| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner fragte: Haste mal 100,- Euro?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.12.2012, 14:06
| #1 |
 |  GVU-Trojaner fragte: Haste mal 100,- Euro? Hallo liebe Trojaner-Boarder, leider hatte der GVU-Trojaner auch von meinem PC kurzfristig Besitz ergriffen: Internetsitzung zusammengebrochen und dann nur noch die Erpresser-Seite, die sich nicht entfernen ließ. Also auf Neustart im normalen Modus und die Seite ist immer noch da, ohne das eine Internetverbindung bestanden hätte! Wieder Neustart, diesmal im abgesicherten Modus mit Netzwerkverbindung, und die Seite ist weg. Habe dann aber vorsichtshalber noch das System auf die am kürzesten zurückliegende Systemwiederherstellung zurückgesetzt (acht Tage zurück, also auf den 21.12.) und alles war auch wieder im normalen Modus -anscheinend- okay. Irgendwie habe ich dem Braten aber nicht getraut und bin Gott sei Dank erstmal zu Euch gesurft und habe mich durch sämtliche Antworten, mit denen Ihr anderen Betroffenen schon geholfen habt, gelesen. Deshalb habe ich mir sowohl die Malwarebytes Antimalware als auch den OTL Oldtimer heruntergeladen. Ersteres hat dann auch gleich 143 infizierte Dateien entdeckt und nach Neustart in Quarantäne gesteckt. Die Logfiles habe ich unten angehängt, könnt Ihr mir sagen, ob ich noch irgendetwas tun muß? Für Eure Mühe jedenfalls schon mal vielen Dank im voraus!  Eure Sinderella malwarebytes Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: R2-D2 [Administrator] Schutz: Aktiviert 29.12.2012 07:14:20 mbam-log-2012-12-29 (07-14-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236856 Laufzeit: 2 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 87 HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 5 HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|64ffxtbr@TelevisionFanatic.com (PUP.MyWebSearch) -> Daten: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Program Files (x86)\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Löschen bei Neustart. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 48 C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Löschen bei Neustart. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64sknlcr.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CREXT.DLL (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CrExtP64.exe (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\T8TICKER.DLL (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL Text OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.12.2012 08:14:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL- Oldtimer 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,49% Memory free 3,73 Gb Paging File | 1,81 Gb Available in Paging File | 48,62% Paging File free Paging file location(s): c:\pagefile.sys 2024 2686 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 362,91 Gb Free Space | 77,93% Space Free | Partition Type: NTFS Computer Name: R2-D2 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\OTL- Oldtimer\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.) PRC - C:\Programme\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\Firefox 4\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\Firefox 4\plugin-container.exe (Mozilla Corporation) PRC - C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\Spybot 1.6.2\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () MOD - C:\Programme\Mozilla Firefox\Firefox 4\mozjs.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll () MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll () MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll () MOD - C:\Windows\SysWOW64\AsIO.dll () ========== Services (SafeList) ========== SRV:64bit: - (SBSDWSCService) -- C:\Program Files\Spybot 1.6.2\Spybot File not found SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MBAMService) -- C:\Programme\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/ IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 35 D8 3B D8 F8 CA 01 [binary data] IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes,DefaultScope = {E0F0C3B1-C9AF-43d1-9B9B-A050CF939DDF} IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{34CDB640-561B-4b03-96E1-147A87B3119C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{4175230D-64EA-4EE1-9DE9-23A74FCBDBF0}: "URL" = hxxp://search.microsoft.com/results.aspx?mkt=de-DE&setlang=de-DE&q={searchTerms} IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{7E2EF76D-429A-4C08-88C6-27A8B6A2FD1A}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{86D6973D-54D2-48fc-8C3B-56D7BDF41023}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{A65F55B1-3403-4DE2-87DE-B92ADCDFE674}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{DFD59F7B-3729-45BF-A8F6-4A7C406F1E30}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{E0F0C3B1-C9AF-43d1-9B9B-A050CF939DDF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\SearchScopes\{EF8BDFF8-6824-4665-8614-15972B084F65}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.15.0 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=417&sr=0&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Apple\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VLC-Player\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.3: C:\Program Files\VLC-Player\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.6: C:\Program Files\VLC-Player\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VLC-Player\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VLC-Player\VLC2.0.4\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.25 08:30:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.05 14:31:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.12.29 06:03:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.08 20:41:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.08 20:41:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.08 20:41:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.08 20:41:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 07:12:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Thunderbird 11\components [2012.12.08 20:41:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Thunderbird 11\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.25 08:30:24 | 000,000,000 | ---D | M] [2012.03.29 04:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.27 11:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.12.29 06:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2kr7arke.default\extensions [2012.11.13 18:33:56 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2kr7arke.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} [2012.03.29 04:09:06 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2kr7arke.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.10.03 20:58:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2kr7arke.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.04.16 12:43:26 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2kr7arke.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012.11.22 18:56:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2kr7arke.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.03 19:51:24 | 000,000,000 | ---D | M] ("SecretHelper") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2kr7arke.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58} [2012.12.29 06:03:01 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2kr7arke.default\extensions\64ffxtbr@TelevisionFanatic.com [2011.12.20 10:22:52 | 000,003,679 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\2kr7arke.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}\chrome\secrethelper\content\expiry.xml [2012.03.29 04:09:01 | 000,002,515 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\2kr7arke.default\searchplugins\Search_Results.xml ========== Chrome ========== O1 HOSTS File: ([2011.08.05 23:44:44 | 000,436,368 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15017 more lines... O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot 1.6.2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O7 - HKU\S-1-5-21-955397382-2114135398-1094883414-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot 1.6.2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{088640B8-24E4-4EB8-BA74-4988ED9E6076}: DhcpNameServer = 192.168.2.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4bb97409-1925-11e0-b5a2-90415ed7dd26}\Shell - "" = AutoRun O33 - MountPoints2\{4bb97409-1925-11e0-b5a2-90415ed7dd26}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.29 08:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\OTL- Oldtimer [2012.12.29 06:58:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.12.29 06:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.29 06:57:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.29 06:56:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2012.12.29 06:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malware- bytes Anti- malware [2012.12.20 07:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\HNO- Radiologischer Befund [2012.12.17 05:43:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.12.17 05:37:51 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.17 05:37:51 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.17 05:37:51 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.17 05:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.13 06:30:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.13 06:30:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.13 06:30:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.13 06:30:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.13 06:30:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.13 06:30:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.13 06:30:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.13 06:30:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.13 06:30:14 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.13 06:30:14 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.13 06:30:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.13 06:30:13 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.13 06:30:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.13 06:30:11 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.13 06:30:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.13 05:51:06 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.13 05:51:06 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.13 05:51:06 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.13 05:51:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.13 05:50:38 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.13 05:50:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.13 05:50:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.13 05:50:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.13 05:50:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.13 05:50:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.13 05:50:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.13 05:50:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.13 05:50:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.13 05:50:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.13 05:50:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.13 05:50:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.13 05:50:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 05:50:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.13 05:50:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.13 05:50:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.13 05:50:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 05:50:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 05:50:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 05:50:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 05:50:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 05:50:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 05:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 05:50:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.13 05:50:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 05:50:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 05:50:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 05:50:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 05:50:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 05:50:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.13 05:50:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.13 05:50:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.13 05:48:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.13 05:48:20 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.08 20:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.12.04 02:41:40 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Turbo Lister [2012.12.03 22:23:46 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Turbo Lister Backup [2012.12.03 22:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay [2012.12.03 22:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay [2012.12.03 22:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ebay [2012.11.01 12:32:35 | 005,993,104 | ---- | C] (Uniblue Systems Ltd ) -- C:\Program Files\speedupmypc.