736A9BB8EF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A51B2A82-446B-4191-A5D4-C6C06E421371}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B4F7EBA3-3FF9-4E44-89BE-C651EE14D991}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B9D8AB71-69E9-4E18-A7BE-D1AB252A4BCC}" = lport=138 | protocol=17 | dir=in | app=system | "{C46867F0-BFDB-4987-B355-4BBB10501C02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E9A633DE-7ED5-413E-ADA0-030F75E8B2C7}" = rport=139 | protocol=6 | dir=out | app=system | "{EF09DFDA-D6A6-49BF-9F59-89BA8B91A160}" = lport=445 | protocol=6 | dir=in | app=system | "{F219B2FC-46BB-445D-9EAB-587AE787D7C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F34D3336-FC92-42AE-ADB6-7D09CC11120E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{073B7B8B-020E-4FD1-918B-D5725E40E05D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{07B7B033-AB77-4BE2-8525-EF0CB03198A2}" = protocol=6 | dir=in | app=c:\users\max\downloads\setup-msgplus-501.exe | "{0E910F8D-EACD-45D3-99CA-CB8DBBEC0E9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress classic\hl.exe | "{0EFD04A2-AB2D-4144-9E66-6CED9E24CEDE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1305480802\ee\aolsoftware.exe | "{187B97F5-8B57-43A9-BE97-A5F4C582FF25}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe | "{1DA0A801-8DE5-4977-868E-322B53367CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{2169D3B2-F6AB-4844-90D9-7CE8C1FC96B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{23130B23-D7F9-45B3-BB20-75BEAFD82109}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{24D31768-3DA7-47AB-B7AF-3D4E655E1882}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe | "{2A3B1587-1F97-4BD2-99B9-7811C28C8CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{2B1C0897-2201-4C96-998E-A80F8A7E1A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe | "{2C89A31E-FFD9-4B00-9871-D436462B4189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | "{2FC55DBD-4B33-476D-9017-87B1D1CBC000}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2FFB1E25-A2DC-4280-A702-A182706CA9D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{37B20030-47D9-460C-BA24-CCD0260D439E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | "{3E8025DD-4CEE-4544-8E08-5352101306D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{3F6A6C6A-A5F9-4896-953B-90837065C1DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4457FCCE-A4D9-4407-8D57-A06B0DADFDBD}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe | "{47BB0751-055F-40E7-A42A-F4A0EF06ECD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5CB4A015-3FA8-41CE-B808-AA72860DA7AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5F4E49D7-0FE9-434C-97B9-6A476451D3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe | "{601C4F1B-5FB4-48B0-B24D-DF36863484D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | "{6523FAEB-7A50-4BF9-9227-51612F175677}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{68AA2909-0A75-4531-BB0C-2CBFC3955336}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1305480802\ee\aolsoftware.exe | "{6AD00153-E7A8-467D-AF1C-66E2F9845F86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe | "{6BD401E7-ED98-4C9B-B588-ABB880E86446}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress classic\hl.exe | "{90AF58B7-2DBD-48CE-ABE7-5DBC9F8B48E4}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe | "{979F8844-E07D-4568-AAF3-9C8E1B735C32}" = protocol=17 | dir=in | app=c:\users\max\downloads\setup-msgplus-501.exe | "{9BD64D6E-E536-4446-8202-4CBA2A7A4CCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | "{9E590996-1D6C-40AC-81BD-EBF823C66C92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{A1280294-1BB8-4BBB-A918-BCE650E23E93}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B1DA823C-6298-43DD-BCF0-53061D8D12BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\day of defeat\hl.exe | "{B361C90F-963C-4472-8D71-7741CAE3D38C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{B3B4A880-4DFF-499E-9A25-F25DFBB6BFCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe | "{B4C3E8AF-04AF-4933-8015-819DDD59C0FD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{B7D978F5-71DC-43D4-BE45-9143E3A53F1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | "{BC207B56-91C4-479E-A94B-B43F440C3663}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | "{C26F3EF6-CAB1-4556-B224-65451CD0AFFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\day of defeat\hl.exe | "{C368BE99-E412-4ADC-8A3D-F43D41A03CD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | "{C4C4F6E2-615F-498F-B955-A2B025FC7836}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C6ECB584-1149-4CF1-AA5C-87160E545F1C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{C7F625FF-8556-4474-BCD5-FEE40F4E260C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{CA1C27B7-1962-4F2B-8EB3-DC55EC3CA898}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{CC9B3F42-576D-438F-B63D-159EE92E4FAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{CD9DE40F-95C0-4E5F-B49D-27557C9E1AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{DB4DFADD-9CE2-4301-BF8B-1DC5A62DBE47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | "{E0DA42C7-F41F-4C14-9617-E37A251A2CD7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{E511BE4A-A801-4B33-BE94-F00E83662127}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | "{EDCBD489-961A-4412-8C19-FEBD81ABB813}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | "{F256AE38-4CC6-45DE-BCE0-0F4C4B16D0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{FCEED16B-87FF-4CCB-A1CA-F1AFACC7828F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{FDDBD0A5-F48C-4BB9-90B4-8A6309AC3B64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{181E4DDE-C6B7-40F3-8E9E-6875F8A2CC5F}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | "TCP Query User{1848F742-8B70-4F05-8667-6A569046646C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{218E7C6A-A342-414C-9B43-175B600E8F4A}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | "TCP Query User{22B563AA-B372-40DC-8659-7FA95DB8ECF5}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | "TCP Query User{593462F0-1DFA-440C-B55A-C8319ABCBF23}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | "TCP Query User{7616EBA7-F3C1-48EB-A215-8220203F2A8B}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | "TCP Query User{7F4D0631-4843-4C15-8476-213F3EBBDD5C}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | "TCP Query User{8A3C2A82-0BA6-4451-9268-2D10FF798286}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | "TCP Query User{9A404F08-2CEE-445C-A378-678C2F763257}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{9F6F20A4-2E7B-4174-838B-BC79BF040C12}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | "TCP Query User{A4219D3D-EACA-4490-BE3C-2C5F47879F16}C:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe | "TCP Query User{D9C7370E-7FB3-4458-96ED-2C80576D40C5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{0862FF82-6D83-4B5D-8156-C953446DC14B}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | "UDP Query User{0B535A95-436C-412F-B9DA-04A0208C2420}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | "UDP Query User{2C990DF5-049A-4C94-B1F1-3AC365B512B1}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | "UDP Query User{4DCF87B2-5615-4B1C-95B9-8318B39155C8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{5AE2CDE6-372C-4F0E-BD0D-F9AF29E6AD7C}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | "UDP Query User{67869E89-9642-444D-ABF0-766E6A46F9A5}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | "UDP Query User{6D45A719-6E60-4FC8-9BDB-78F072D5B464}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | "UDP Query User{762B0221-788D-4BAF-B4C9-C2DA181BC296}C:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe | "UDP Query User{81F5D7C9-6A18-4562-A7BF-FD7D24220EAB}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | "UDP Query User{A0AF255C-EC18-4332-B847-1667055720FA}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | "UDP Query