| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malewarebytes Anti-Malware und viele PUP.LoadTubesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.01.2013, 19:15
| #1 |
 |  Malewarebytes Anti-Malware und viele PUP.LoadTubes Guten Abend, Seit heute werde ich im Firefox immer zu einer laut avast trojanerverseuchten Website rederected. Bei einem Scan mit Malwarebytes habe ich PUP.LoadTubes gefunden. Noch habe ich nichts unternommen. Hier die Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.09.07 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Sebastian :: SEBASTIAN-PC [Administrator] 09.01.2013 16:34:19 MBAM-log-2013-01-09 (18-14-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 418590 Laufzeit: 1 Stunde(n), 23 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: îÍïßÏÈOˆ*˜rƒr -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Sebastian\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Keine Aktion durchgeführt. Infizierte Dateien: 20 C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\Programme\unsortiert\operapassview\OperaPassView.exe (PUP.OperaPasswordTool) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Sebastian\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) 3. OTL: Code:
ATTFilter OTL logfile created on: 09.01.2013 18:36:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,75 Gb Total Physical Memory | 3,33 Gb Available Physical Memory | 57,86% Memory free 11,69 Gb Paging File | 9,14 Gb Available in Paging File | 78,18% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 23,67 Gb Free Space | 24,24% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 324,92 Gb Free Space | 88,27% Space Free | Partition Type: NTFS Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.09 18:35:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe PRC - [2013.01.04 23:29:06 | 028,539,232 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.17 02:24:55 | 000,878,480 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.11.01 00:00:32 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\Sebastian\AppData\Roaming\Spotify\spotify.exe PRC - [2012.11.01 00:00:31 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.03 11:37:56 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012.08.03 11:08:00 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012.07.27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.07.27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.08 08:15:22 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2007.09.26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007.01.01 22:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Sebastian\AppData\Roaming\Google\Google Talk\googletalk.exe PRC - [2002.10.16 19:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files (x86)\Executive Software\DiskeeperLite\DKService.exe ========== Modules (No Company Name) ========== MOD - [2013.01.09 16:34:45 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2012.12.17 02:25:03 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012.12.17 02:25:02 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012.12.17 02:25:02 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012.12.17 02:25:02 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012.12.17 02:25:02 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012.12.17 02:25:02 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012.12.17 02:25:02 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012.12.17 02:25:02 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012.12.17 02:25:02 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012.12.17 02:25:01 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll MOD - [2012.12.17 02:25:01 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012.12.17 02:25:01 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012.11.01 00:00:31 | 020,220,376 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2012.09.13 16:26:16 | 000,014,336 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\Adobe\Acrobat\10.0\Cache\AcLang_Updater.DEU MOD - [2012.07.27 21:51:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ========== Services (SafeList) ========== SRV:64bit: - [2012.04.11 15:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011.04.20 03:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.04.19 21:18:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.04.07 14:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService) SRV - [2013.01.09 16:34:46 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.09 14:32:55 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.03 11:37:56 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.07.27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.14 15:01:26 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012.06.30 00:46:30 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.12.15 18:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011.09.08 08:15:22 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2011.06.13 18:36:48 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.06.03 12:54:00 | 000,188,416 | ---- | M] () [Auto | Stopped] -- C:\Programme\PhenomMsrTweaker\PhenomMsrTweakerService.exe -- (PhenomMsrTweaker) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 20:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.09.26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2002.10.16 19:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files (x86)\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:55 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.07.23 15:41:57 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2012.07.23 15:41:56 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2012.07.23 15:41:56 