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.29 07:27:01 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.29 06:57:40 | 000,001,228 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.29 06:11:31 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.29 06:11:31 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.29 06:03:56 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.29 06:03:53 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.12.29 06:03:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.29 06:03:40 | 1408,634,880 | -HS- | M] () -- C:\hiberfil.sys [2012.12.17 05:38:01 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.17 05:26:38 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.17 05:26:38 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.14 04:36:57 | 000,296,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.03 22:12:10 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.29 06:57:40 | 000,001,228 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.17 05:38:01 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.03 22:12:10 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk [2012.07.19 10:38:44 | 000,042,786 | ---- | C] () -- C:\Program Files\0_rechnung_74049726.pdf [2012.06.28 10:54:15 | 000,010,734 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.05.22 01:03:35 | 000,007,354 | ---- | C] () -- C:\Program Files\Rechnung39945.htm [2012.04.16 12:51:51 | 029,851,432 | ---- | C] () -- C:\Program Files\CPE_SCAN_DESTINATION_UPDATE_hpcom_001_003.exe [2011.05.23 15:20:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.04.03 10:39:56 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2011.01.11 06:17:12 | 000,045,176 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.01.10 04:14:45 | 000,019,757 | ---- | C] () -- C:\Program Files\651.odt [2010.12.25 09:48:26 | 000,005,770 | ---- | C] () -- C:\Users\***\*** [2010.10.18 05:01:04 | 000,002,411 | ---- | C] () -- C:\Program Files\Neue Datenbank.odb [2010.03.15 20:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.06.04 01:16:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.11.14 16:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent [2012.11.26 18:34:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.rda.remotediagnostic.at [2012.12.29 06:03:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo [2010.07.01 21:30:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft [2011.08.11 01:14:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrassGames [2012.06.28 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.05.26 09:21:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.07.02 13:32:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PreisHai4 [2012.07.10 04:04:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.07.02 13:32:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver [2012.03.15 13:02:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.05.24 02:52:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.01.06 01:08:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone ========== Purity Check ========== < End of report > OTL- Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.12.2012 08:14:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL- Oldtimer
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,49% Memory free
3,73 Gb Paging File | 1,81 Gb Available in Paging File | 48,62% Paging File free
Paging file location(s): c:\pagefile.sys 2024 2686 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 362,91 Gb Free Space | 77,93% Space Free | Partition Type: NTFS
Computer Name: R2-D2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-955397382-2114135398-1094883414-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\Firefox 4\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC-Player\VLC2.0.4\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC-Player\VLC2.0.4\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC-Player\VLC2.0.4\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC-Player\VLC2.0.4\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036C01E2-FBDD-4333-99F4-F0096925DEF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{141120B8-17E0-4AB8-841F-354CBC9F71E7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20B4AF92-EB46-4D53-8841-65AAA822B2E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{20E1CD9B-FF2E-4973-878F-F9AC3A23B2F0}" = rport=137 | protocol=17 | dir=out | app=system |
"{28F2A369-B8AF-4DF0-89D7-C3C010261BD0}" = lport=137 | protocol=17 | dir=in | app=system |
"{2F3589B0-3555-4E41-AFEA-49152839479D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F73A266-1FC6-40CB-9748-E2A255ED83BC}" = lport=139 | protocol=6 | dir=in | app=system |
"{3BBD0203-8470-4D06-952D-0F0F1E96D671}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4D73B52B-1633-46D4-96B0-3CF85F4D30E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{554F488F-7189-43F9-8D56-1114955CFC12}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6973CAE8-797B-4C7F-93CC-F5607BBC193D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EB93129-7784-46E3-BC9B-5F8CD4392B40}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9685DD08-3CB9-45B7-97E7-8C3B8DC9A78F}" = rport=139 | protocol=6 | dir=out | app=system |
"{A0F56E1E-6270-4A05-8FA8-D10C6916F37C}" = rport=445 | protocol=6 | dir=out | app=system |
"{C7984CF0-1F91-4B8B-94CE-AC965A546AF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7AAE8F9-EB5A-4096-A9E5-1893C4AEDE22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D4075CCE-8481-4601-9075-525D9D35238F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7C683D1-3937-40D4-A7F1-1459A6347E89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE503C24-7CF1-43CB-9A4D-1285C687F15C}" = lport=445 | protocol=6 | dir=in | app=system |
"{EEB312F8-F18F-4873-9DC9-C05F20D28C7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F29DF28D-A353-477E-A76C-391905A6956B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01963336-3D77-44C0-8472-9EFED66190DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{083F64A9-5A1D-4A97-8EF9-8004D13FA556}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{12E56BB2-C349-4F80-8426-DE7DF8774733}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{15327011-EB96-4333-A6CD-D20BF5846FD1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{1AF2DD6F-4671-41F7-9CE4-822C39C4278F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1E2E9620-5C9F-4F5C-9342-FF3ECC8A1302}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{2464E9F8-3F8C-4272-B5CF-69F53384E800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29464DF3-471D-440D-9966-4840C05BEE89}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{341CDE37-4ABB-4B6A-838D-5422698EC92B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{3644BE7A-DCAF-4853-96F6-9E7A7A0E7E12}" = protocol=6 | dir=in | app=c:\program files\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe |
"{3EA9F835-71F1-48B8-8634-F4153298DAE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{447BCC97-36F7-467E-8C6A-C5FF5D750488}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{537A3052-ED2E-460F-822C-ABF8C36ADAD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{584A11A9-2920-483E-81AF-5303A9E1D46F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5873E3CF-1EA5-430F-8CEB-5EF523C80BC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{587DEB00-78D7-42B9-A468-FA2715217A71}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"{5D80A3E0-CF83-4F33-B015-72B31145463A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66A138D6-0F7F-45F4-B7B9-608C64B72125}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6F5E8CDE-6D28-4E63-AB9F-4E0CF22F1305}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"{70AE5708-CC99-4B94-99FD-289C5FD01C16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73F8DB7F-E02A-46CF-AB88-06FDE8B7E739}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{7F321D0C-33E6-446D-8F94-9FC5F785C2C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87C0D456-4809-4A76-885C-7720D8E35A05}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C7A23E5-DA12-49C7-B4E5-EBDE35B36A40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{901F656C-37F7-45CA-A2EC-E0AE8EB9BAFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CEC8250-A064-4AF3-A119-34001FA42F23}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D01FFBE-9846-4063-B4BD-B360988E15A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F83F01C-A72E-4F4F-8943-74CAC60899C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{A349B49D-3FC3-4E65-8C28-E25DCE05A391}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3539381-1716-429A-A2E7-4C026BCD86CA}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{A64BCBE6-458A-4537-AF94-F2704E44A226}" = protocol=17 | dir=in | app=c:\program files\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe |
"{AB1AA364-E851-4E43-891F-2BF03D5D57D9}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{B0B86A0C-7341-4C31-81BC-38F6DE8ECC08}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{B1A40353-6DB5-447D-A9E5-539B1164C887}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{B38B0757-FF62-4E33-9BB7-4E367B20DFAC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{B7826A73-5354-4D4F-97C8-657513B8AD23}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"{B98EB115-1EE0-4DCB-8129-608DDC8986C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{BCBA90F4-6936-45E9-9756-A2C1F6452882}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD7DC24D-6908-400C-ACC6-9F64F56329C7}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{BDD94C1D-1547-4FF9-9859-D230FF6E26CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C31A1850-9C60-44D6-BF4B-4CFCD52C85F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C55BA6D2-9F30-4FC5-850D-1E671AFAE229}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C586FBF6-5695-4F1B-A10D-770AB8AFBADE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{C80E9DEB-CFA5-4B79-B33C-27AE2E913B56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{C96B2E95-91D0-48E4-86D6-28FB856532C0}" = protocol=17 | dir=in | app=c:\program files\apple\itunes.exe |
"{CAEFCE91-E46F-453B-9FF7-CED658ABF0A1}" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"{D03FCC8A-52B9-4E54-A18A-9EF0A1E1023A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{D573CC8D-68D5-45FA-956B-94C69139679E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6D82932-D0FB-4E2D-BD37-4E195ED905E2}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{D792F079-AD03-4447-82B8-822652889A26}" = protocol=6 | dir=in | app=c:\program files\apple\itunes.exe |
"{DDAAC947-2019-4DAC-9FCB-B8ACD414BE8E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E1572956-C736-4DAA-B327-0719574A9409}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{E72D797E-6ED4-4FA9-A17A-54C8CA85FF8F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9EB1F88-1C55-45BB-BFBB-049A86C95346}" = protocol=6 | dir=out | app=system |
"{EEA580E7-BA57-4B8D-B984-DEEB63F20EC2}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{F8A7E35D-DFFF-45CE-AC73-B85C1FAEDAFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FAC9511E-69FA-41DA-BB12-31F9792F4051}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{FE6F1AE1-E81A-4D62-ADB9-E91555AAB604}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0BC6BA2F-A5A1-4689-8347-6597B31CE33E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{24288693-F13C-47EF-83CF-C68E3E32EBB2}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{4767E801-3DA4-400C-91EA-B84C620D68D8}C:\program files\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe" = protocol=6 | dir=in | app=c:\program files\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe |
"TCP Query User{625C820E-63A3-44FD-9082-CAFA11729C9F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{C1D9832A-DDCA-4AFB-BD2C-D3C37CFCE532}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{EBB02D3F-CCE4-4D99-BE07-17CAECC5C23B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{2A191802-4ACF-4348-A32C-01BA4C4D9435}C:\program files\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe" = protocol=17 | dir=in | app=c:\program files\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe |
"UDP Query User{357DB51E-E150-4C98-9601-03C629002434}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{84892E1B-D304-4EC1-9B75-1CC9BF5FB4F5}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{88157D2D-F4E5-49C0-9762-C46EAE47863F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F575C7DB-6CB3-4606-AC28-CA8302243845}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{FFA9AE31-D2DE-4582-BDED-155E3CE22EA5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08347912-0AA5-C85E-BC02-416568E741B4}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{897BE4A7-682B-7375-BBAF-05A44FC2B524}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{914C25C6-603C-16C9-BE33-8A09E5632350}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"WinGimp-2.0_is1" = GIMP 2.6.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12444FB2-997D-7BB2-0CEB-453E31307929}" = ccc-core-static
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F264191-64FB-4163-813C-70641B24089F}" = HP Print Diagnostic Utility
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4C9041EE-6D6E-1BA5-9705-C5D2C45176C8}" = eDiagnose
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{707790EF-9E51-1548-F90C-57B38065F38C}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B5999EE-F2DD-4677-675D-51F11C6F6181}" = Catalyst Control Center Graphics Previews Common
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect Lite