User{AFA3C7EE-6F00-4DCB-9CB5-421C39EB8751}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{F26FF8F3-40AF-47E0-A3A3-3387EE1ADCB4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "Speccy" = Speccy "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = WNDA3100 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2948988-2C6C-4070-BC8B-A1D77FE97D09}_is1" = Running with rifles Demo version 0.4 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CDisplay_is1" = CDisplay 1.8 "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DAEMON Tools Lite" = DAEMON Tools Lite "Deus Ex" = Deus Ex "InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100 "InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6 "IrfanView" = IrfanView (remove only) "JFK Reloaded" = JFK Reloaded 1.1 "KainUninstallKey" = Legacy of Kain "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "ManyCam" = ManyCam 2.6.55 (remove only) "Messenger Plus!" = Messenger Plus! 5 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Octodad" = Octodad "OpenAL" = OpenAL "Secunia PSI" = Secunia PSI (2.0.0.4003) "Steam App 10" = Counter-Strike "Steam App 130" = Half-Life: Blue Shift "Steam App 320" = Half-Life 2: Deathmatch "Steam App 50" = Half-Life: Opposing Force "Steam App 70" = Half-Life "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 28.09.2012 11:56:14 | Computer Name = Max-PC | Source = acvpndownloader | ID = 67108866 Description = Error - 28.09.2012 11:56:14 | Computer Name = Max-PC | Source = acvpndownloader | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 18.11.2012 14:54:29 | Computer Name = Max-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e58 Startzeit: 01cdc5a9061ccef1 Endzeit: 235 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: Error - 20.11.2012 09:50:24 | Computer Name = Max-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Max\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ Cisco AnyConnect Secure Mobility Client Events ] Error - 20.11.2012 16:02:16 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 9309 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 20.11.2012 16:02:16 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::genericNoticeCategoryHandler File: .\MainThread.cpp Line: 6588 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 20.11.2012 16:02:16 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 6201 Invoked Function: CMainThread::genericNoticeCategoryHandler Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 20.11.2012 16:02:16 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 6151 Invoked Function: CMainThread::processNotice Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 20.11.2012 16:02:16 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::OnEventSignaled File: .\MainThread.cpp Line: 5923 Invoked Function: CMainThread::noticeHandler Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 20.11.2012 16:02:21 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 9309 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 20.11.2012 16:02:21 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::genericNoticeCategoryHandler File: .\MainThread.cpp Line: 6588 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 20.11.2012 16:02:21 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 6201 Invoked Function: CMainThread::genericNoticeCategoryHandler Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 20.11.2012 16:02:21 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 6151 Invoked Function: CMainThread::processNotice Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 20.11.2012 16:02:21 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::OnEventSignaled File: .\MainThread.cpp Line: 5923 Invoked Function: CMainThread::noticeHandler Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE [ Media Center Events ] Error - 06.09.2011 15:38:40 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 06.09.2011 15:39:00 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 06.09.2011 15:39:13 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = [ System Events ] Error - 15.09.2012 16:55:48 | Computer Name = Max-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?15.?09.?2012 um 22:53:44 unerwartet heruntergefahren. Error - 15.09.2012 16:56:04 | Computer Name = MAX-PC | Source = BugCheck | ID = 1001 Description = Error - 02.10.2012 15:59:41 | Computer Name = Max-PC | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.107 registriert werden. Der Computer mit IP-Adresse 192.168.0.100 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 10.10.2012 17:02:00 | Computer Name = Max-PC | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 10.10.2012 17:24:52 | Computer Name = Max-PC | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 19.10.2012 08:41:44 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0) Error - 28.10.2012 09:51:14 | Computer Name = Max-PC | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.101 registriert werden. Der Computer mit IP-Adresse 192.168.0.100 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 12.11.2012 09:00:03 | Computer Name = Max-PC | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.126 registriert werden. Der Computer mit IP-Adresse 192.168.1.124 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 12.11.2012 14:17:34 | Computer Name = Max-PC | Source = BTHUSB | ID = 327696 Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (18:e2:c2:3f:ac:2f) ist fehlgeschlagen. Error - 16.11.2012 22:33:20 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%6704 < End of report > |
21.11.2012, 11:05 | #6 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)Zitat:
Wenn durchein Fehler in den Signaturen beispielweise eine völlig legitime und essentielle Systemdatei angemeckert wird, gibt es da keine zwei Meinungen, die könnte auch nicht in irgendeiner Weise schädlich sein nur weil ein Virenscanner durch seinen Fehlalarm das behauptet Edit: Bitte ein Log mit CF machen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) |
21.11.2012, 15:34 | #7 |
| Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) Bevor ich weitermache ein kurzer Einschub: Grad eben kam von Antivir ne Warnung, dass ich Malware hätte (irgendwo unter AppData/Roaming/...) Hab es dann mal "prüfen" lassen und das kam dabei raus: objekt fund aktion neve.exe TR/Injector.332800.2 In Quarantäne verschieben iqzy.exe TR/Injector.332800.2 In Quarantäne verschieben Hab aus ausführen geklickt und die Dinger wurden in Quarantäne verschoben. Werde gleich mal den Post editieren und den CF Log reinpasten- denke ein einfacher Log, wird nichts verschlimmbessern..? EDIT: Sehe gerade, dass du online bist und warte bis ich das O.K. kriege. |
21.11.2012, 16:35 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) Ja einfach mit CF weitermachen
__________________ Logfiles bitte immer in CODE-Tags posten |
21.11.2012, 17:15 | #9 |
| Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) Einmal ganz kurz und nur minimalst die Maus bewegt um den Standby Modus zu beenden. Code:
ATTFilter ComboFix 12-11-21.01 - Max 21.11.2012 16:52:43.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2047.1204 [GMT 1:00] ausgeführt von:: c:\users\Max\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Max\AppData\Roaming\Ciowd c:\users\Max\AppData\Roaming\Ciowd\ubeh.ohy c:\users\Max\AppData\Roaming\Owysne c:\users\Max\AppData\Roaming\Owysne\voag.exe c:\users\Max\AppData\Roaming\Xoux c:\users\Max\AppData\Roaming\Xoux\atfoo.qua . c:\windows\SysWow64\Drivers\atapi.sys . . . ist infiziert!! . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-21 bis 2012-11-21 )))))))))))))))))))))))))))))) . . 2012-11-21 16:10 . 2012-11-21 16:10 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED1A3FCD-9FCC-48BE-8E0C-C479229010B9}\offreg.dll 2012-11-20 13:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED1A3FCD-9FCC-48BE-8E0C-C479229010B9}\mpengine.dll 2012-11-19 22:13 . 2012-11-19 22:14 -------- d-----w- c:\users\Max\AppData\Roaming\Lioby 2012-11-19 19:12 . 2012-11-21 14:29 -------- d-----w- c:\users\Max\AppData\Roaming\Fygee 2012-11-19 19:12 . 2012-11-21 14:28 -------- d-----w- c:\users\Max\AppData\Roaming\Osuhy 2012-11-18 22:48 . 2012-11-18 22:48 -------- d-----w- c:\programdata\Ricoh 2012-11-18 22:48 . 2012-02-13 11:08 58368 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EUDMPP64.DLL 2012-11-18 18:38 . 2012-11-21 14:29 -------- d-----w- c:\users\Max\AppData\Roaming\Wiyvvo 2012-11-18 18:38 . 2012-11-18 18:38 -------- d-----w- c:\users\Max\AppData\Roaming\Asnya 2012-11-18 18:38 . 2012-11-18 18:38 -------- d-----w- c:\users\Max\AppData\Roaming\Ibxyyr 2012-11-18 02:07 . 2012-11-18 02:07 -------- d-----w- c:\users\UpdatusUser 2012-11-18 02:07 . 2012-11-18 02:07 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2012-11-18 02:06 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-11-17 02:11 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui 2012-11-17 02:11 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-17 02:11 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-17 02:11 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-17 02:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-17 02:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-17 02:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-17 02:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-17 02:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-17 02:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-17 02:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 16:32 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-16 16:32 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-14 17:33 . 2012-11-14 17:33 -------- d-----w- c:\users\Max\AppData\Local\HorizonWimba . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-17 02:02 . 2011-05-17 19:53 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-17 17:30 . 2012-10-17 17:30 10744 ----a-w- c:\windows\SysWow64\vpncategories.dll 2012-10-17 17:30 . 2012-10-17 17:30 33784 ----a-w- c:\windows\SysWow64\vpnevents.dll 2012-10-17 17:11 . 2012-10-17 17:11 107432 ----a-r- c:\windows\system32\drivers\acsock64.sys 2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-10 20:23 . 2012-10-10 20:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 20:23 . 2010-07-10 03:38 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-10 20:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 20:23 . 2010-07-10 03:38 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-10 20:22 . 2012-10-10 20:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-10 20:22 . 2012-10-10 20:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-09 15:14 . 2012-06-04 10:28 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 15:14 . 2011-05-15 10:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-02 19:51 . 2010-07-09 14:27 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2010-07-09 14:27 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2010-07-09 14:27 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2010-07-09 14:27 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:50 . 2010-07-09 14:27 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-09-29 18:54 . 2012-01-26 14:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 17:53 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 17:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-03 22:30 . 2012-09-03 22:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-03 22:30 . 2012-05-09 01:11 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-03 22:30 . 2011-05-26 22:06 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-31 18:19 . 2012-10-10 17:53 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 17:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 17:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 17:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-10 17:53 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 18:05 . 2012-09-22 11:56 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-09-22 11:56 1494528 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:05 . 2012-09-22 11:56 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:03 . 2012-09-22 11:56 9056256 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:03 . 2012-09-22 11:56 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:03 . 2012-09-22 11:56 735744 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:03 . 2012-09-22 11:56 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:02 . 2012-09-22 11:56 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:02 . 2012-09-22 11:56 12295680 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:02 . 2012-09-22 11:56 2453504 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 16:57 . 2012-10-10 17:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 16:57 . 2012-09-22 11:56 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 15:59 . 2012-09-22 11:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 15:20 . 2012-09-22 11:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792] "PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-01-21 220744] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WNDA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNDA3100\WNDA3100.exe [2009-9-21 1736704] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432] R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080] R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [2009-01-13 560128] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-10 270912] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136] S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31w7x.sys [2009-10-21 767488] . . Inhalt des "geplante Tasks" Ordners . 2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 15:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 204.93.211.219:80 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: network.proxy.http - 81.27.79.181 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-25 01:10; ich@maltegoetz.de; c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\extensions\ich@maltegoetz.de FF - ExtSQL: 2012-10-10 00:11; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-Fyagweo - c:\users\Max\AppData\Roaming\Owysne\voag.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WNDA3100\Parameters] @DACL=(02 0000) . Zeit der Fertigstellung: 2012-11-21 17:12:49 ComboFix-quarantined-files.txt 2012-11-21 16:12 . Vor Suchlauf: 14 Verzeichnis(se), 32.251.875.328 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 33.754.419.200 Bytes frei . - - End Of File - - 36251CF25189741C99EACDF48EBF13FB |
21.11.2012, 17:26 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder:: c:\users\Max\AppData\Roaming\Lioby c:\users\Max\AppData\Roaming\Fygee c:\users\Max\AppData\Roaming\Osuhy c:\users\Max\AppData\Roaming\Wiyvvo c:\users\Max\AppData\Roaming\Asnya c:\users\Max\AppData\Roaming\Ibxyyr c:\users\Max\AppData\Roaming\Owysne Filelook:: c:\windows\SysWow64\Drivers\atapi.sys 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.11.2012, 17:51 | #11 |
| Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)Code:
ATTFilter ComboFix 12-11-21.01 - Max 21.11.2012 17:35:48.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2047.983 [GMT 1:00] ausgeführt von:: c:\users\Max\Downloads\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Max\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Max\AppData\Roaming\Asnya c:\users\Max\AppData\Roaming\Fygee c:\users\Max\AppData\Roaming\Fygee\yzgag.ecy c:\users\Max\AppData\Roaming\Fygee\yzgag.tmp c:\users\Max\AppData\Roaming\Ibxyyr c:\users\Max\AppData\Roaming\Ibxyyr\ofeq.cov c:\users\Max\AppData\Roaming\Lioby c:\users\Max\AppData\Roaming\Lioby\ugkuo.tmp c:\users\Max\AppData\Roaming\Osuhy c:\users\Max\AppData\Roaming\Wiyvvo . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-21 bis 2012-11-21 )))))))))))))))))))))))))))))) . . 2012-11-21 16:40 . 2012-11-21 16:40 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-21 16:40 . 2012-11-21 16:40 -------- d-----w- c:\users\Mcx1-MAX-PC\AppData\Local\temp 2012-11-21 16:40 . 2012-11-21 16:40 -------- d-----w- c:\users\Mcx1-MAX-PC.Max-PC\AppData\Local\temp 2012-11-21 16:40 . 2012-11-21 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-21 16:10 . 2012-11-21 16:10 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED1A3FCD-9FCC-48BE-8E0C-C479229010B9}\offreg.dll 2012-11-20 13:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED1A3FCD-9FCC-48BE-8E0C-C479229010B9}\mpengine.dll 2012-11-18 22:48 . 2012-11-18 22:48 -------- d-----w- c:\programdata\Ricoh 2012-11-18 22:48 . 2012-02-13 11:08 58368 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EUDMPP64.DLL 2012-11-18 02:07 . 2012-11-18 02:07 -------- d-----w- c:\users\UpdatusUser 2012-11-18 02:07 . 2012-11-18 02:07 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2012-11-18 02:06 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-11-17 02:11 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui 2012-11-17 02:11 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-17 02:11 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-17 02:11 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-17 02:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-17 02:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-17 02:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-17 02:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-17 02:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-17 02:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-17 02:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 16:32 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-16 16:32 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-14 17:33 . 2012-11-14 17:33 -------- d-----w- c:\users\Max\AppData\Local\HorizonWimba . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-17 02:02 . 2011-05-17 19:53 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-17 17:30 . 2012-10-17 17:30 10744 ----a-w- c:\windows\SysWow64\vpncategories.dll 2012-10-17 17:30 . 2012-10-17 17:30 33784 ----a-w- c:\windows\SysWow64\vpnevents.dll 2012-10-17 17:11 . 2012-10-17 17:11 107432 ----a-r- c:\windows\system32\drivers\acsock64.sys 2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-10 20:23 . 2012-10-10 20:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 20:23 . 2010-07-10 03:38 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-10 20:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 20:23 . 2010-07-10 03:38 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-10 20:22 . 2012-10-10 20:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-10 20:22 . 2012-10-10 20:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-09 15:14 . 2012-06-04 10:28 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 15:14 . 2011-05-15 10:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-02 19:51 . 2010-07-09 14:27 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2010-07-09 14:27 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2010-07-09 14:27 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2010-07-09 14:27 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:50 . 2010-07-09 14:27 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-09-29 18:54 . 2012-01-26 14:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-10 17:53 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 17:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-03 22:30 . 2012-09-03 22:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-03 22:30 . 2012-05-09 01:11 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-03 22:30 . 2011-05-26 22:06 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-31 18:19 . 2012-10-10 17:53 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 17:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 17:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 17:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-10 17:53 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 18:05 . 2012-09-22 11:56 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-09-22 11:56 1494528 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:05 . 2012-09-22 11:56 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:03 . 2012-09-22 11:56 9056256 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:03 . 2012-09-22 11:56 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:03 . 2012-09-22 11:56 735744 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:03 . 2012-09-22 11:56 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:02 . 2012-09-22 11:56 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:02 . 2012-09-22 11:56 12295680 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:02 . 2012-09-22 11:56 2453504 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 16:57 . 2012-10-10 17:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 16:57 . 2012-09-22 11:56 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 15:59 . 2012-09-22 11:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 15:20 . 2012-09-22 11:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792] "PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-01-21 220744] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WNDA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNDA3100\WNDA3100.exe [2009-9-21 1736704] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432] R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080] R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [2009-01-13 560128] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-10 270912] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136] S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31w7x.sys [2009-10-21 767488] . . Inhalt des "geplante Tasks" Ordners . 2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 15:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 204.93.211.219:80 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: network.proxy.http - 81.27.79.181 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-25 01:10; ich@maltegoetz.de; c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\extensions\ich@maltegoetz.de FF - ExtSQL: 2012-10-10 00:11; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WNDA3100\Parameters] @DACL=(02 0000) . Zeit der Fertigstellung: 2012-11-21 17:42:45 ComboFix-quarantined-files.txt 2012-11-21 16:42 ComboFix2.txt 2012-11-21 16:12 . Vor Suchlauf: 14 Verzeichnis(se), 33.818.374.144 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 33.750.908.928 Bytes frei . - - End Of File - - E04C39CF3131869A2F6D7B3CFE642C5F |
21.11.2012, 17:55 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.11.2012, 18:29 | #13 |
| Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^)Code:
ATTFilter # AdwCleaner v2.008 - Datei am 21/11/2012 um 18:28:48 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Max - MAX-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Max\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v16.0.2 (de) Profilname : default Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [3400 octets] - [06/08/2012 17:53:58] AdwCleaner[R2].txt - [798 octets] - [21/11/2012 18:28:48] AdwCleaner[S1].txt - [2699 octets] - [07/08/2012 14:23:14] ########## EOF - C:\AdwCleaner[R2].txt - [917 octets] ########## |
21.11.2012, 19:26 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.11.2012, 19:49 | #15 |
| Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) OTL.txt Code:
ATTFilter OTL logfile created on: 21.11.2012 19:34:30 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,78% Memory free 4,00 Gb Paging File | 2,76 Gb Available in Paging File | 69,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 30,65 Gb Free Space | 20,56% Space Free | Partition Type: NTFS Drive D: | 74,50 Gb Total Space | 71,46 Gb Free Space | 95,92% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Max\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (jswpsapi) -- C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe (Atheros Communications, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (WNDA3100) -- C:\Windows\SysNative\drivers\WNDA31w7x.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WN111v2) -- C:\Windows\SysNative\drivers\WN111v2x.sys (Atheros Communications, Inc.) DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) DRV:64bit: - (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\@3\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 5D CE 40 DC C5 CD 01 [binary data] IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 204.93.211.219:80 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..network.proxy.http: "81.27.79.181" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 16:20:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 16:20:18 | 000,000,000 | ---D | M] [2011.05.15 10:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions [2012.10.23 20:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\e8jea1mp.default\extensions [2012.09.25 00:10:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\e8jea1mp.default\extensions\ich@maltegoetz.de [2012.03.29 21:35:13 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012.07.26 00:01:50 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.12.22 20:51:14 | 000,001,182 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\acronym-finder.xml [2011.08.12 12:45:14 | 000,002,571 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\amazon-search-suggestions.xml [2011.07.30 00:11:19 | 000,002,251 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\dc-database-en.xml [2011.05.31 21:25:04 | 000,002,321 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\dictcc.xml [2011.12.04 21:09:35 | 000,002,279 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\elder-scrolls-en.xml [2011.08.14 17:36:23 | 000,001,660 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\leo-deu-eng.xml [2011.07.30 00:11:09 | 000,002,262 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\marvel-database-en.xml [2011.07.15 02:28:43 | 000,002,322 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\openthesaurus.xml [2011.11.18 16:37:29 | 000,001,597 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\the-pirate-bay.xml [2011.11.06 12:39:53 | 000,001,218 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\uespwiki-en.xml [2011.05.31 21:24:58 | 000,002,006 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\urban-dictionary.xml [2011.05.16 18:51:19 | 000,001,330 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\wikipedia-en.xml [2012.03.18 22:11:17 | 000,001,997 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\wolframalpha.xml [2011.12.10 02:02:33 | 000,002,057 | ---- | M] () -- C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\e8jea1mp.default\searchplugins\youtube-videosuche.xml [2012.10.27 16:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.27 16:20:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.27 16:20:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.21 12:50:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 20:04:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.21 12:50:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 12:50:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 12:50:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 12:50:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.21 17:40:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKU\@1..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0 File not found O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\@1..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\@1\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\@3\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O15 - HKU\S-1-5-21-3975674286-3007113892-2621660134-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1E5EB5F-F821-46DC-A7F2-FFC51F45EA77}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 18:24:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.21 17:42:46 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.21 16:50:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.21 16:50:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.21 16:50:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.21 16:50:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.20 22:24:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F116E69E-387E-4B75-9D62-609AA9B37FCA} [2012.11.20 21:34:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2012.11.20 20:16:35 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe [2012.11.20 20:14:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe [2012.11.20 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Uni [2012.11.19 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{319151FB-D44F-4963-BBFE-F447B76F7028} [2012.11.18 23:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Ricoh [2012.11.18 15:49:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CF9C6E5A-6805-4E30-80C2-FBA789A66888} [2012.11.18 03:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.11.18 03:06:02 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.11.18 02:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\Local Settings [2012.11.17 16:30:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{E30551CE-C126-4FE2-8EF4-B78B8E67D9C1} [2012.11.17 03:11:11 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.17 03:11:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.17 03:01:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.17 03:01:58 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.17 03:01:58 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.17 03:01:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.17 02:38:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{39CC731D-E6F2-4043-A189-126C183D05F7} [2012.11.16 17:33:15 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.16 17:33:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.16 17:33:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.16 17:33:06 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.16 17:33:06 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.16 17:33:06 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.16 17:33:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.16 17:33:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.16 17:33:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.16 17:32:50 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.16 17:32:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.16 14:38:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{393E2046-49FA-4435-B953-545C5CD9BC6E} [2012.11.15 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{AAAB3978-2FB7-4010-B8FF-F96DF703CB67} [2012.11.14 21:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2012.11.14 18:33:56 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HorizonWimba [2012.11.14 14:33:31 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{132CF4EB-668D-4CEC-AF72-9280A301C40B} [2012.11.13 16:04:11 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CD7D94D8-7EDA-4102-B301-8A4CA81A7869} [2012.11.13 02:38:53 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{ADF65CF9-C573-4918-B21C-C986B9FF50BE} [2012.11.12 14:38:40 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5B05614E-C789-46F8-AB79-4E512626C558} [2012.11.11 13:28:06 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{67E568EB-F635-4EA2-99BB-179A1D74E326} [2012.11.10 14:41:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{170F3778-958A-4CE9-A661-7EBF167B838D} [2012.11.09 16:18:06 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{19AFFE43-CCCB-4BF9-84D6-72D69242F8D4} [2012.11.09 04:17:41 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3CE167C9-8B04-4CD0-BC22-F8FBBC69CB0A} [2012.11.08 16:17:29 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{6AF193CC-2276-4233-9EB5-0556FC14DC41} [2012.11.07 16:21:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{FC0AC3C4-50F1-4675-9D98-05F305973D86} [2012.11.06 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5725FC92-6474-40FB-98FB-59695D715A82} [2012.11.05 17:02:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{BC8DD572-3ED7-474A-8491-F059BB0B3AB0} [2012.11.04 16:44:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{82F022E1-189B-4C17-8339-0E73EDF023A3} [2012.11.04 03:08:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{3156638E-AB14-4D47-A472-73543CDB1035} [2012.11.03 15:08:03 