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2012.07.23 15:41:56 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2012.07.23 15:41:56 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid) DRV:64bit: - [2012.05.25 11:25:56 | 000,104,120 | ---- | M] (e2eSoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VCam_WDM.sys -- (VCam_WDM) DRV:64bit: - [2012.05.24 19:43:06 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.11 15:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 11:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.02.14 22:49:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2012.02.14 22:49:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.01.11 07:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2012.01.09 17:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF) DRV:64bit: - [2012.01.09 17:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (KL1) DRV:64bit: - [2012.01.09 17:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2) DRV:64bit: - [2011.12.15 18:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901) DRV:64bit: - [2011.09.08 07:42:38 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2011.07.07 17:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011.05.07 16:51:34 | 000,448,088 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.04.20 03:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.04.20 02:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.02.23 08:14:44 | 001,094,248 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rtl8192Ce.sys -- (RTL8192Ce) DRV:64bit: - [2011.02.22 13:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2010.07.15 13:23:48 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.06.09 16:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\nm3.sys -- (nm3) DRV:64bit: - [2010.04.22 23:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2010.03.06 00:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mvusbews.sys -- (mvusbews) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2007.02.19 06:56:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psadd.sys -- (psadd) DRV:64bit: - [2006.10.13 02:21:00 | 000,016,080 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVicPort64.sys -- (TVicPort64) DRV - [2012.07.14 15:01:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011.06.07 14:00:35 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1689 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{77F071A7-5B5D-47FB-A0ED-A9152FE16065}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ALSV5&o=1665&src=kw&q={searchTerms}&locale=&apn_ptnrs=AU&apn_dtid=YYYYYYYYDE&apn_uid=9c38d42c-00b2-453e-9962-e9c5cf9e6b39&apn_sauid=7A0730D4-DBF6-4764-8F0C-0DED0CC02002 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B3869b071-0fae-4c75-948a-60d9c56ea02b%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.12 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ALSV5&o=1665&locale=de_DE&apn_uid=9c38d42c-00b2-453e-9962-e9c5cf9e6b39&apn_ptnrs=AU&apn_sauid=7A0730D4-DBF6-4764-8F0C-0DED0CC02002&apn_dtid=YYYYYYYYDE&&q=" FF - prefs.js..network.proxy.socks_version: 0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\FabasoftPluginPU: C:\Users\Sebastian\AppData\Local\Fabasoft\x86\npfoliopluginpu32.dll (Fabasoft R&D GmbH) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.08.11 19:22:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.09.13 14:20:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.08.11 19:22:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.17 12:29:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.29 19:57:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 14:32:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox36Connector [2011.07.21 19:10:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{D5AA91D3-CA07-4379-B0F2-AEC652F5943F}: C:\Users\Sebastian\AppData\Local\Fabasoft\TB\ [2012.06.09 13:13:42 | 000,000,000 | ---D | M] [2012.04.08 17:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions [2011.06.06 19:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.09 15:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions [2012.04.16 06:22:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.04.04 01:24:58 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012.10.03 08:53:08 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.12.17 12:31:47 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions\fdm_ffext@freedownloadmanager.org [2013.01.09 15:01:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions\firefox@ghostery.com [2012.11.08 00:56:47 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions\ich@maltegoetz.de [2012.08.17 09:31:59 | 000,007,433 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\bqr6bhwq.default\extensions\{3869b071-0fae-4c75-948a-60d9c56ea02b}.xpi [2013.01.06 11:37:30 | 000,281,667 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\bqr6bhwq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.12.12 13:04:24 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\bqr6bhwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.08.14 13:29:57 | 000,010,343 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\bqr6bhwq.default\searchplugins\duckduckgo-http.xml [2012.10.29 19:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.17 12:29:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.14 12:24:18 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 08:53:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.04.23 14:31:36 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Sebastian\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [TPFanControl] C:\Program Files\TPFanControl\TPFanControl.exe (troubadix) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [googletalk] C:\Users\Sebastian\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled [2012.09.24 08:35:12 | 000,000,000 | -H-D | M] O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fabasoft.com ([folio] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: fabasoft.com ([folio] https in Vertrauenswürdige Sites) O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab (IASRunner Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0759BCB1-AC6D-4EAA-A4A2-A3044C06698C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62CCE4D8-02A3-4FC3-8381-2F82CD4C5D03}: DhcpNameServer = 141.20.1.3 141.20.2.3 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.09 18:35:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2013.01.09 16:42:19 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sebastian\Desktop\tdsskiller.exe [2013.01.09 16:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.09 16:19:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.09 16:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.09 14:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.01.09 00:35:57 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Neuer Ordner [2013.01.07 20:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FireArc Arcade [2012.12.22 15:24:41 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\ungeordnet [2012.12.15 14:19:21 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\Native Instruments [2012.12.15 14:17:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD} [2012.12.15 14:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments [2012.12.15 14:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins [2012.12.15 14:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments [2012.12.15 14:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign [2012.12.15 14:16:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} [2012.12.15 14:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments [2012.12.15 14:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [2012.12.15 14:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments [2012.12.12 20:43:34 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\MPEG Streamclip ========== Files - Modified Within 30 Days ========== [2013.01.09 18:35:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe [2013.01.09 18:34:04 | 000,000,170 | ---- | M] () -- C:\Users\Sebastian\defogger_reenable [2013.01.09 18:34:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.09 18:16:00 | 000,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 18:16:00 | 000,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 17:40:40 | 000,015,657 | ---- | M] () -- C:\Users\Sebastian\Desktop\HU Berlin Katalog - Vollanzeige.pdf [2013.01.09 17:39:12 | 000,001,034 | ---- | M] () -- C:\Users\Sebastian\Desktop\SAV5227682.sav [2013.01.09 16:42:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sebastian\Desktop\tdsskiller.exe [2013.01.09 16:22:53 | 001,474,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.09 16:22:53 | 000,639,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 16:22:53 | 000,604,764 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 16:22:53 | 000,131,218 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 16:22:53 | 000,108,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 16:20:52 | 000,000,955 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.09 16:20:04 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.09 16:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.09 16:15:54 | 1877,123,071 | -HS- | M] () -- C:\hiberfil.sys [2013.01.09 16:14:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.01.09 16:14:14 | 000,018,979 | ---- | M] () -- C:\Users\Sebastian\Desktop\Unbenannt 2.odt [2013.01.09 15:38:28 | 000,017,644 | ---- | M] () -- C:\Users\Sebastian\Desktop\cc_20130109_153739.reg [2013.01.08 23:05:44 | 000,510,363 | ---- | M] () -- C:\Users\Sebastian\Desktop\IMG_08012013_230517.png [2013.01.08 22:44:49 | 000,523,310 | ---- | M] () -- C:\Users\Sebastian\Desktop\IMG_08012013_224413.png [2013.01.08 21:30:26 | 000,002,459 | ---- | M] () -- C:\Users\Sebastian\Desktop\FireArc Arcade.lnk [2012.12.29 15:06:21 | 000,000,680 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\d3d9caps.dat [2012.12.15 14:17:13 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Massive.lnk [2012.12.15 14:16:16 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.01.09 18:34:04 | 000,000,170 | ---- | C] () -- C:\Users\Sebastian\defogger_reenable [2013.01.09 17:39:12 | 000,001,034 | ---- | C] () -- C:\Users\Sebastian\Desktop\SAV5227682.sav [2013.01.09 16:20:04 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.09 15:37:49 | 000,017,644 | ---- | C] () -- C:\Users\Sebastian\Desktop\cc_20130109_153739.reg [2013.01.09 00:55:42 | 000,018,979 | ---- | C] () -- C:\Users\Sebastian\Desktop\Unbenannt 2.odt [2013.01.08 23:05:28 | 000,510,363 | ---- | C] () -- C:\Users\Sebastian\Desktop\IMG_08012013_230517.png [2013.01.08 22:44:22 | 000,523,310 | ---- | C] () -- C:\Users\Sebastian\Desktop\IMG_08012013_224413.png [2013.01.08 20:47:10 | 000,057,081 | ---- | C] () -- C:\Users\Sebastian\Desktop\marshall-rosenberg-web.jpg [2013.01.08 20:47:01 | 000,090,291 | ---- | C] () -- C:\Users\Sebastian\Desktop\Nonviolent-Communication.jpg [2013.01.07 20:48:30 | 000,002,459 | ---- | C] () -- C:\Users\Sebastian\Desktop\FireArc Arcade.lnk [2013.01.07 20:48:30 | 000,001,940 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireArc Arcade.lnk [2013.01.03 22:48:24 | 000,053,597 | ---- | C] () -- C:\Users\Sebastian\Desktop\6233740.htm [2012.12.15 14:17:13 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Massive.lnk [2012.12.15 14:16:16 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk [2012.11.18 15:07:49 | 000,151,511 | ---- | C] () -- C:\Users\Sebastian\Flash.pdf [2012.11.09 