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9eca5da3-ee03-45b7-8ba8-67f9e2f3be43}" = Nero 9 Lite
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{AE096DBF-8878-6943-3858-7EE9D54D70B7}" = CCC Help English
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C92CE7AF-B104-4710-8F5C-9F833976D308}" = Schrankplaner
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F508C63B-CA7D-4D37-B293-2FCAD4E92779}" = Immoscout24 NewsFlash
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Chicken Invaders 2_is1" = Chicken Invaders 2 v2.40
"Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1" = Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20
"com.rda.remotediagnostic.at" = eDiagnose
"DivX Setup" = DivX-Setup
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"Free Solitaire 3D_is1" = Free Solitaire 3D 3.6
"Free Video Dub_is1" = Free Video Dub version 1.7
"Glary Utilities_is1" = Glary Utilities 2.26.0.956
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 15.0" = RealPlayer
"Tunatic" = Tunatic
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.4
"weblica" = weblica - 2.5.1
"weblica designer" = weblica designer
"Windows Searchqu Toolbar" = Windows Searchqu Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-955397382-2114135398-1094883414-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.11.2011 19:55:31 | Computer Name = R2-D2 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 10.11.2011 00:00:59 | Computer Name = R2-D2 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 10.11.2011 01:45:41 | Computer Name = R2-D2 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\messenger\wlcsdk.exe". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.11.2011 01:45:51 | Computer Name = R2-D2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
1.6.2\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\spybot 1.6.2\spybot - search & destroy\DelZip179.dll" in Zeile
8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.11.2011 01:46:01 | Computer Name = R2-D2 | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 10.11.2011 12:52:01 | Computer Name = R2-D2 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 10.11.2011 16:37:50 | Computer Name = R2-D2 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 10.11.2011 19:32:04 | Computer Name = R2-D2 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\messenger\wlcsdk.exe". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.11.2011 19:32:14 | Computer Name = R2-D2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
1.6.2\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\spybot 1.6.2\spybot - search & destroy\DelZip179.dll" in Zeile
8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.11.2011 19:32:24 | Computer Name = R2-D2 | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
[ System Events ]
Error - 29.12.2012 00:57:32 | Computer Name = R2-D2 | Source = DCOM | ID = 10005
Description =
Error - 29.12.2012 01:04:40 | Computer Name = R2-D2 | Source = PNRPSvc | ID = 102
Description =
Error - 29.12.2012 01:04:40 | Computer Name = R2-D2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 29.12.2012 01:04:40 | Computer Name = R2-D2 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 29.12.2012 01:04:49 | Computer Name = R2-D2 | Source = PNRPSvc | ID = 102
Description =
Error - 29.12.2012 01:04:49 | Computer Name = R2-D2 | Source = PNRPSvc | ID = 102
Description =
Error - 29.12.2012 01:04:49 | Computer Name = R2-D2 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 29.12.2012 01:04:49 | Computer Name = R2-D2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 29.12.2012 01:04:49 | Computer Name = R2-D2 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 29.12.2012 01:04:49 | Computer Name = R2-D2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
Geändert von Sinderella (29.12.2012 um 15:03 Uhr) |
|
29.12.2012, 18:34
| #2 |
| /// Malware-holic   | GVU-Trojaner fragte: Haste mal 100,- Euro? Hi,
__________________auch wenn ich mich nahezu in jedem Thread wiederhole... Finger weg von der Systemwiederherstellung bei Malware, da kann man viel Schaden anrichten. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
30.12.2012, 01:37
| #3 |
| | GVU-Trojaner fragte: Haste mal 100,- Euro? Hallo Markus,
__________________danke für Deine Antwort! Hier der Log: Code:
ATTFilter 00:54:18.0513 3712 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:54:19.0949 3712 ============================================================
00:54:19.0949 3712 Current date / time: 2012/12/30 00:54:19.0949
00:54:19.0949 3712 SystemInfo:
00:54:19.0949 3712
00:54:19.0949 3712 OS Version: 6.1.7601 ServicePack: 1.0
00:54:19.0949 3712 Product type: Workstation
00:54:19.0949 3712 ComputerName: R2-D2
00:54:19.0949 3712 UserName: ***
00:54:19.0949 3712 Windows directory: C:\Windows
00:54:19.0949 3712 System windows directory: C:\Windows
00:54:19.0949 3712 Running under WOW64
00:54:19.0949 3712 Processor architecture: Intel x64
00:54:19.0949 3712 Number of processors: 2
00:54:19.0949 3712 Page size: 0x1000
00:54:19.0949 3712 Boot type: Normal boot
00:54:19.0949 3712 ============================================================
00:54:26.0469 3712 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:54:26.0485 3712 ============================================================
00:54:26.0485 3712 \Device\Harddisk0\DR0:
00:54:26.0501 3712 MBR partitions:
00:54:26.0501 3712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:54:26.0501 3712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
00:54:26.0501 3712 ============================================================
00:54:26.0594 3712 C: <-> \Device\Harddisk0\DR0\Partition2
00:54:26.0594 3712 ============================================================
00:54:26.0594 3712 Initialize success
00:54:26.0594 3712 ============================================================
00:54:57.0904 3956 ============================================================
00:54:57.0904 3956 Scan started
00:54:57.0904 3956 Mode: Manual; SigCheck; TDLFS;
00:54:57.0904 3956 ============================================================
00:55:00.0337 3956 ================ Scan system memory ========================
00:55:00.0337 3956 System memory - ok
00:55:00.0337 3956 ================ Scan services =============================
00:55:00.0493 3956 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:55:00.0696 3956 1394ohci - ok
00:55:00.0758 3956 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:55:00.0774 3956 ACPI - ok
00:55:00.0805 3956 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:55:00.0914 3956 AcpiPmi - ok
00:55:01.0055 3956 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:55:01.0070 3956 AdobeARMservice - ok
00:55:01.0164 3956 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:55:01.0195 3956 adp94xx - ok
00:55:01.0211 3956 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:55:01.0226 3956 adpahci - ok
00:55:01.0242 3956 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:55:01.0258 3956 adpu320 - ok
00:55:01.0289 3956 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:55:01.0398 3956 AeLookupSvc - ok
00:55:01.0445 3956 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:55:01.0507 3956 AFD - ok
00:55:01.0554 3956 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:55:01.0570 3956 agp440 - ok
00:55:01.0601 3956 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:55:01.0741 3956 ALG - ok
00:55:01.0757 3956 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:55:01.0788 3956 aliide - ok
00:55:01.0882 3956 [ EE048EF96EE7F7FDF1DCE45C9EBBF19A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:55:02.0006 3956 AMD External Events Utility - ok
00:55:02.0084 3956 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:55:02.0100 3956 amdide - ok
00:55:02.0147 3956 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:55:02.0287 3956 AmdK8 - ok
00:55:02.0974 3956 [ 8D8D3E85EFD9DD9718F879A49F9180A4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:55:03.0161 3956 amdkmdag - ok
00:55:03.0223 3956 [ B5EC8AEF50FE15B294EBC6AA3BDA1BE6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:55:03.0270 3956 amdkmdap - ok
00:55:03.0317 3956 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:55:03.0348 3956 AmdPPM - ok
00:55:03.0379 3956 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:55:03.0426 3956 amdsata - ok
00:55:03.0473 3956 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:55:03.0520 3956 amdsbs - ok
00:55:03.0535 3956 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:55:03.0551 3956 amdxata - ok
00:55:03.0676 3956 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\Avira\AntiVir Desktop\sched.exe
00:55:03.0691 3956 AntiVirSchedulerService - ok
00:55:03.0738 3956 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\Avira\AntiVir Desktop\avguard.exe
00:55:03.0754 3956 AntiVirService - ok
00:55:03.0785 3956 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:55:03.0925 3956 AppID - ok
00:55:03.0972 3956 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:55:04.0034 3956 AppIDSvc - ok
00:55:04.0066 3956 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:55:04.0097 3956 Appinfo - ok
00:55:04.0190 3956 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:55:04.0206 3956 Apple Mobile Device - ok
00:55:04.0222 3956 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:55:04.0237 3956 arc - ok
00:55:04.0253 3956 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:55:04.0268 3956 arcsas - ok
00:55:04.0362 3956 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
00:55:04.0424 3956 AsIO - ok
00:55:04.0456 3956 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:55:04.0518 3956 AsyncMac - ok
00:55:04.0549 3956 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:55:04.0549 3956 atapi - ok
00:55:04.0658 3956 [ 8D8D3E85EFD9DD9718F879A49F9180A4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:55:04.0721 3956 atikmdag - ok
00:55:04.0799 3956 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
00:55:04.0799 3956 AtiPcie - ok
00:55:04.0846 3956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:55:04.0924 3956 AudioEndpointBuilder - ok
00:55:04.0924 3956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:55:04.0955 3956 AudioSrv - ok
00:55:05.0017 3956 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:55:05.0033 3956 avgntflt - ok
00:55:05.0095 3956 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:55:05.0111 3956 avipbb - ok
00:55:05.0158 3956 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:55:05.0173 3956 avkmgr - ok
00:55:05.0204 3956 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:55:05.0298 3956 AxInstSV - ok
00:55:05.0314 3956 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:55:05.0392 3956 b06bdrv - ok
00:55:05.0407 3956 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:55:05.0454 3956 b57nd60a - ok
00:55:05.0516 3956 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
00:55:05.0532 3956 BCUService - ok
00:55:05.0548 3956 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:55:05.0610 3956 BDESVC - ok
00:55:05.0672 3956 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:55:05.0719 3956 Beep - ok
00:55:05.0750 3956 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:55:05.0813 3956 BFE - ok
00:55:05.0875 3956 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:55:05.0969 3956 BITS - ok
00:55:06.0000 3956 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:55:06.0047 3956 blbdrive - ok
00:55:06.0094 3956 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:55:06.0109 3956 Bonjour Service - ok
00:55:06.0172 3956 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:55:06.0187 3956 bowser - ok
00:55:06.0203 3956 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:55:06.0281 3956 BrFiltLo - ok
00:55:06.0281 3956 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:55:06.0296 3956 BrFiltUp - ok
00:55:06.0359 3956 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:55:06.0421 3956 Browser - ok
00:55:06.0437 3956 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:55:06.0499 3956 Brserid - ok
00:55:06.0515 3956 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:55:06.0546 3956 BrSerWdm - ok
00:55:06.0577 3956 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:55:06.0624 3956 BrUsbMdm - ok
00:55:06.0640 3956 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:55:06.0671 3956 BrUsbSer - ok
00:55:06.0686 3956 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:55:06.0733 3956 BTHMODEM - ok
00:55:06.0764 3956 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:55:06.0827 3956 bthserv - ok
00:55:06.0842 3956 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:55:06.0874 3956 cdfs - ok
00:55:06.0936 3956 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:55:06.0952 3956 cdrom - ok
00:55:06.0983 3956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:55:07.0030 3956 CertPropSvc - ok
00:55:07.0045 3956 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:55:07.0076 3956 circlass - ok
00:55:07.0108 3956 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:55:07.0139 3956 CLFS - ok
00:55:07.0186 3956 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:55:07.0201 3956 clr_optimization_v2.0.50727_32 - ok
00:55:07.0264 3956 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:55:07.0279 3956 clr_optimization_v2.0.50727_64 - ok
00:55:07.0373 3956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:55:07.0404 3956 clr_optimization_v4.0.30319_32 - ok