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{6FEADE73-6CC7-48E4-B563-C8C04B3A12C2} [2012.11.02 18:22:54 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9007DA8B-C8F5-4C8E-A654-7E025E5D5CD9} [2012.11.01 20:20:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D80794D0-D0BF-46D6-B0EF-26B301045328} [2012.10.31 16:31:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{CB602A12-4D47-4D31-9C9C-27901E9C9F6C} [2012.10.30 15:12:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DE07DC95-4A65-4733-A630-84E9BB061675} [2012.10.29 17:20:38 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{F4F82240-FDB0-4058-B07B-2DB65F7DFEAB} [2012.10.28 14:57:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{D46D8015-BBCA-46D7-BC43-0D7E47229EF1} [2012.10.28 01:10:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{149BE589-BD71-47ED-AF1C-16EDAD357724} [2012.10.27 16:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{7F26638A-FCCE-4958-942A-958B1E22CD82} [2012.10.26 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{B9A3AF11-591B-49CE-B89A-DBB18A79BEFA} [2012.10.25 15:45:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{A8DF5CD7-B4EB-4871-B098-C2003D13E6EC} [2012.10.24 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{DEFA80BC-9DE2-4287-B264-8CBD8F27A968} [2012.10.23 14:05:37 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{5391A965-1368-44D7-BA15-57D455D6B735} [2012.10.22 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\{9B7FCCA5-0E30-4A8F-8AF1-637538EA5E40} ========== Files - Modified Within 30 Days ========== [2012.11.21 19:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.21 18:27:03 | 000,543,531 | ---- | M] () -- C:\Users\Max\Desktop\adwcleaner.exe [2012.11.21 17:40:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.21 16:46:52 | 000,001,098 | ---- | M] () -- C:\Users\Max\Desktop\ComboFix - Verknüpfung.lnk [2012.11.21 15:31:59 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 15:31:59 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 15:23:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.21 15:23:03 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys [2012.11.21 03:07:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.21 03:07:24 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.21 03:07:24 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.21 03:07:24 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.21 03:07:24 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.20 21:34:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2012.11.20 20:59:35 | 000,000,512 | ---- | M] () -- C:\Users\Max\Desktop\MBR.dat [2012.11.20 20:16:35 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe [2012.11.20 20:15:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Max\Desktop\aswMBR.exe [2012.11.20 19:53:29 | 000,001,392 | ---- | M] () -- C:\Windows\SysNative\ricdb.ini [2012.11.18 15:22:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.17 14:36:47 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.12 19:44:33 | 002,257,761 | ---- | M] () -- C:\Users\Max\Documents\max2.jpg [2012.11.12 19:40:56 | 002,143,760 | ---- | M] () -- C:\Users\Max\Documents\20121112_174352.jpg [2012.11.12 19:40:53 | 002,300,647 | ---- | M] () -- C:\Users\Max\Documents\crawlinginmyskiiin.jpg [2012.11.12 19:40:47 | 002,245,507 | ---- | M] () -- C:\Users\Max\Documents\20121112_175006.jpg [2012.11.12 19:40:44 | 002,319,717 | ---- | M] () -- C:\Users\Max\Documents\20121112_175908.jpg [2012.11.12 19:40:42 | 002,313,252 | ---- | M] () -- C:\Users\Max\Documents\max1.jpg [2012.11.12 19:40:38 | 002,324,608 | ---- | M] () -- C:\Users\Max\Documents\20121112_180255.jpg [2012.11.12 19:40:37 | 002,311,649 | ---- | M] () -- C:\Users\Max\Documents\20121112_180339.jpg [2012.11.12 19:40:35 | 002,328,168 | ---- | M] () -- C:\Users\Max\Documents\20121112_180349.jpg [2012.11.12 19:40:33 | 002,290,808 | ---- | M] () -- C:\Users\Max\Documents\20121112_180357.jpg [2012.11.12 19:40:31 | 002,263,260 | ---- | M] () -- C:\Users\Max\Documents\20121112_180429.jpg [2012.11.12 19:40:28 | 002,190,795 | ---- | M] () -- C:\Users\Max\Documents\20121112_180451.jpg [2012.11.12 19:40:25 | 002,272,992 | ---- | M] () -- C:\Users\Max\Documents\20121112_180520.jpg [2012.11.07 17:59:09 | 000,001,366 | ---- | M] () -- C:\Users\Max\Desktop\hulk.rtf [2012.10.22 23:08:27 | 003,764,050 | ---- | M] () -- C:\Users\Max\Documents\20121022_151547.jpg [2012.10.22 23:07:32 | 003,375,268 | ---- | M] () -- C:\Users\Max\Documents\20121022_151537.jpg [2012.10.22 23:06:42 | 003,307,656 | ---- | M] () -- C:\Users\Max\Documents\20121022_151523.jpg [2012.10.22 23:05:50 | 002,728,989 | ---- | M] () -- C:\Users\Max\Documents\20121022_151618.jpg [2012.10.22 23:05:08 | 003,267,684 | ---- | M] () -- C:\Users\Max\Documents\20121022_151634.jpg [2012.10.22 23:04:09 | 003,799,515 | ---- | M] () -- C:\Users\Max\Documents\20121022_151702.jpg ========== Files Created - No Company Name ========== [2012.11.21 16:50:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.21 16:50:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.21 16:50:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.21 16:50:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.21 16:50:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.21 16:46:52 | 000,001,098 | ---- | C] () -- C:\Users\Max\Desktop\ComboFix - Verknüpfung.lnk [2012.11.20 20:59:35 | 000,000,512 | ---- | C] () -- C:\Users\Max\Desktop\MBR.dat [2012.11.18 23:46:16 | 000,001,392 | ---- | C] () -- C:\Windows\SysNative\ricdb.ini [2012.11.17 03:11:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 03:01:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.12 19:26:28 | 002,143,760 | ---- | C] () -- C:\Users\Max\Documents\20121112_174352.jpg [2012.11.12 19:25:51 | 002,300,647 | ---- | C] () -- C:\Users\Max\Documents\crawlinginmyskiiin.jpg [2012.11.12 19:25:15 | 002,245,507 | ---- | C] () -- C:\Users\Max\Documents\20121112_175006.jpg [2012.11.12 19:24:38 | 002,319,717 | ---- | C] () -- C:\Users\Max\Documents\20121112_175908.jpg [2012.11.12 19:24:01 | 002,313,252 | ---- | C] () -- C:\Users\Max\Documents\max1.jpg [2012.11.12 19:23:26 | 002,257,761 | ---- | C] () -- C:\Users\Max\Documents\max2.jpg [2012.11.12 19:22:46 | 002,324,608 | ---- | C] () -- C:\Users\Max\Documents\20121112_180255.jpg [2012.11.12 19:22:07 | 002,311,649 | ---- | C] () -- C:\Users\Max\Documents\20121112_180339.jpg [2012.11.12 19:21:28 | 002,328,168 | ---- | C] () -- C:\Users\Max\Documents\20121112_180349.jpg [2012.11.12 19:20:49 | 002,290,808 | ---- | C] () -- C:\Users\Max\Documents\20121112_180357.jpg [2012.11.12 19:20:07 | 002,263,260 | ---- | C] () -- C:\Users\Max\Documents\20121112_180429.jpg [2012.11.12 19:19:25 | 002,190,795 | ---- | C] () -- C:\Users\Max\Documents\20121112_180451.jpg [2012.11.12 19:18:44 | 002,272,992 | ---- | C] () -- C:\Users\Max\Documents\20121112_180520.jpg [2012.11.07 17:59:09 | 000,001,366 | ---- | C] () -- C:\Users\Max\Desktop\hulk.rtf [2012.10.22 23:07:33 | 003,764,050 | ---- | C] () -- C:\Users\Max\Documents\20121022_151547.jpg [2012.10.22 23:06:44 | 003,375,268 | ---- | C] () -- C:\Users\Max\Documents\20121022_151537.jpg [2012.10.22 23:05:52 | 003,307,656 | ---- | C] () -- C:\Users\Max\Documents\20121022_151523.jpg [2012.10.22 23:05:10 | 002,728,989 | ---- | C] () -- C:\Users\Max\Documents\20121022_151618.jpg [2012.10.22 23:04:11 | 003,267,684 | ---- | C] () -- C:\Users\Max\Documents\20121022_151634.jpg [2012.10.22 23:03:06 | 003,799,515 | ---- | C] () -- C:\Users\Max\Documents\20121022_151702.jpg [2011.11.10 19:45:57 | 001,420,616 | ---- | C] () -- C:\Users\Max\2011-11-10 19.25.22.jpg [2011.11.10 19:45:38 | 001,638,144 | ---- | C] () -- C:\Users\Max\2011-11-10 19.26.16.jpg [2011.11.10 19:45:22 | 001,443,464 | ---- | C] () -- C:\Users\Max\2011-11-10 19.26.30.jpg [2011.11.10 19:45:03 | 001,601,281 | ---- | C] () -- C:\Users\Max\2011-11-10 19.35.52.jpg [2011.11.10 19:44:42 | 001,647,716 | ---- | C] () -- C:\Users\Max\2011-11-10 19.37.26.jpg [2011.11.10 19:44:25 | 001,505,606 | ---- | C] () -- C:\Users\Max\2011-11-10 19.40.03.jpg [2011.11.10 19:44:09 | 001,392,730 | ---- | C] () -- C:\Users\Max\2011-11-10 19.37.00.jpg [2011.11.10 19:43:52 | 001,430,322 | ---- | C] () -- C:\Users\Max\2011-11-10 19.38.21.jpg [2011.11.10 19:43:32 | 001,545,600 | ---- | C] () -- C:\Users\Max\2011-11-10 19.39.40.jpg [2011.11.10 19:43:15 | 001,503,448 | ---- | C] () -- C:\Users\Max\2011-11-10 19.40.32.jpg [2011.10.23 20:24:27 | 001,390,133 | ---- | C] () -- C:\Users\Max\2011-10-23 19.54.31.jpg [2011.07.01 20:56:42 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.05.15 19:02:15 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2011.05.15 18:25:41 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.15 09:39:17 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.11.2012 19:34:30 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,78% Memory free 4,00 Gb Paging File | 2,76 Gb Available in Paging File | 69,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 30,65 Gb Free Space | 20,56% Space Free | Partition Type: NTFS Drive D: | 74,50 Gb Total Space | 71,46 Gb Free Space | 95,92% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3975674286-3007113892-2621660134-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0177D670-E4D9-4A7A-B870-EAC553575309}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{05DC2BF6-3723-40D4-9C4D-5DBD110F9B9D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{0CE4F14A-BC99-4580-BACC-82318E301000}" = rport=137 | protocol=17 | dir=out | app=system | "{181034E0-4BE3-49BE-AA2F-3163D6B8A651}" = rport=138 | protocol=17 | dir=out | app=system | "{1B095E7D-C682-4AFD-9067-E77F958CDC44}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1C976136-78BF-4ECE-8259-8E1B7160AB8A}" = lport=139 | protocol=6 | dir=in | app=system | "{2D058946-38EF-4515-A028-8911F93E2F62}" = lport=2869 | protocol=6 | dir=in | app=system | "{43467CDE-8F8F-480B-8EC6-22BAFEA4985B}" = lport=137 | protocol=17 | dir=in | app=system | "{5349EA37-9515-4348-9050-1C4C5337C911}" = rport=445 | protocol=6 | dir=out | app=system | "{5F8745CF-D48D-4F35-971C-589B6907E0A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6491C8E1-B504-4735-B470-E80DFA928DA8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6E94BF30-7840-4AF3-8DEC-7FBC00C19C4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{74B58830-9741-4B60-B40D-F0B3BF22FBF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8629DAD6-3E8C-4DB2-8C50-41C7730F4EEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A3173C1D-BA58-497D-940D-2BCAC49ABCCC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{A4F42316-2B53-41F2-9597-4736A9BB8EF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A51B2A82-446B-4191-A5D4-C6C06E421371}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B4F7EBA3-3FF9-4E44-89BE-C651EE14D991}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B9D8AB71-69E9-4E18-A7BE-D1AB252A4BCC}" = lport=138 | protocol=17 | dir=in | app=system | "{C46867F0-BFDB-4987-B355-4BBB10501C02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E9A633DE-7ED5-413E-ADA0-030F75E8B2C7}" = rport=139 | protocol=6 | dir=out | app=system | "{EF09DFDA-D6A6-49BF-9F59-89BA8B91A160}" = lport=445 | protocol=6 | dir=in | app=system | "{F219B2FC-46BB-445D-9EAB-587AE787D7C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F34D3336-FC92-42AE-ADB6-7D09CC11120E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{073B7B8B-020E-4FD1-918B-D5725E40E05D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{07B7B033-AB77-4BE2-8525-EF0CB03198A2}" = protocol=6 | dir=in | app=c:\users\max\downloads\setup-msgplus-501.exe | "{0E910F8D-EACD-45D3-99CA-CB8DBBEC0E9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress classic\hl.exe | "{0EFD04A2-AB2D-4144-9E66-6CED9E24CEDE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1305480802\ee\aolsoftware.exe | "{187B97F5-8B57-43A9-BE97-A5F4C582FF25}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe | "{1DA0A801-8DE5-4977-868E-322B53367CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{2169D3B2-F6AB-4844-90D9-7CE8C1FC96B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{23130B23-D7F9-45B3-BB20-75BEAFD82109}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{24D31768-3DA7-47AB-B7AF-3D4E655E1882}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe | "{2A3B1587-1F97-4BD2-99B9-7811C28C8CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{2B1C0897-2201-4C96-998E-A80F8A7E1A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe | "{2C89A31E-FFD9-4B00-9871-D436462B4189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | "{2FC55DBD-4B33-476D-9017-87B1D1CBC000}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2FFB1E25-A2DC-4280-A702-A182706CA9D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{37B20030-47D9-460C-BA24-CCD0260D439E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | "{3E8025DD-4CEE-4544-8E08-5352101306D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{3F6A6C6A-A5F9-4896-953B-90837065C1DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4457FCCE-A4D9-4407-8D57-A06B0DADFDBD}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe | "{47BB0751-055F-40E7-A42A-F4A0EF06ECD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5CB4A015-3FA8-41CE-B808-AA72860DA7AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5F4E49D7-0FE9-434C-97B9-6A476451D3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe | "{601C4F1B-5FB4-48B0-B24D-DF36863484D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | "{6523FAEB-7A50-4BF9-9227-51612F175677}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{68AA2909-0A75-4531-BB0C-2CBFC3955336}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1305480802\ee\aolsoftware.exe | "{6AD00153-E7A8-467D-AF1C-66E2F9845F86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe | "{6BD401E7-ED98-4C9B-B588-ABB880E86446}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress classic\hl.exe | "{90AF58B7-2DBD-48CE-ABE7-5DBC9F8B48E4}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe | "{979F8844-E07D-4568-AAF3-9C8E1B735C32}" = protocol=17 | dir=in | app=c:\users\max\downloads\setup-msgplus-501.exe | "{9BD64D6E-E536-4446-8202-4CBA2A7A4CCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | "{9E590996-1D6C-40AC-81BD-EBF823C66C92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{A1280294-1BB8-4BBB-A918-BCE650E23E93}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B1DA823C-6298-43DD-BCF0-53061D8D12BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\day of defeat\hl.exe | "{B361C90F-963C-4472-8D71-7741CAE3D38C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{B3B4A880-4DFF-499E-9A25-F25DFBB6BFCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe | "{B4C3E8AF-04AF-4933-8015-819DDD59C0FD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{B7D978F5-71DC-43D4-BE45-9143E3A53F1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life\hl.exe | "{BC207B56-91C4-479E-A94B-B43F440C3663}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | "{C26F3EF6-CAB1-4556-B224-65451CD0AFFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\day of defeat\hl.exe | "{C368BE99-E412-4ADC-8A3D-F43D41A03CD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | "{C4C4F6E2-615F-498F-B955-A2B025FC7836}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C6ECB584-1149-4CF1-AA5C-87160E545F1C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{C7F625FF-8556-4474-BCD5-FEE40F4E260C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{CA1C27B7-1962-4F2B-8EB3-DC55EC3CA898}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{CC9B3F42-576D-438F-B63D-159EE92E4FAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{CD9DE40F-95C0-4E5F-B49D-27557C9E1AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{DB4DFADD-9CE2-4301-BF8B-1DC5A62DBE47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | "{E0DA42C7-F41F-4C14-9617-E37A251A2CD7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{E511BE4A-A801-4B33-BE94-F00E83662127}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | "{EDCBD489-961A-4412-8C19-FEBD81ABB813}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\counter-strike\hl.exe | "{F256AE38-4CC6-45DE-BCE0-0F4C4B16D0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{FCEED16B-87FF-4CCB-A1CA-F1AFACC7828F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{FDDBD0A5-F48C-4BB9-90B4-8A6309AC3B64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{181E4DDE-C6B7-40F3-8E9E-6875F8A2CC5F}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | "TCP Query User{1848F742-8B70-4F05-8667-6A569046646C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{218E7C6A-A342-414C-9B43-175B600E8F4A}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | "TCP Query User{22B563AA-B372-40DC-8659-7FA95DB8ECF5}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | "TCP Query User{593462F0-1DFA-440C-B55A-C8319ABCBF23}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | "TCP Query User{7616EBA7-F3C1-48EB-A215-8220203F2A8B}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | "TCP Query User{7F4D0631-4843-4C15-8476-213F3EBBDD5C}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | "TCP Query User{8A3C2A82-0BA6-4451-9268-2D10FF798286}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | "TCP Query User{9A404F08-2CEE-445C-A378-678C2F763257}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{9F6F20A4-2E7B-4174-838B-BC79BF040C12}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | "TCP Query User{A4219D3D-EACA-4490-BE3C-2C5F47879F16}C:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe | "TCP Query User{B8190FB6-CA31-405F-90D5-AB941C0A0028}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | "TCP Query User{D9C7370E-7FB3-4458-96ED-2C80576D40C5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{0862FF82-6D83-4B5D-8156-C953446DC14B}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | "UDP Query User{0B535A95-436C-412F-B9DA-04A0208C2420}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | "UDP Query User{1D4E725B-3E10-4E01-AE26-6EB166728BB7}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | "UDP Query User{2C990DF5-049A-4C94-B1F1-3AC365B512B1}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | "UDP Query User{4DCF87B2-5615-4B1C-95B9-8318B39155C8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{5AE2CDE6-372C-4F0E-BD0D-F9AF29E6AD7C}C:\users\max\appdata\roaming\wiyvvo\iqzy.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\wiyvvo\iqzy.exe | "UDP Query User{67869E89-9642-444D-ABF0-766E6A46F9A5}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | "UDP Query User{6D45A719-6E60-4FC8-9BDB-78F072D5B464}C:\users\max\appdata\roaming\owysne\voag.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\owysne\voag.exe | "UDP Query User{762B0221-788D-4BAF-B4C9-C2DA181BC296}C:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\team fortress 2\hl2.exe | "UDP Query User{81F5D7C9-6A18-4562-A7BF-FD7D24220EAB}C:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cashaddi\half-life 2 deathmatch\hl2.exe | "UDP Query User{A0AF255C-EC18-4332-B847-1667055720FA}C:\users\max\appdata\roaming\osuhy\neve.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\osuhy\neve.exe | "UDP Query User{AFA3C7EE-6F00-4DCB-9CB5-421C39EB8751}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{F26FF8F3-40AF-47E0-A3A3-3387EE1ADCB4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "Speccy" = Speccy "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = WNDA3100 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2948988-2C6C-4070-BC8B-A1D77FE97D09}_is1" = Running with rifles Demo version 0.4 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CDisplay_is1" = CDisplay 1.8 "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DAEMON Tools Lite" = DAEMON Tools Lite "Deus Ex" = Deus Ex "InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100 "InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6 "IrfanView" = IrfanView (remove only) "JFK Reloaded" = JFK Reloaded 1.1 "KainUninstallKey" = Legacy of Kain "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "ManyCam" = ManyCam 2.6.55 (remove only) "Messenger Plus!" = Messenger Plus! 5 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Octodad" = Octodad "OpenAL" = OpenAL "Secunia PSI" = Secunia PSI (2.0.0.4003) "Steam App 10" = Counter-Strike "Steam App 130" = Half-Life: Blue Shift "Steam App 320" = Half-Life 2: Deathmatch "Steam App 50" = Half-Life: Opposing Force "Steam App 70" = Half-Life "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 28.09.2012 11:56:14 | Computer Name = Max-PC | Source = acvpndownloader | ID = 67108866 Description = Error - 28.09.2012 11:56:14 | Computer Name = Max-PC | Source = acvpndownloader | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 28.09.2012 11:57:40 | Computer Name = Max-PC | Source = acvpninstall | ID = 67108866 Description = Error - 18.11.2012 14:54:29 | Computer Name = Max-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e58 Startzeit: 01cdc5a9061ccef1 Endzeit: 235 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: Error - 20.11.2012 09:50:24 | Computer Name = Max-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Max\Downloads\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ Cisco AnyConnect Secure Mobility Client Events ] Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 5090 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 704 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 225 Invoked Function: CNetEnvironment::testNetwork Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 9309 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::genericNoticeCategoryHandler File: .\MainThread.cpp Line: 6588 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 6201 Invoked Function: CMainThread::genericNoticeCategoryHandler Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 6151 Invoked Function: CMainThread::processNotice Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 21.11.2012 11:48:05 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::OnEventSignaled File: .\MainThread.cpp Line: 5923 Invoked Function: CMainThread::noticeHandler Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 21.11.2012 11:48:10 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 704 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 21.11.2012 11:48:10 | Computer Name = Max-PC | Source = acvpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 225 Invoked Function: CNetEnvironment::testNetwork Return Code: -28835824 (0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE [ Media Center Events ] Error - 06.09.2011 15:38:40 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 06.09.2011 15:39:00 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 06.09.2011 15:39:13 | Computer Name = Max-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = [ System Events ] Error - 12.11.2012 09:00:03 | Computer Name = Max-PC | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.126 registriert werden. Der Computer mit IP-Adresse 192.168.1.124 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 12.11.2012 14:17:34 | Computer Name = Max-PC | Source = BTHUSB | ID = 327696 Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (18:e2:c2:3f:ac:2f) ist fehlgeschlagen. Error - 16.11.2012 22:33:20 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%6704 Error - 21.11.2012 11:55:57 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 21.11.2012 12:09:36 | Computer Name = Max-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 21.11.2012 12:10:19 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 21.11.2012 12:38:31 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 21.11.2012 12:40:19 | Computer Name = Max-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 21.11.2012 12:40:20 | Computer Name = Max-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 21.11.2012 12:40:50 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. < End of report > |
Themen zu Trojaner/Spyware Befall? ^ einmal tippen, zwei zeichen(^^) |
administrator, anti-malware, applikation, autostart, befall, bericht, bildschirm, code, dateien, desktop, explorer, firewall, gelöscht, google, löschen, malwarebytes, microsoft, nvidia, nvidia graka, rootkit.necurs.64, software, speicher, tdss, temp, tippen, treiber entfernen, verdacht |