14:35:50 | 000,000,104 | ---- | C] () -- C:\Users\Sebastian\Computer - Verknüpfung.lnk [2012.10.10 21:11:17 | 000,055,139 | ---- | C] () -- C:\Users\Sebastian\meow.jpg [2012.10.10 21:09:19 | 000,054,400 | ---- | C] () -- C:\Users\Sebastian\Unbenannt.jpg [2012.09.18 23:34:53 | 000,002,683 | ---- | C] () -- C:\Users\Sebastian\Plugin Compendium.lnk [2012.08.10 15:30:09 | 000,013,688 | ---- | C] () -- C:\Users\Sebastian\OpenDocument Text (neu).odt [2012.08.07 17:32:44 | 000,185,616 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar39.dll [2012.08.07 17:32:44 | 000,169,744 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2012.08.07 17:32:44 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.08.07 17:32:44 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2012.08.07 17:32:44 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.07.02 22:38:09 | 000,678,682 | ---- | C] () -- C:\Windows\unins000.exe [2012.07.02 22:38:09 | 000,000,761 | ---- | C] () -- C:\Windows\unins000.dat [2012.06.25 14:46:27 | 000,011,252 | ---- | C] () -- C:\Users\Sebastian\gsview32.ini [2012.06.17 18:10:27 | 000,000,097 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\fusioncache.dat [2012.06.17 18:09:02 | 001,502,974 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.26 21:41:46 | 009,065,984 | ---- | C] () -- C:\Users\Sebastian\Daily Meditation.mp3 [2012.04.12 17:09:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.04.12 17:09:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.04.12 17:07:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.04.06 18:11:26 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\sx32w.dll [2011.07.08 21:02:03 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.07.08 21:02:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.07.08 21:01:54 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.07.08 11:03:37 | 000,326,077 | ---- | C] () -- C:\Users\Sebastian\The Ethical Slut - A Practical Guide to Polyamory, Open Relationships & Other Adventures -- Dossie Easton and Janet W Hardy.pdf [2011.06.25 17:35:40 | 000,000,680 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\d3d9caps.dat [2011.06.07 03:49:12 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2011.06.06 19:19:04 | 000,015,872 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.06 18:08:16 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.06.06 16:48:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.05 21:29:49 | 000,000,732 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\d3d9caps64.dat [2011.06.05 21:09:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011.04.19 21:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.10 23:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.12 23:14:53 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\.gephi [2012.06.11 23:36:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Auslogics [2012.08.11 19:22:37 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\CheckPoint [2012.08.14 12:24:50 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\convert [2011.07.21 19:10:00 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Copernic [2012.08.14 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DAEMON Tools Lite [2011.06.07 14:58:57 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Device Doctor [2013.01.09 16:20:58 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Dropbox [2012.12.04 03:03:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DVDVideoSoft [2012.12.04 03:03:18 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.06 22:33:50 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\e-academy Inc [2012.08.03 12:40:36 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\F4 [2012.08.02 16:07:43 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FavMan20 [2012.01.27 13:47:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Foxit Software [2012.08.14 01:12:35 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Free Download Manager [2012.04.11 22:38:10 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FreeFileSync [2012.04.03 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GetRightToGo [2012.08.05 19:32:03 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\IrfanView [2012.03.29 11:53:52 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\JGoodies [2012.03.16 13:58:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Juniper Networks [2012.04.18 09:39:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\LibreOffice [2012.08.14 12:24:53 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\loadtbs [2012.04.09 15:52:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\LucasArts [2012.05.29 20:39:59 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\MAGIX [2012.09.12 01:33:56 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ManyCam [2012.12.12 20:43:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\MPEG Streamclip [2012.05.17 22:25:57 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\MyPhoneExplorer [2011.06.21 23:51:54 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\OpenOffice.org [2011.06.06 17:06:11 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Opera [2012.05.26 11:19:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PreSonus [2012.08.03 16:30:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PwrMgr [2012.04.04 02:01:52 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ScummVM [2012.08.14 12:31:56 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Similarity [2012.08.07 17:34:23 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Simply Super Software [2013.01.09 16:24:09 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Spotify [2012.08.14 12:39:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Sync App Settings [2012.01.25 21:12:57 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Teeworlds [2011.06.06 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Thunderbird [2012.02.08 23:57:02 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Tropico 4 Demo [2013.01.09 15:06:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TS3Client [2012.07.28 02:01:32 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\uTorrent [2012.08.11 18:47:28 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Wireshark [2012.04.12 09:33:50 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\YCanPDF ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.01.2013 18:36:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,75 Gb Total Physical Memory | 3,33 Gb Available Physical Memory | 57,86% Memory free