00:55:07.0451 3956 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:55:07.0466 3956 clr_optimization_v4.0.30319_64 - ok
00:55:07.0482 3956 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:55:07.0498 3956 CmBatt - ok
00:55:07.0498 3956 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:55:07.0513 3956 cmdide - ok
00:55:07.0560 3956 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
00:55:07.0591 3956 CNG - ok
00:55:07.0607 3956 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:55:07.0622 3956 Compbatt - ok
00:55:07.0638 3956 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:55:07.0669 3956 CompositeBus - ok
00:55:07.0669 3956 COMSysApp - ok
00:55:07.0700 3956 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:55:07.0716 3956 crcdisk - ok
00:55:07.0747 3956 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:55:07.0810 3956 CryptSvc - ok
00:55:07.0856 3956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:55:07.0903 3956 DcomLaunch - ok
00:55:07.0934 3956 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:55:07.0997 3956 defragsvc - ok
00:55:08.0059 3956 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:55:08.0137 3956 DfsC - ok
00:55:08.0184 3956 dgderdrv - ok
00:55:08.0215 3956 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:55:08.0278 3956 Dhcp - ok
00:55:08.0293 3956 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:55:08.0324 3956 discache - ok
00:55:08.0340 3956 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:55:08.0356 3956 Disk - ok
00:55:08.0402 3956 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:55:08.0465 3956 Dnscache - ok
00:55:08.0512 3956 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:55:08.0558 3956 dot3svc - ok
00:55:08.0621 3956 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
00:55:08.0652 3956 Dot4 - ok
00:55:08.0683 3956 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
00:55:08.0714 3956 Dot4Print - ok
00:55:08.0761 3956 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
00:55:08.0792 3956 dot4usb - ok
00:55:08.0839 3956 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:55:08.0886 3956 DPS - ok
00:55:08.0917 3956 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:55:08.0948 3956 drmkaud - ok
00:55:08.0995 3956 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:55:09.0026 3956 DXGKrnl - ok
00:55:09.0042 3956 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:55:09.0104 3956 EapHost - ok
00:55:09.0167 3956 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:55:09.0260 3956 ebdrv - ok
00:55:09.0292 3956 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:55:09.0354 3956 EFS - ok
00:55:09.0416 3956 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:55:09.0494 3956 ehRecvr - ok
00:55:09.0526 3956 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:55:09.0572 3956 ehSched - ok
00:55:09.0604 3956 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:55:09.0635 3956 elxstor - ok
00:55:09.0682 3956 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:55:09.0713 3956 ErrDev - ok
00:55:09.0775 3956 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:55:09.0822 3956 EventSystem - ok
00:55:09.0853 3956 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:55:09.0900 3956 exfat - ok
00:55:09.0916 3956 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:55:09.0962 3956 fastfat - ok
00:55:10.0009 3956 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:55:10.0087 3956 Fax - ok
00:55:10.0103 3956 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:55:10.0134 3956 fdc - ok
00:55:10.0181 3956 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:55:10.0228 3956 fdPHost - ok
00:55:10.0259 3956 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:55:10.0306 3956 FDResPub - ok
00:55:10.0337 3956 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:55:10.0352 3956 FileInfo - ok
00:55:10.0368 3956 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:55:10.0399 3956 Filetrace - ok
00:55:10.0415 3956 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:55:10.0446 3956 flpydisk - ok
00:55:10.0477 3956 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:55:10.0508 3956 FltMgr - ok
00:55:10.0540 3956 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:55:10.0618 3956 FontCache - ok
00:55:10.0680 3956 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:55:10.0696 3956 FontCache3.0.0.0 - ok
00:55:10.0696 3956 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:55:10.0711 3956 FsDepends - ok
00:55:10.0774 3956 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:55:10.0789 3956 Fs_Rec - ok
00:55:10.0852 3956 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:55:10.0867 3956 fvevol - ok
00:55:10.0883 3956 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:55:10.0898 3956 gagp30kx - ok
00:55:10.0961 3956 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:55:10.0976 3956 GEARAspiWDM - ok
00:55:11.0023 3956 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:55:11.0101 3956 gpsvc - ok
00:55:11.0164 3956 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:55:11.0179 3956 gupdate - ok
00:55:11.0210 3956 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:55:11.0210 3956 gupdatem - ok
00:55:11.0257 3956 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:55:11.0304 3956 hcw85cir - ok
00:55:11.0351 3956 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:55:11.0382 3956 HdAudAddService - ok
00:55:11.0398 3956 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:55:11.0444 3956 HDAudBus - ok
00:55:11.0460 3956 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:55:11.0491 3956 HidBatt - ok
00:55:11.0522 3956 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:55:11.0554 3956 HidBth - ok
00:55:11.0585 3956 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:55:11.0616 3956 HidIr - ok
00:55:11.0647 3956 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:55:11.0710 3956 hidserv - ok
00:55:11.0756 3956 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:55:11.0772 3956 HidUsb - ok
00:55:11.0803 3956 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:55:11.0850 3956 hkmsvc - ok
00:55:11.0897 3956 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:55:11.0959 3956 HomeGroupListener - ok
00:55:11.0990 3956 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:55:12.0022 3956 HomeGroupProvider - ok
00:55:12.0115 3956 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:55:12.0131 3956 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
00:55:12.0131 3956 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
00:55:12.0162 3956 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:55:12.0193 3956 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
00:55:12.0193 3956 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
00:55:12.0224 3956 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:55:12.0240 3956 HpSAMD - ok
00:55:12.0302 3956 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:55:12.0365 3956 HTTP - ok
00:55:12.0396 3956 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:55:12.0412 3956 hwpolicy - ok
00:55:12.0427 3956 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:55:12.0443 3956 i8042prt - ok
00:55:12.0474 3956 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:55:12.0505 3956 iaStorV - ok
00:55:12.0536 3956 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:55:12.0568 3956 idsvc - ok
00:55:12.0599 3956 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:55:12.0614 3956 iirsp - ok
00:55:12.0677 3956 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:55:12.0739 3956 IKEEXT - ok
00:55:12.0770 3956 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:55:12.0770 3956 intelide - ok
00:55:12.0786 3956 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:55:12.0833 3956 intelppm - ok
00:55:12.0864 3956 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:55:12.0911 3956 IPBusEnum - ok
00:55:12.0958 3956 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:55:12.0989 3956 IpFilterDriver - ok
00:55:13.0051 3956 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:55:13.0082 3956 iphlpsvc - ok
00:55:13.0114 3956 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:55:13.0145 3956 IPMIDRV - ok
00:55:13.0176 3956 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:55:13.0223 3956 IPNAT - ok
00:55:13.0301 3956 [ 24595EC9236D7E421661A2D4FFBD901A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:55:13.0316 3956 iPod Service - ok
00:55:13.0332 3956 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:55:13.0410 3956 IRENUM - ok
00:55:13.0441 3956 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:55:13.0457 3956 isapnp - ok
00:55:13.0472 3956 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:55:13.0488 3956 iScsiPrt - ok
00:55:13.0504 3956 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:55:13.0519 3956 kbdclass - ok
00:55:13.0535 3956 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:55:13.0550 3956 kbdhid - ok
00:55:13.0550 3956 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:55:13.0582 3956 KeyIso - ok
00:55:13.0628 3956 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:55:13.0644 3956 KSecDD - ok
00:55:13.0675 3956 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:55:13.0691 3956 KSecPkg - ok
00:55:13.0706 3956 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:55:13.0769 3956 ksthunk - ok
00:55:13.0800 3956 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:55:13.0847 3956 KtmRm - ok
00:55:13.0894 3956 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:55:13.0956 3956 LanmanServer - ok
00:55:14.0003 3956 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:55:14.0065 3956 LanmanWorkstation - ok
00:55:14.0081 3956 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:55:14.0143 3956 lltdio - ok
00:55:14.0174 3956 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:55:14.0221 3956 lltdsvc - ok
00:55:14.0252 3956 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:55:14.0268 3956 lmhosts - ok
00:55:14.0299 3956 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:55:14.0315 3956 LSI_FC - ok
00:55:14.0315 3956 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:55:14.0330 3956 LSI_SAS - ok
00:55:14.0346 3956 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:55:14.0362 3956 LSI_SAS2 - ok
00:55:14.0377 3956 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:55:14.0393 3956 LSI_SCSI - ok
00:55:14.0408 3956 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:55:14.0440 3956 luafv - ok
00:55:14.0502 3956 [ 7AEAC0B5B185CB5601673A0462C7EC36 ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
00:55:14.0549 3956 massfilter - ok
00:55:14.0611 3956 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:55:14.0627 3956 MBAMProtector - ok
00:55:14.0736 3956 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:55:14.0767 3956 MBAMScheduler - ok
00:55:14.0798 3956 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbamservice.exe
00:55:14.0830 3956 MBAMService - ok
00:55:14.0861 3956 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:55:14.0892 3956 Mcx2Svc - ok
00:55:14.0923 3956 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:55:14.0939 3956 megasas - ok
00:55:14.0954 3956 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:55:14.0970 3956 MegaSR - ok
00:55:14.0986 3956 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:55:15.0048 3956 MMCSS - ok
00:55:15.0064 3956 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:55:15.0110 3956 Modem - ok
00:55:15.0142 3956 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:55:15.0173 3956 monitor - ok
00:55:15.0204 3956 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:55:15.0220 3956 mouclass - ok
00:55:15.0220 3956 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:55:15.0235 3956 mouhid - ok
00:55:15.0266 3956 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:55:15.0298 3956 mountmgr - ok
00:55:15.0376 3956 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:55:15.0391 3956 MozillaMaintenance - ok
00:55:15.0422 3956 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:55:15.0438 3956 mpio - ok
00:55:15.0454 3956 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:55:15.0485 3956 mpsdrv - ok
00:55:15.0516 3956 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:55:15.0578 3956 MpsSvc - ok
00:55:15.0625 3956 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:55:15.0672 3956 MRxDAV - ok
00:55:15.0766 3956 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:55:15.0812 3956 mrxsmb - ok
00:55:15.0859 3956 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:55:15.0906 3956 mrxsmb10 - ok
00:55:15.0937 3956 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:55:15.0968 3956 mrxsmb20 - ok
00:55:16.0000 3956 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:55:16.0015 3956 msahci - ok
00:55:16.0031 3956 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:55:16.0046 3956 msdsm - ok
00:55:16.0062 3956 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:55:16.0093 3956 MSDTC - ok
00:55:16.0140 3956 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:55:16.0171 3956 Msfs - ok
00:55:16.0187 3956 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:55:16.0234 3956 mshidkmdf - ok
00:55:16.0249 3956 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:55:16.0265 3956 msisadrv - ok
00:55:16.0280 3956 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:55:16.0327 3956 MSiSCSI - ok
00:55:16.0343 3956 msiserver - ok
00:55:16.0358 3956 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:55:16.0405 3956 MSKSSRV - ok
00:55:16.0421 3956 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:55:16.0468 3956 MSPCLOCK - ok
00:55:16.0468 3956 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:55:16.0514 3956 MSPQM - ok
00:55:16.0561 3956 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:55:16.0577 3956 MsRPC - ok
00:55:16.0608 3956 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:55:16.0624 3956 mssmbios - ok
00:55:16.0639 3956 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:55:16.0670 3956 MSTEE - ok
00:55:16.0670 3956 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:55:16.0702 3956 MTConfig - ok
00:55:16.0733 3956 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
00:55:16.0748 3956 MTsensor - ok
00:55:16.0764 3956 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:55:16.0780 3956 Mup - ok
00:55:16.0795 3956 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:55:16.0842 3956 napagent - ok
00:55:16.0873 3956 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:55:16.0920 3956 NativeWifiP - ok
00:55:16.0967 3956 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:55:17.0014 3956 NDIS - ok
00:55:17.0029 3956 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:55:17.0060 3956 NdisCap - ok
00:55:17.0076 3956 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:55:17.0123 3956 NdisTapi - ok
00:55:17.0170 3956 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:55:17.0201 3956 Ndisuio - ok
00:55:17.0248 3956 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:55:17.0294 3956 NdisWan - ok
00:55:17.0341 3956 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:55:17.0388 3956 NDProxy - ok
00:55:17.0435 3956 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:55:17.0450 3956 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:55:17.0450 3956 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:55:17.0466 3956 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:55:17.0513 3956 NetBIOS - ok
00:55:17.0544 3956 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:55:17.0606 3956 NetBT - ok
00:55:17.0638 3956 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:55:17.0638 3956 Netlogon - ok
00:55:17.0669 3956 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:55:17.0716 3956 Netman - ok
00:55:17.0747 3956 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:55:17.0794 3956 netprofm - ok
00:55:17.0825 3956 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:55:17.0856 3956 NetTcpPortSharing - ok
00:55:17.0872 3956 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:55:17.0887 3956 nfrd960 - ok
00:55:17.0887 3956 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:55:17.0918 3956 NlaSvc - ok
00:55:17.0950 3956 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:55:17.0981 3956 Npfs - ok
00:55:17.0981 3956 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:55:18.0028 3956 nsi - ok
00:55:18.0059 3956 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:55:18.0106 3956 nsiproxy - ok
00:55:18.0168 3956 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:55:18.0230 3956 Ntfs - ok
00:55:18.0230 3956 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:55:18.0293 3956 Null - ok
00:55:18.0324 3956 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:55:18.0340 3956 nvraid - ok
00:55:18.0355 3956 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:55:18.0386 3956 nvstor - ok
00:55:18.0402 3956 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:55:18.0418 3956 nv_agp - ok
00:55:18.0433 3956 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:55:18.0449 3956 ohci1394 - ok
00:55:18.0480 3956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:55:18.0527 3956 p2pimsvc - ok
00:55:18.0542 3956 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:55:18.0574 3956 p2psvc - ok
00:55:18.0589 3956 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:55:18.0605 3956 Parport - ok
00:55:18.0636 3956 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:55:18.0652 3956 partmgr - ok
00:55:18.0652 3956 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:55:18.0698 3956 PcaSvc - ok
00:55:18.0745 3956 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:55:18.0761 3956 pci - ok
00:55:18.0761 3956 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:55:18.0776 3956 pciide - ok
00:55:18.0792 3956 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:55:18.0823 3956 pcmcia - ok
00:55:18.0823 3956 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:55:18.0839 3956 pcw - ok
00:55:18.0854 3956 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:55:18.0932 3956 PEAUTH - ok
00:55:18.0995 3956 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:55:19.0026 3956 PerfHost - ok
00:55:19.0073 3956 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:55:19.0182 3956 pla - ok
00:55:19.0213 3956 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:55:19.0260 3956 PlugPlay - ok
00:55:19.0291 3956 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:55:19.0307 3956 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:55:19.0307 3956 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:55:19.0338 3956 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:55:19.0369 3956 PNRPAutoReg - ok
00:55:19.0400 3956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:55:19.0416 3956 PNRPsvc - ok
00:55:19.0447 3956 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:55:19.0510 3956 PolicyAgent - ok
00:55:19.0541 3956 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:55:19.0603 3956 Power - ok
00:55:19.0634 3956 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:55:19.0666 3956 PptpMiniport - ok
00:55:19.0681 3956 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:55:19.0712 3956 Processor - ok
00:55:19.0744 3956 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:55:19.0790 3956 ProfSvc - ok
00:55:19.0806 3956 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:55:19.0822 3956 ProtectedStorage - ok
00:55:19.0868 3956 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:55:19.0915 3956 Psched - ok
00:55:19.0946 3956 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:55:20.0024 3956 ql2300 - ok
00:55:20.0040 3956 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:55:20.0071 3956 ql40xx - ok
00:55:20.0102 3956 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:55:20.0118 3956 QWAVE - ok
00:55:20.0134 3956 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:55:20.0165 3956 QWAVEdrv - ok
00:55:20.0196 3956 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:55:20.0243 3956 RasAcd - ok
00:55:20.0274 3956 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:55:20.0305 3956 RasAgileVpn - ok
00:55:20.0321 3956 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:55:20.0352 3956 RasAuto - ok
00:55:20.0383 3956 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:55:20.0446 3956 Rasl2tp - ok
00:55:20.0477 3956 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:55:20.0539 3956 RasMan - ok
00:55:20.0555 3956 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:55:20.0586 3956 RasPppoe - ok
00:55:20.0602 3956 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:55:20.0648 3956 RasSstp - ok
00:55:20.0680 3956 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:55:20.0742 3956 rdbss - ok
00:55:20.0758 3956 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:55:20.0804 3956 rdpbus - ok
00:55:20.0820 3956 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:55:20.0851 3956 RDPCDD - ok
00:55:20.0867 3956 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:55:20.0914 3956 RDPENCDD - ok
00:55:20.0945 3956 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:55:20.0960 3956 RDPREFMP - ok
00:55:21.0038 3956 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:55:21.0101 3956 RdpVideoMiniport - ok
00:55:21.0132 3956 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:55:21.0179 3956 RDPWD - ok
00:55:21.0210 3956 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:55:21.0241 3956 rdyboost - ok
00:55:21.0272 3956 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:55:21.0319 3956 RemoteAccess - ok
00:55:21.0335 3956 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:55:21.0397 3956 RemoteRegistry - ok
00:55:21.0444 3956 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
00:55:21.0491 3956 RMCAST - ok
00:55:21.0538 3956 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:55:21.0584 3956 RpcEptMapper - ok
00:55:21.0616 3956 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:55:21.0647 3956 RpcLocator - ok
00:55:21.0678 3956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:55:21.0709 3956 RpcSs - ok
00:55:21.0756 3956 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:55:21.0818 3956 rspndr - ok
00:55:21.0865 3956 [ 7421A35C45484B95E83B5E9E107CEFC2 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
00:55:21.0881 3956 RTHDMIAzAudService - ok
00:55:21.0928 3956 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:55:21.0959 3956 RTL8167 - ok
00:55:21.0974 3956 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:55:21.0990 3956 SamSs - ok
00:55:22.0037 3956 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:55:22.0052 3956 sbp2port - ok
00:55:22.0130 3956 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot 1.6.2\Spybot - Search & Destroy\SDWinSec.exe
00:55:22.0162 3956 SBSDWSCService - ok
00:55:22.0193 3956 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:55:22.0240 3956 SCardSvr - ok
00:55:22.0255 3956 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:55:22.0318 3956 scfilter - ok
00:55:22.0364 3956 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:55:22.0442 3956 Schedule - ok
00:55:22.0474 3956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:55:22.0489 3956 SCPolicySvc - ok
00:55:22.0505 3956 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:55:22.0567 3956 SDRSVC - ok
00:55:22.0614 3956 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:55:22.0661 3956 secdrv - ok
00:55:22.0692 3956 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:55:22.0739 3956 seclogon - ok
00:55:22.0770 3956 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:55:22.0801 3956 SENS - ok
00:55:22.0817 3956 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:55:22.0832 3956 SensrSvc - ok
00:55:22.0832 3956 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:55:22.0848 3956 Serenum - ok
00:55:22.0864 3956 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:55:22.0879 3956 Serial - ok
00:55:22.0926 3956 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:55:22.0942 3956 sermouse - ok
00:55:22.0988 3956 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:55:23.0035 3956 SessionEnv - ok
00:55:23.0082 3956 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:55:23.0129 3956 sffdisk - ok
00:55:23.0144 3956 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:55:23.0160 3956 sffp_mmc - ok
00:55:23.0191 3956 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:55:23.0222 3956 sffp_sd - ok
00:55:23.0269 3956 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:55:23.0285 3956 sfloppy - ok
00:55:23.0347 3956 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:55:23.0394 3956 SharedAccess - ok
00:55:23.0441 3956 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:55:23.0519 3956 ShellHWDetection - ok
00:55:23.0550 3956 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:55:23.0566 3956 SiSRaid2 - ok
00:55:23.0566 3956 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:55:23.0581 3956 SiSRaid4 - ok
00:55:23.0597 3956 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:55:23.0628 3956 Smb - ok
00:55:23.0675 3956 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:55:23.0706 3956 SNMPTRAP - ok
00:55:23.0737 3956 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:55:23.0753 3956 spldr - ok
00:55:23.0784 3956 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:55:23.0846 3956 Spooler - ok
00:55:23.0909 3956 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:55:24.0049 3956 sppsvc - ok
00:55:24.0096 3956 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:55:24.0143 3956 sppuinotify - ok
00:55:24.0205 3956 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:55:24.0268 3956 srv - ok
00:55:24.0283 3956 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:55:24.0330 3956 srv2 - ok
00:55:24.0361 3956 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:55:24.0392 3956 srvnet - ok
00:55:24.0439 3956 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:55:24.0502 3956 SSDPSRV - ok
00:55:24.0517 3956 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:55:24.0548 3956 SstpSvc - ok
00:55:24.0564 3956 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:55:24.0595 3956 stexstor - ok
00:55:24.0658 3956 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:55:24.0704 3956 stisvc - ok
00:55:24.0751 3956 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:55:24.0767 3956 swenum - ok
00:55:24.0782 3956 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:55:24.0845 3956 swprv - ok
00:55:24.0907 3956 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:55:24.0970 3956 SysMain - ok
00:55:25.0001 3956 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:55:25.0016 3956 TabletInputService - ok
00:55:25.0032 3956 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:55:25.0094 3956 TapiSrv - ok