11,69 Gb Paging File | 9,14 Gb Available in Paging File | 78,18% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 23,67 Gb Free Space | 24,24% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 324,92 Gb Free Space | 88,27% Space Free | Partition Type: NTFS
Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BC F7 6F EC CF 18 CD 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3966236372-221226917-646769028-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A9C59DB-53DC-4660-9197-BD4AAB038FAD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{33EF9EBD-D190-420F-AB12-EB40715B98C5}" = rport=138 | protocol=17 | dir=out | app=system |
"{3827A279-B111-4D33-9615-6A9E9F3B3EDF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{38DFDD6B-EF82-4B95-8290-E769E17BA2DF}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C211552-A8BA-4D3D-8B91-DD2E949F40AC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{512B7F86-4D3B-4B75-AC84-C723543922FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62A6A85F-A78C-4292-8E3C-0A5B3A540B5B}" = rport=445 | protocol=6 | dir=out | app=system |
"{635A5BB7-2AED-4D5D-816E-5549C533B8B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6643D311-4798-47A6-866E-84E9F2238B2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A9975BF-1CC6-45CC-8DAD-175F71913904}" = rport=137 | protocol=17 | dir=out | app=system |
"{6EF5631C-4774-4B6F-BA16-E1E65A316319}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A2F88E2-602A-47DA-837E-B2880DCD35D1}" = rport=139 | protocol=6 | dir=out | app=system |
"{951C11C3-8C11-4CDD-B5E5-C9193A27B39D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C6B6D46-F239-4603-81AE-D62AFC36A25B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FE6C09E-2D8A-4787-BCDE-4C113C531C39}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1D45A77-6FFE-43E6-8C88-D66FAB42B903}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A9AB8D77-3E5A-4921-91E6-FF4D28E3A58E}" = lport=139 | protocol=6 | dir=in | app=system |
"{D4E5E95D-D39B-411E-98D3-80F2868320F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9AC2E50-7ABF-4AB4-A237-875671C5E77A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E12C4B3B-F49C-474A-A477-A75B2293236F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDA70C0F-7D46-4164-9728-54A3C5D5DBAB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0372BFA-B2EC-467A-8844-7B208300A66B}" = lport=445 | protocol=6 | dir=in | app=system |
"{F1B7B57E-DFBC-4E5F-B2F8-0132DF9598C5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F604BF26-1617-44DB-BF3C-F331E2E0B4BD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8F753BC-D57B-412A-A10F-440D907F11DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9936BE5-AD23-490C-98E2-34465DC8AA21}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAE5E16F-1332-49C4-AFFD-0C890886DE70}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B498A2-81CB-41BC-8B19-172F246F3599}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0D02D8C0-C85D-4103-B9AE-A2E3EE9A8D91}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0FB6C5AB-655E-495E-93BE-3A86B058594D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11F6362D-5C31-48DE-8821-8968EB2B95C1}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{1C438B70-84B1-4DDA-99C9-003D85CA8BFF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F6A1503-6463-4A88-AF56-1E96D5ADF652}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21C3271F-BEDC-4617-A90C-CF0F3016AFA7}" = protocol=6 | dir=out | app=system |
"{26B8A4F4-57AF-4E96-8D4D-19E6AFA79194}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3168A4F6-C902-4CAB-89DE-14E6A5B2B6EE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{342CE0EE-F846-404C-81D9-ADC05423ADE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{34DE8CF6-1415-4438-AEDB-65E611C1F438}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{3BBC0C04-F6F6-4884-83C7-CB593017D294}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{44E33238-8569-41A3-B1C9-01A7B0133EAC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48C72FDA-EBF3-4A44-B3C3-5AF8BE9B4438}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |
"{4C8655C6-815D-4139-8D1B-E2321D3D1DF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{51C4481A-C960-4808-B81F-7CF42143528F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5522E9FA-2CD9-43D2-A9BC-400AD24172EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57E75B3B-F0F4-47E9-9F77-AF13ACC3CE81}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BFD8A2D-403E-4146-979B-F045DFF17488}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{64E2928D-862F-4265-971C-02CF241B4A93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{693A82A9-5104-4E56-8CD5-2BAA92B40CD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7753D0B9-ECC6-406B-A6FA-2B0DD27CC235}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7ECCA171-0EF5-41C3-9E9D-2B6E177441D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{861AC3FF-4C0C-49B6-8B2A-52FEE47C8A9E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88AAB40E-3625-435A-8F29-1DC3B5C8DB0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8AFA6C24-8572-4569-930F-2DF6C66204E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{976C3D4D-421F-4979-8BF5-5CCD51A9F234}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9AAF9034-BAD9-46FD-AEC3-9600CF22296D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9B8800B4-02B4-42FF-BD8F-98064508F3D5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A6D3A26F-FCDB-41E3-A3CB-8C41221A51C4}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{AA48C053-EE81-4C41-BDB7-D6211B89AF07}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C0AC6B09-3254-4A83-A69B-EA45B5C4F8DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C88AC2A2-73AE-4CDB-A85A-EFB9687E0023}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8B610A5-3345-4F6C-BBFF-42BE665B48A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C92F34B8-265A-46A9-B97A-4FC5B24E54CE}" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"{CC041DCB-1CE8-4489-A8FC-5EEC863519ED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CED13F9B-4F98-49BE-9800-1BA8A1D2F253}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E22BFA1C-8AC7-4F59-AB44-1548E0C78B77}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E57F8EC3-DC27-4B94-A254-E30DD25A9D36}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |
"{EEAB2C8D-BC3D-4522-BF29-6AD123CED4B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EF58FA4D-9102-4FB4-AE47-F75D11F5E44E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF7C9810-DFC0-40D8-B899-21606385B81E}" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"{F026ABBC-4ADD-4153-8420-BA48BE85789B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FE3AE19F-615F-43AF-9F74-EB8BB40E20E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{00F0B356-B0D4-48A6-8C8B-07136DC43ED0}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{15918EAD-0761-4EBF-A6BC-AEACB8CC16BF}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{1D6F5284-19E6-4423-979D-77D682C7D6B4}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{4946F3CC-E289-4B6E-8C7A-9B9D783D6633}C:\users\sebastian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{622B3358-B90D-44D6-BE01-951AC818925B}D:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"TCP Query User{927E4984-DC56-47D1-A02C-81CB27BA4D90}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{92C259A7-460B-454C-8147-153113034C47}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{B1043A8E-6D6A-4701-8BF9-5717DE3E3130}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B9023FF0-0707-43C6-8012-D1BE86264C89}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{DB8F78BE-E1FB-4B9E-A98F-4358949EFE18}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{04B3ACA9-10C1-4C5D-A216-C74B3CA0770F}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{0ABFA5D1-4E89-4A47-81A9-2ADD83A30672}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{29685803-5973-4C3B-A187-F74C0F741028}C:\users\sebastian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{37611D40-09FF-4055-A113-4835B5AA5086}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{4F455EDF-849E-4525-8D8C-507BF479AA30}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{B1A431BB-B35C-4770-90EE-1C6D09DB62F3}C:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{CBDD3174-D926-4337-A1BF-EA2889AA03CC}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{D8EEB222-E8C1-4A41-9129-5D732890D861}D:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{D9BACF6A-F07D-4B74-9D4F-C118692B34DB}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{F85359DC-0BA3-4361-B53A-4CD88F9A5F1B}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F870E-BCF6-F19F-A154-B3488407F467}" = ccc-utility64
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2CD600E3-55E9-47B3-9611-6FE0ECC04BF9}" = PhenomMsrTweaker
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C30F9EF-5032-925C-1905-D87E8472EB85}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1" = TPFanControl v0.62
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A97CD0A7-2DF5-EDA0-4FF7-A3BF6CAE771B}" = AMD Fuel
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.20
"D3A1A6FCCCB0A9522D676C627C62D37496EAF759" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000)
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"DriverAgent.exe" = DriverAgent by eSupport.com
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"ImagePrinter Pro 4.0_is1" = ImagePrinter Pro 4.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NetworkView_is1" = NetworkView Version 3.62
"Power Management Driver" = Lenovo Power Management Driver
"PreSonus Studio One 2" = PreSonus Studio One 2 x64
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{334799B1-527F-475B-AF19-658124E2BE24}" = ZoneAlarm Security
"{3A8E7BF5-AD8E-4E03-84B8-BF9603888A96}" = Fabasoft Folio Cloud Plug-in
"{3BF7818D-2482-4676-A237-915A11A97847}" = LOTRO Plugin Compendium
"{3E5ACB3F-1094-4430-84E9-4652A0375F47}" = Similarity 1.7.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51722911-C391-4118-97BF-B50100D2AB15}_is1" = Gephi 0.8.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5AFBC2F3-D3F5-660A-A2AD-CAD3E8EDA1D7}" = CCC Help English
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63953BA4-7F92-98F7-B99D-FEB4B7BF6905}" = Catalyst Control Center Localization All
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{704814ED-1E1F-4D54-B971-FB065CFF46A1}" = FireArc Arcade
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7753A3B2-E858-F0B3-3DD9-C027B16CBB81}" = Catalyst Control Center InstallProxy
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F3559-6776-4F67-B46E-5F973B901234}" = ZoneAlarm Antivirus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AD799836-6B74-419B-A869-C326CA86ECCF}" = ZoneAlarm Firewall
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B81EB1DB-8F56-4852-BCEB-B598DF3F63E6}_is1" = Mustrum 2.1.2
"{BA495217-1475-47A8-AB83-B7DC2A59B49E}" = DPM Player
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DBFCC4AF-2E17-4E9D-B69E-DBB958AA1F03}" = Samplitude Silver – SoundCloud Edition
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2616F7B-9E5B-7B21-EDB0-5659A5A4DDA1}" = Catalyst Control Center Graphics Previews Common
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09FB343-2806-4F48-846D-705352D30334}" = Diskeeper Lite
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FEF90494-3911-A844-2622-545BD4008231}" = AMD VISION Engine Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.03.05.8039
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Allway Sync_is1" = Allway Sync version 12.2.1
"Anti-Twin 2012-08-14 13.28.38" = Anti-Twin (Installation 14.08.2012)
"avast" = avast! Free Antivirus
"Avira NTFS4DOS" = Avira NTFS4DOS 1.9
"bgbennyboyGrimReplacementSetup_is1" = Grim Fandango
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"DAEMON Tools Lite" = DAEMON Tools Lite
"Device Doctor_is1" = Device Doctor v1.0
"DMPCTRL_is1" = DPMCtrl.dll 2009.3
"DriverTools" = DriverTools 1.0
"DSS2Wave_is1" = DSS to Wave Converter 2011.1
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EzLog" = EzLog
"f42012" = f4 2012
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Download Manager_is1" = Free Download Manager 3.9
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"FreeFileSync" = FreeFileSync v5.2
"GadgetPack" = GadgetPack (remove only)
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HijackThis" = HijackThis 2.0.2
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 3.10.00.00
"ImagePrinter" = ImagePrinter 2.0.1
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDiskReport 1.4.0" = JDiskReport 1.4.0
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.0
"LinuxLive USB Creator" = LinuxLive USB Creator
"loadtbs-3.0" = loadtbs-3.0
"MAGIX_MSI_sam11silver_SoundCloud" = Samplitude Silver – SoundCloud Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManyCam" = ManyCam 3.0.80 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MixPad" = MixPad
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"nLite_is1" = nLite 1.4.9.1
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.2.2
"Opera 12.11.1661" = Opera 12.11
"Philips DPM Player Hot Fix_is1" = Philips DPM Player Hot Fix
"RMPrepUSB" = RMPrepUSB
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Spotify" = Spotify
"Superior Search Home_is1" = Superior Search Home 5.0
"Switch" = Switch Sound File Converter
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Thoosje Sevenbar" = Thoosje Sevenbar
"Trojan Remover_is1" = Trojan Remover 6.8.4
"Ultra Image Printer_is1" = Ultra Image Printer 2.0
"Ultravnc2_is1" = UltraVNC 1.0.9.1
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WebSpider2" = Xaldon WebSpider2
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.1 (64-bit)
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Auslogics Toolbar Updater
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Spotify" = Spotify
"WinDirStat" = WinDirStat 1.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.12.2012 11:07:44 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.12.2012 16:57:50 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.12.2012 04:53:39 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.12.2012 13:49:56 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.12.2012 14:28:54 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.12.2012 08:03:40 | Computer Name = Sebastian-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: d70 Anfangszeit: 01cdd7da99fab4a2 Zeitpunkt der
Beendigung: 87
Error - 21.12.2012 18:01:05 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung lotroclient.exe, Version 900.50.7886.8022, Zeitstempel
0x50c7cad2, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.18449, Zeitstempel
0x4da47a32, Ausnahmecode 0x00ffffff, Fehleroffset 0x0001c83b, Prozess-ID 0x2b20,
Anwendungsstartzeit 01cddfb8894f42f0.
Error - 21.12.2012 21:14:15 | Computer Name = Sebastian-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 2258 Anfangszeit: 01cddfe195d05310 Zeitpunkt der
Beendigung: 31
Error - 29.12.2012 07:06:35 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.01.2013 11:17:17 | Computer Name = Sebastian-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 14.12.2012 08:06:21 | Computer Name = Sebastian-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 141.20.203.198 registriert werden. Der Computer mit IP-Adresse 141.20.203.31
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.12.2012 08:15:13 | Computer Name = Sebastian-PC | Source = bowser | ID = 8003
Description =
Error - 21.12.2012 05:15:11 | Computer Name = Sebastian-PC | Source = bowser | ID = 8003
Description =
Error - 21.12.2012 05:15:46 | Computer Name = Sebastian-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 141.20.194.229 registriert werden. Der Computer mit IP-Adresse 141.20.195.152
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 21.12.2012 05:16:12 | Computer Name = Sebastian-PC | Source = bowser | ID = 8003
Description =
Error - 21.12.2012 05:25:36 | Computer Name = Sebastian-PC | Source = bowser | ID = 8003
Description =
Error - 22.12.2012 19:09:22 | Computer Name = Sebastian-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.41 für die Netzwerkkarte mit der Netzwerkadresse
889FFAFA2A05 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 29.12.2012 07:05:01 | Computer Name = Sebastian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.12.2012 um 06:01:19 unerwartet heruntergefahren.