00:55:25.0126 3956 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:55:25.0172 3956 TBS - ok
00:55:25.0219 3956 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:55:25.0297 3956 Tcpip - ok
00:55:25.0344 3956 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:55:25.0391 3956 TCPIP6 - ok
00:55:25.0391 3956 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:55:25.0422 3956 tcpipreg - ok
00:55:25.0469 3956 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:55:25.0484 3956 TDPIPE - ok
00:55:25.0516 3956 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:55:25.0547 3956 TDTCP - ok
00:55:25.0578 3956 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:55:25.0625 3956 tdx - ok
00:55:25.0656 3956 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:55:25.0672 3956 TermDD - ok
00:55:25.0734 3956 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:55:25.0796 3956 TermService - ok
00:55:25.0828 3956 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:55:25.0874 3956 Themes - ok
00:55:25.0890 3956 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:55:25.0921 3956 THREADORDER - ok
00:55:25.0968 3956 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:55:26.0015 3956 TrkWks - ok
00:55:26.0062 3956 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:55:26.0124 3956 TrustedInstaller - ok
00:55:26.0155 3956 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:55:26.0186 3956 tssecsrv - ok
00:55:26.0249 3956 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:55:26.0311 3956 TsUsbFlt - ok
00:55:26.0374 3956 [ 5EFE7D4D48F0BE5A03EBE8CE4EA6EC4D ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
00:55:26.0389 3956 TuneUp.Defrag - ok
00:55:26.0467 3956 [ 72964C14A8ACC03374542D63CFAF0004 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
00:55:26.0530 3956 TuneUp.UtilitiesSvc - ok
00:55:26.0561 3956 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
00:55:26.0561 3956 TuneUpUtilitiesDrv - ok
00:55:26.0592 3956 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:55:26.0654 3956 tunnel - ok
00:55:26.0670 3956 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:55:26.0686 3956 uagp35 - ok
00:55:26.0748 3956 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:55:26.0810 3956 udfs - ok
00:55:26.0842 3956 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:55:26.0857 3956 UI0Detect - ok
00:55:26.0873 3956 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:55:26.0873 3956 uliagpkx - ok
00:55:26.0920 3956 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:55:26.0935 3956 umbus - ok
00:55:26.0951 3956 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:55:26.0951 3956 UmPass - ok
00:55:26.0966 3956 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:55:27.0013 3956 upnphost - ok
00:55:27.0013 3956 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:55:27.0076 3956 usbccgp - ok
00:55:27.0091 3956 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:55:27.0107 3956 usbcir - ok
00:55:27.0122 3956 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:55:27.0154 3956 usbehci - ok
00:55:27.0169 3956 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:55:27.0216 3956 usbhub - ok
00:55:27.0232 3956 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
00:55:27.0263 3956 usbohci - ok
00:55:27.0294 3956 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:55:27.0325 3956 usbprint - ok
00:55:27.0372 3956 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:55:27.0388 3956 usbscan - ok
00:55:27.0434 3956 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
00:55:27.0497 3956 USBSTOR - ok
00:55:27.0512 3956 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:55:27.0544 3956 usbuhci - ok
00:55:27.0575 3956 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:55:27.0622 3956 UxSms - ok
00:55:27.0684 3956 [ AB95B6CDCE7E56A522339478D0BEB681 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
00:55:27.0700 3956 UxTuneUp - ok
00:55:27.0715 3956 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:55:27.0715 3956 VaultSvc - ok
00:55:27.0762 3956 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:55:27.0762 3956 vdrvroot - ok
00:55:27.0809 3956 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:55:27.0871 3956 vds - ok
00:55:27.0902 3956 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:55:27.0918 3956 vga - ok
00:55:27.0949 3956 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:55:27.0996 3956 VgaSave - ok
00:55:28.0012 3956 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:55:28.0043 3956 vhdmp - ok
00:55:28.0105 3956 [ E3CA012150C5AA2F508CC0C2A9F0714C ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
00:55:28.0183 3956 VIAHdAudAddService - ok
00:55:28.0199 3956 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:55:28.0214 3956 viaide - ok
00:55:28.0324 3956 [ 8719BCFBAA239CCDAA3054973661F3E6 ] VMCService C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
00:55:28.0324 3956 VMCService ( UnsignedFile.Multi.Generic ) - warning
00:55:28.0324 3956 VMCService - detected UnsignedFile.Multi.Generic (1)
00:55:28.0339 3956 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:55:28.0355 3956 volmgr - ok
00:55:28.0386 3956 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:55:28.0417 3956 volmgrx - ok
00:55:28.0433 3956 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:55:28.0448 3956 volsnap - ok
00:55:28.0480 3956 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:55:28.0495 3956 vsmraid - ok
00:55:28.0542 3956 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:55:28.0620 3956 VSS - ok
00:55:28.0651 3956 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:55:28.0682 3956 vwifibus - ok
00:55:28.0714 3956 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:55:28.0760 3956 W32Time - ok
00:55:28.0776 3956 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:55:28.0807 3956 WacomPen - ok
00:55:28.0838 3956 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:55:28.0870 3956 WANARP - ok
00:55:28.0885 3956 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:55:28.0901 3956 Wanarpv6 - ok
00:55:28.0948 3956 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:55:29.0026 3956 wbengine - ok
00:55:29.0072 3956 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:55:29.0088 3956 WbioSrvc - ok
00:55:29.0135 3956 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:55:29.0150 3956 wcncsvc - ok
00:55:29.0166 3956 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:55:29.0197 3956 WcsPlugInService - ok
00:55:29.0213 3956 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:55:29.0228 3956 Wd - ok
00:55:29.0260 3956 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:55:29.0291 3956 Wdf01000 - ok
00:55:29.0306 3956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:55:29.0400 3956 WdiServiceHost - ok
00:55:29.0400 3956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:55:29.0416 3956 WdiSystemHost - ok
00:55:29.0462 3956 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:55:29.0509 3956 WebClient - ok
00:55:29.0540 3956 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:55:29.0587 3956 Wecsvc - ok
00:55:29.0618 3956 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:55:29.0650 3956 wercplsupport - ok
00:55:29.0665 3956 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:55:29.0712 3956 WerSvc - ok
00:55:29.0743 3956 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:55:29.0774 3956 WfpLwf - ok
00:55:29.0790 3956 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:55:29.0790 3956 WIMMount - ok
00:55:29.0806 3956 WinDefend - ok
00:55:29.0821 3956 WinHttpAutoProxySvc - ok
00:55:29.0884 3956 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:55:29.0930 3956 Winmgmt - ok
00:55:29.0993 3956 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:55:30.0071 3956 WinRM - ok
00:55:30.0133 3956 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:55:30.0180 3956 Wlansvc - ok
00:55:30.0211 3956 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:55:30.0242 3956 WmiAcpi - ok
00:55:30.0274 3956 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:55:30.0289 3956 wmiApSrv - ok
00:55:30.0305 3956 WMPNetworkSvc - ok
00:55:30.0320 3956 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:55:30.0336 3956 WPCSvc - ok
00:55:30.0367 3956 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:55:30.0383 3956 WPDBusEnum - ok
00:55:30.0398 3956 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:55:30.0445 3956 ws2ifsl - ok
00:55:30.0476 3956 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:55:30.0508 3956 wscsvc - ok
00:55:30.0523 3956 WSearch - ok
00:55:30.0586 3956 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:55:30.0648 3956 wuauserv - ok
00:55:30.0710 3956 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:55:30.0773 3956 WudfPf - ok
00:55:30.0804 3956 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:55:30.0851 3956 WUDFRd - ok
00:55:30.0882 3956 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:55:30.0898 3956 wudfsvc - ok
00:55:30.0929 3956 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:55:30.0960 3956 WwanSvc - ok
00:55:31.0022 3956 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
00:55:31.0038 3956 ZTEusbmdm6k - ok
00:55:31.0085 3956 [ 9E74E0D096F8023A68A262A012153182 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
00:55:31.0147 3956 ZTEusbnet - ok
00:55:31.0194 3956 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
00:55:31.0210 3956 ZTEusbnmea - ok
00:55:31.0225 3956 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
00:55:31.0241 3956 ZTEusbser6k - ok
00:55:31.0256 3956 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
00:55:31.0256 3956 ZTEusbvoice - ok
00:55:31.0272 3956 ================ Scan global ===============================
00:55:31.0350 3956 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:55:31.0381 3956 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:55:31.0397 3956 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:55:31.0428 3956 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:55:31.0444 3956 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:55:31.0459 3956 [Global] - ok
00:55:31.0459 3956 ================ Scan MBR ==================================
00:55:31.0459 3956 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:55:31.0662 3956 \Device\Harddisk0\DR0 - ok
00:55:31.0662 3956 ================ Scan VBR ==================================
00:55:31.0662 3956 [ 786313C5285591AF5E9ADDB4DA7B4F35 ] \Device\Harddisk0\DR0\Partition1
00:55:31.0662 3956 \Device\Harddisk0\DR0\Partition1 - ok
00:55:31.0693 3956 [ C6CB58210B5684BC1AE8C91E7C7DE7D1 ] \Device\Harddisk0\DR0\Partition2
00:55:31.0693 3956 \Device\Harddisk0\DR0\Partition2 - ok
00:55:31.0693 3956 ============================================================
00:55:31.0693 3956 Scan finished
00:55:31.0693 3956 ============================================================
00:55:31.0709 3600 Detected object count: 5
00:55:31.0709 3600 Actual detected object count: 5
00:56:19.0117 3600 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:19.0117 3600 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:19.0117 3600 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:19.0117 3600 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:19.0117 3600 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:19.0117 3600 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:19.0133 3600 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:19.0133 3600 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:56:19.0133 3600 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
00:56:19.0133 3600 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von Sinderella (30.12.2012 um 02:10 Uhr) |
|
02.01.2013, 20:59
| #4 | |
| /// Malware-holic | GVU-Trojaner fragte: Haste mal 100,- Euro? Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.01.2013, 22:13
| #5 |
| | GVU-Trojaner fragte: Haste mal 100,- Euro? Hallo Markus, vielen Dank für Deine erneute Antwort! Hier der ComboFix-Log: Code:
ATTFilter ComboFix 13-01-02.02 - *** 02.01.2013 21:27:04.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1791.776 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\TelevisionFanatic
c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
c:\users\***\AppData\Local\assembly\tmp
c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2kr7arke.default\extensions\64ffxtbr@TelevisionFanatic.com
c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2kr7arke.default\extensions\64ffxtbr@TelevisionFanatic.com\bootstrap.js
c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2kr7arke.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome.manifest
c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2kr7arke.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome\64ffxtbr.jar
c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2kr7arke.default\extensions\64ffxtbr@TelevisionFanatic.com\install.rdf
c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2kr7arke.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\manifest.mf
c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2kr7arke.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\zigbert.rsa
c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2kr7arke.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\zigbert.sf
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-02 bis 2013-01-02 ))))))))))))))))))))))))))))))
.
.
2013-01-02 20:34 . 2013-01-02 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-02 20:34 . 2013-01-02 20:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-12-30 01:37 . 2012-12-30 01:39 -------- d-----w- c:\program files\Trojaner Board
2012-12-29 14:59 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-29 14:59 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-29 14:59 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-29 14:59 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-29 05:58 . 2012-12-29 05:58 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-12-29 05:57 . 2012-12-29 05:57 -------- d-----w- c:\programdata\Malwarebytes
2012-12-29 05:57 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-29 05:56 . 2012-12-29 05:56 -------- d-----w- c:\users\***\AppData\Local\Programs
2012-12-20 06:48 . 2012-12-20 06:52 -------- d-----w- c:\program files\HNO- Radiologischer Befund
2012-12-17 04:43 . 2012-12-17 04:43 -------- d-----w- c:\users\***\AppData\Roaming\Avira
2012-12-17 04:37 . 2012-12-03 14:36 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-17 04:37 . 2012-12-03 14:36 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-17 04:37 . 2012-11-16 19:17 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-17 04:37 . 2012-12-17 04:37 -------- d-----w- c:\programdata\Avira
2012-12-15 11:44 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EAAB2803-16A0-4838-AC04-489C55EF15FC}\mpengine.dll
2012-12-13 04:52 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 04:52 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 04:51 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 04:48 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 04:48 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-08 19:41 . 2012-12-08 19:42 -------- d-----w- c:\program files\Mozilla Firefox
2012-12-03 21:11 . 2012-12-04 01:15 -------- d-----w- c:\program files (x86)\Ebay
2012-12-03 21:11 . 2012-12-03 21:11 -------- d-----w- c:\programdata\eBay
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-17 04:26 . 2012-03-29 01:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-17 04:26 . 2011-05-19 12:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 05:32 . 2010-05-21 19:52 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-01 11:32 . 2012-11-01 11:32 5993104 ----a-w- c:\program files\speedupmypc.exe
2012-10-16 08:38 . 2012-11-28 12:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 12:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 12:36 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 17:12 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 17:12 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:11 . 2012-10-09 18:11 49152 ----a-r- c:\windows\SysWow64\inetwh32.dll
2012-10-09 18:11 . 2012-10-09 18:11 1044480 ----a-r- c:\windows\SysWow64\roboex32.dll
2012-10-09 17:40 . 2012-11-15 17:12 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 17:12 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-04-16 11:52 . 2012-04-16 11:51 29851432 ----a-w- c:\program files\CPE_SCAN_DESTINATION_UPDATE_hpcom_001_003.exe
2012-12-08 19:41 . 2012-12-08 19:41 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\Apple\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"HDAudDeck"=c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
"hpqSRMon"=c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-08-18 11776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-08-18 135168]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-08-18 119680]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot 1.6.2\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-07-15 1403200]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2010-03-25 9216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1282560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-01 09:14]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 06:21]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 06:21]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.arcor.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2kr7arke.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.arcor.de
FF - ExtSQL: !HIDDEN! 2010-05-25 09:30; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malware- bytes Anti- malware\Malwarebytes' Anti-Malware\unins000.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-02 21:38:49
ComboFix-quarantined-files.txt 2013-01-02 20:38
.
Vor Suchlauf: 10 Verzeichnis(se), 388.668.141.568 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 394.274.476.032 Bytes frei
.
- - End Of File - - 40958D23772BD75FDAF0CA2ADBA2BEA7
Vielen Dank, Sinderella |
|
03.01.2013, 18:52
| #6 |
| /// Malware-holic | GVU-Trojaner fragte: Haste mal 100,- Euro? Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> GVU-Trojaner fragte: Haste mal 100,- Euro? |
|
04.01.2013, 06:43
| #7 |
| | GVU-Trojaner fragte: Haste mal 100,- Euro? Hi, also beim CCleaner gibt es den Cleaner, Registry, Extras und Einstellungen, das war's, Tools gibt es da nicht und ein Text lässt sich auch nirgendwo abspeichern. Desweiteren kann man auch weder benötigt noch unbenötigt hinter die Programme schreiben, hast Du das vielleicht mit irgendeiner anderen Software verwechselt? Einzelne Programme lassen sich lediglich löschen, so wie unter der Systemsteuerung auch, mehr nicht. Und ein Logfile wird leider auch nirgendwo erstellt bzw. abgespeichert.  |
|
04.01.2013, 15:01
| #8 |
| /// Malware-holic | GVU-Trojaner fragte: Haste mal 100,- Euro? Hi, bei extras.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 05:27
| #9 |
| | GVU-Trojaner fragte: Haste mal 100,- Euro? Hi Markus, meinst Du vielleicht das als CCleaner Logfile? Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 26.11.2012 3.5.0.600
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 21.09.2012 6,00MB 11.4.402.278
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 17.12.2012 6,00MB 11.5.502.135
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 26.10.2012 229MB 10.1.4
Amazon MP3-Downloader 1.0.15 Amazon Services LLC 13.08.2012 1.0.15
Apple Application Support Apple Inc. 22.06.2010 42,7MB 1.3.0
Apple Mobile Device Support Apple Inc. 22.06.2010 20,5MB 3.1.0.62
Apple Software Update Apple Inc. 22.06.2010 2,25MB 2.1.2.120
ATI Catalyst Install Manager ATI Technologies, Inc. 23.10.2010 22,3MB 3.0.786.0
Avira Free Antivirus Avira 17.12.2012 129MB 13.0.0.2890
Bonjour Apple Inc. 22.06.2010 1,74MB 2.0.2.0
Browser Configuration Utility DeviceVM Inc. 11.01.2011 3,14MB 1.0.10.0
CCleaner Piriform 19.12.2012 3.26
Chicken Invaders 2 v2.40 InterAction studios 30.01.2012
Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 InterAction studios 30.01.2012
ConvertHelper 2.2 DownloadHelper 16.02.2011
DivX-Setup DivX, LLC 25.07.2012 2.6.1.9
eDiagnose Vaillant Group Austria GmbH 26.11.2012 1.0.7
EPU-4 Engine 20.05.2010 1.00.33
Free Screen To Video V 2.0 Koyote Soft 30.03.2012 11,9MB 2.0.0.0
Free Solitaire 3D 3.6 11.08.2011
Free Video Dub version 1.7 DVDVideoSoft Limited. 01.07.2010 22,7MB
GIMP 2.6.8 16.11.2010
Glary Utilities 2.26.0.956 Glarysoft Ltd 01.07.2010 2.26.0.956
Google Earth Google 13.11.2011 92,7MB 6.1.0.5001
HP Customer Participation Program 13.0 HP 25.05.2010 13.0
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 HP 25.05.2010 13.0
HP Imaging Device Functions 13.0 HP 25.05.2010 13.0
HP Photosmart Essential 3.5 HP 25.05.2010 3.5
HP Print Diagnostic Utility Hewlett_Packard 25.05.2010 860KB 1.51.0000
HP Product Detection HP 16.04.2012 1,86MB 11.14.0001
HP Smart Web Printing 4.51 HP 25.05.2010 4.51
HP Solution Center 13.0 HP 25.05.2010 13.0
HP Update Hewlett-Packard 12.06.2012 3,98MB 5.003.001.001
Immoscout24 NewsFlash 27.07.2010
iTunes Apple Inc. 22.06.2010 161MB 9.2.0.61
Java 7 Update 9 Oracle 31.08.2012 128MB 7.0.90
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.06.2012 38,8MB 4.0.30320
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.06.2012 2,93MB 4.0.30320
Microsoft Silverlight Microsoft Corporation 19.05.2012 50,6MB 5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 29.09.2010 1,72MB 3.1.0000
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 29.09.2010 1,44MB 1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 22.05.2010 260KB 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 20.05.2010 708KB 8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 22.05.2011 580KB 8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 27.05.2010 212KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 22.05.2011 790KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 22.05.2011 598KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 26.05.2010 2,52MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 27.08.2010 786KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 24.08.2010 232KB 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 22.05.2010 596KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.10.2011 12,2MB 10.0.40219
Moorhuhn Remake 03.07.2012 1.00.0000
Mozilla Firefox 17.0.1 (x86 de) Mozilla 08.12.2012 228MB 17.0.1
Mozilla Maintenance Service Mozilla 01.12.2012 329KB 17.0.1
Mozilla Thunderbird 11.0 (x86 de) Mozilla 15.03.2012 53,4MB 11.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.05.2010 1,27MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.05.2010 1,33MB 4.20.9876.0
MyFreeCodec 02.06.2012
Nero 9 Lite Nero AG 26.05.2010
OpenOffice.org 3.4 OpenOffice.org 23.05.2012 346MB 3.4.9590
QuickTime Apple Inc. 22.06.2010 73,7MB 7.66.73.0
RealPlayer RealNetworks 28.05.2012 91,7MB 15.0.4
Realtek 8136 8168 8169 Ethernet Driver Realtek 11.01.2011 1.00.0005
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 20.05.2010 6.0.1.5880
Schrankplaner schrankplaner.de 14.03.2011 40,1MB 3.01.00
Shop for HP Supplies HP 25.05.2010 13.0
Spybot - Search & Destroy Safer Networking Limited 29.12.2012 1.6.2
Tunatic 04.08.2011
TuneUp Utilities TuneUp Software 14.11.2011 9.0.6010.8
Turbo Lister 2 eBay Inc. 03.12.2012 73,6MB 2.00.0000
Uninstall 1.0.0.1 01.07.2010 10,5MB
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 20.05.2010 2,61MB 1.34
VLC media player 2.0.4 VideoLAN 09.11.2012 2.0.4
Vodafone Mobile Connect Lite Vodafone 06.01.2011 34,1MB 9.4.9.22273
weblica - 2.5.1 empros gmbh 24.09.2011 2.5.1
weblica designer empros gmbh 22.04.2011 01.01.00.00
Windows Live Anmelde-Assistent Microsoft Corporation 29.09.2010 1,93MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 29.09.2010 14.0.8117.0416
Windows Live Sync Microsoft Corporation 29.09.2010 2,79MB 14.0.8117.416
Windows Live-Uploadtool Microsoft Corporation 29.09.2010 224KB 14.0.8014.1029
Sindy |
|
05.01.2013, 15:46
| #10 |
| /// Malware-holic | GVU-Trojaner fragte: Haste mal 100,- Euro? Hi wo sind die Beschriftungen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 06:00
| #11 |
| | GVU-Trojaner fragte: Haste mal 100,- Euro? Hi, was für Beschriftungen? |
|
06.01.2013, 17:35
| #12 |
| /// Malware-holic | GVU-Trojaner fragte: Haste mal 100,- Euro? hi Du solltest drann schreiben, ob die Programme nötig, unnötig oder unbekannt sind
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.01.2013, 14:07
| #13 |
| | GVU-Trojaner fragte: Haste mal 100,- Euro? Hi, alles klar, Text ergänzt: Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 26.11.2012 3.5.0.600 unbekannt
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 21.09.2012 6,00MB 11.4.402.278 benötigt
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 17.12.2012 6,00MB 11.5.502.135 benötigt
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 26.10.2012 229MB 10.1.4 benötigt
Amazon MP3-Downloader 1.0.15 Amazon Services LLC 13.08.2012 1.0.15 benötigt
Apple Application Support Apple Inc. 22.06.2010 42,7MB 1.3.0 unbekannt
Apple Mobile Device Support Apple Inc. 22.06.2010 20,5MB 3.1.0.62 unnötig
Apple Software Update Apple Inc. 22.06.2010 2,25MB 2.1.2.120 unnötig
ATI Catalyst Install Manager ATI Technologies, Inc. 23.10.2010 22,3MB 3.0.786.0 benötigt
Avira Free Antivirus Avira 17.12.2012 129MB 13.0.0.2890 benötigt
Bonjour Apple Inc. 22.06.2010 1,74MB 2.0.2.0 unnötig
Browser Configuration Utility DeviceVM Inc. 11.01.2011 3,14MB 1.0.10.0 unbekannt
CCleaner Piriform 19.12.2012 3.26 benötigt
Chicken Invaders 2 v2.40 InterAction studios 30.01.2012 benötigt
Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 InterAction studios 30.01.2012 benötigt
ConvertHelper 2.2 DownloadHelper 16.02.2011 benötigt
DivX-Setup DivX, LLC 25.07.2012 2.6.1.9 unnötig
eDiagnose Vaillant Group Austria GmbH 26.11.2012 1.0.7 unnötig
EPU-4 Engine 20.05.2010 1.00.33 unbekannt
Free Screen To Video V 2.0 Koyote Soft 30.03.2012 11,9MB 2.0.0.0 benötigt
Free Solitaire 3D 3.6 11.08.2011 unnötig
Free Video Dub version 1.7 DVDVideoSoft Limited. 01.07.2010 22,7MB unnötig
GIMP 2.6.8 16.11.2010 unnötig
Glary Utilities 2.26.0.956 Glarysoft Ltd 01.07.2010 2.26.0.956 unbekannt
Google Earth Google 13.11.2011 92,7MB 6.1.0.5001 benötigt
HP Customer Participation Program 13.0 HP 25.05.2010 13.0 benötigt
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 HP 25.05.2010 13.0 benötigt
HP Imaging Device Functions 13.0 HP 25.05.2010 13.0 benötigt
HP Photosmart Essential 3.5 HP 25.05.2010 3.5 benötigt
HP Print Diagnostic Utility Hewlett_Packard 25.05.2010 860KB 1.51.0000 benötigt
HP Product Detection HP 16.04.2012 1,86MB 11.14.0001 benötigt
HP Smart Web Printing 4.51 HP 25.05.2010 4.51 benötigt
HP Solution Center 13.0 HP 25.05.2010 13.0 benötigt
HP Update Hewlett-Packard 12.06.2012 3,98MB 5.003.001.001 benötigt
Immoscout24 NewsFlash 27.07.2010 benötigt
iTunes Apple Inc. 22.06.2010 161MB 9.2.0.61 unnötig
Java 7 Update 9 Oracle 31.08.2012 128MB 7.0.90 unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.06.2012 38,8MB 4.0.30320 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.06.2012 2,93MB 4.0.30320 unbekannt
Microsoft Silverlight Microsoft Corporation 19.05.2012 50,6MB 5.1.10411.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 29.09.2010 1,72MB 3.1.0000 unbekannt
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 29.09.2010 1,44MB 1.0.1215.0 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 22.05.2010 260KB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.61001 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 20.05.2010 708KB 8.0.61000 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 22.05.2011 580KB 8.0.51011 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 27.05.2010 212KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 22.05.2011 790KB 9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 22.05.2011 598KB 9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 26.05.2010 2,52MB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 27.08.2010 786KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 24.08.2010 232KB 9.0.21022.218 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 22.05.2010 596KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.10.2011 12,2MB 10.0.40219 unbekannt
Moorhuhn Remake 03.07.2012 1.00.0000 benötigt
Mozilla Firefox 17.0.1 (x86 de) Mozilla 08.12.2012 228MB 17.0.1 benötigt
Mozilla Maintenance Service Mozilla 01.12.2012 329KB 17.0.1 benötigt
Mozilla Thunderbird 11.0 (x86 de) Mozilla 15.03.2012 53,4MB 11.0 unnötig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.05.2010 1,27MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.05.2010 1,33MB 4.20.9876.0 unbekannt
MyFreeCodec 02.06.2012 unbekannt
Nero 9 Lite Nero AG 26.05.2010 benötigt
OpenOffice.org 3.4 OpenOffice.org 23.05.2012 346MB 3.4.9590 benötigt
QuickTime Apple Inc. 22.06.2010 73,7MB 7.66.73.0 benötigt
RealPlayer RealNetworks 28.05.2012 91,7MB 15.0.4 benötigt
Realtek 8136 8168 8169 Ethernet Driver Realtek 11.01.2011 1.00.0005 benötigt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 20.05.2010 6.0.1.5880 benötigt
Schrankplaner schrankplaner.de 14.03.2011 40,1MB 3.01.00 unnötig
Shop for HP Supplies HP 25.05.2010 13.0 unnötig
Spybot - Search & Destroy Safer Networking Limited 29.12.2012 1.6.2 benötigt
Tunatic 04.08.2011 benötigt
TuneUp Utilities TuneUp Software 14.11.2011 9.0.6010.8 benötigt
Turbo Lister 2 eBay Inc. 03.12.2012 73,6MB 2.00.0000 benötigt
Uninstall 1.0.0.1 01.07.2010 10,5MB unbekannt
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 20.05.2010 2,61MB 1.34 unbekannt
VLC media player 2.0.4 VideoLAN 09.11.2012 2.0.4 benötigt
Vodafone Mobile Connect Lite Vodafone 06.01.2011 34,1MB 9.4.9.22273 benötigt
weblica - 2.5.1 empros gmbh 24.09.2011 2.5.1 benötigt
weblica designer empros gmbh 22.04.2011 01.01.00.00 benötigt
Windows Live Anmelde-Assistent Microsoft Corporation 29.09.2010 1,93MB 5.000.818.5 unbekannt
Windows Live Essentials Microsoft Corporation 29.09.2010 14.0.8117.0416 unbekannt
Windows Live Sync Microsoft Corporation 29.09.2010 2,79MB 14.0.8117.416 unbekannt
Windows Live-Uploadtool Microsoft Corporation 29.09.2010 224KB 14.0.8014.1029 unbekannt
|
|
07.01.2013, 17:45
| #14 |
| /// Malware-holic | GVU-Trojaner fragte: Haste mal 100,- Euro? deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Bonjour Browser Configuration DivX eDiagnose Free Solitaire Free Video GIMP Glary iTunes Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren Mozilla Thunderbird : öffnen, hilfe, Update. deinstaliere: Schrankplaner Shop Spybot : kann weg, nicht mehr sehr nützlich TuneUp : verzichte auf solchen Unsinn, geschwindigkeit bringts meist nicht, und einige Funktionen können dem System schaden. Windows Live : alle von dir nicht verwendeten Öffne bitte CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 07:42
| #15 |
| | GVU-Trojaner fragte: Haste mal 100,- Euro? Hi Markus, hat alles super geklappt, nur zwei Dateien ließen sich nicht löschen: Windows Live Essentials gar nicht und bei TuneUp blieb ein Rest unter Program Data, wenn ich den löschen wollte hieß es immer, ich hätte angeblich keine Admin-Rechte, was natürlich Quatsch ist, da ich der einzige Benutzer bin! Und wo der Ordner mit dem neu heruntergeladenen Adobe FlashPlayer abgespeichert ist- keine Ahnung. Unter Programme, Programme (x86) und Program Data jedenfalls nicht, er erscheint aber in der Systemsteuerung mit eigenem Icon. Alles andere war soweit ganz easy, hier noch der AdwCleaner-Log: Code:
ATTFilter # AdwCleaner v2.104 - Datei am 08/01/2013 um 07:11:04 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - R2-D2
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2kr7arke.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [931 octets] - [08/01/2013 07:11:04]
AdwCleaner[S1].txt - [20729 octets] - [29/12/2012 15:37:41]
########## EOF - C:\AdwCleaner[R1].txt - [1051 octets] ##########
 , oder? |
|
| Themen zu GVU-Trojaner fragte: Haste mal 100,- Euro? |
| adobe, antivir, avg, avira, bandoo, bho, bonjour, bootstrap.js, browser, desktop, down, dsgsdgdsgdsgw.pad, entfernen, euro, fehler, firefox, flash player, format, helper, home, infizierte, install.exe, nodrives, plug-in, realtek, registry, richtlinie, runctf.lnk, rundll, safer networking, software, svchost.exe, system, udp, vlc-player |
Linear-Darstellung