Error - 29.12.2012 07:05:11 | Computer Name = Sebastian-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.41 für die Netzwerkkarte mit der Netzwerkadresse
889FFAFA2A05 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 09.01.2013 11:14:30 | Computer Name = Sebastian-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter # AdwCleaner v2.105 - Datei am 09/01/2013 um 19:28:15 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Sebastian - SEBASTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sebastian\AppData\Local\Opera\Opera\temporary_downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\Sebastian\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Sebastian\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Sebastian\AppData\Roaming\loadtbs
Ordner Gefunden : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\bqr6bhwq.default\Smartbar
Ordner Gefunden : C:\Users\Sebastian\Desktop\Software
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16448
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=1689
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\bqr6bhwq.default\prefs.js
Gefunden : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Gefunden : user_pref("CT2319825.1000234.TWC_TMP_city", "BERLIN");
Gefunden : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Gefunden : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2319825.FirstTime", "true");
Gefunden : user_pref("CT2319825.FirstTimeFF3", "true");
Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gefunden : user_pref("CT2319825.UserID", "UN31948728478789015");
Gefunden : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2319825.autoDisableScopes", 10);
Gefunden : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2319825.defaultSearch", "true");
Gefunden : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2319825.enableAlerts", "always");
Gefunden : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Gefunden : user_pref("CT2319825.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2319825.fixPageNotFoundError", "false");
Gefunden : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2319825.fixUrls", true);
Gefunden : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Gefunden : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Gefunden : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2319825.isNewTabEnabled", false);
Gefunden : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2319825.keyword", false);
Gefunden : user_pref("CT2319825.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Gefunden : user_pref("CT2319825.openThankYouPage", "false");
Gefunden : user_pref("CT2319825.openUninstallPage", "true");
Gefunden : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Gefunden : user_pref("CT2319825.search.searchCount", "0");
Gefunden : user_pref("CT2319825.searchInNewTabEnabled", "false");
Gefunden : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2319825.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Gefunden : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2319825.sendUsageEnabled", "false");
Gefunden : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344945709131");
Gefunden : user_pref("CT2319825.serviceLayer_services_appTracking_lastUpdate", "1344945712472");
Gefunden : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1344945708948");
Gefunden : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344945711572");
Gefunden : user_pref("CT2319825.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344945711968");
Gefunden : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344945709977");
Gefunden : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1344945708842");
Gefunden : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1344945707944");
Gefunden : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344945711630");
Gefunden : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1344945708234");
Gefunden : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1344945708931");
Gefunden : user_pref("CT2319825.settingsINI", true);
Gefunden : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Gefunden : user_pref("CT2319825.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2319825.smartbar.homepage", true);
Gefunden : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Gefunden : user_pref("CT2319825.toolbarBornServerTime", "14-8-2012");
Gefunden : user_pref("CT2319825.toolbarCurrentServerTime", "14-8-2012");
Gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=1[...]
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "");
Gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gefunden : user_pref("extensions.asktb.apn_dbr", "ff_15.0.1");
Gefunden : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Gefunden : user_pref("extensions.asktb.cbid", "AU");
Gefunden : user_pref("extensions.asktb.config-updated", false);
Gefunden : user_pref("extensions.asktb.crumb", "2012.09.17+12.48.50-toolbar003iad-DE-QmVybGluLEdlcm1hbnk%3D");
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gefunden : user_pref("extensions.asktb.displaybehavior", "");
Gefunden : user_pref("extensions.asktb.displaytext", "");
Gefunden : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gefunden : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Gefunden : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007");
Gefunden : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gefunden : user_pref("extensions.asktb.first-launch-url", "hxxp://www.facebook.com/m***.s***");
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "9c38d42c-00b2-453e-9962-e9c5cf9e6b39");
Gefunden : user_pref("extensions.asktb.hpr", "YES");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "first");
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1347914191530");
Gefunden : user_pref("extensions.asktb.locale", "de_DE");
Gefunden : user_pref("extensions.asktb.location", "Berlin,Germany");
Gefunden : user_pref("extensions.asktb.lstation", "");
Gefunden : user_pref("extensions.asktb.news-native-on", true);
Gefunden : user_pref("extensions.asktb.nthp", "YES");
Gefunden : user_pref("extensions.asktb.nthp_prev", "1");
Gefunden : user_pref("extensions.asktb.o", "1665");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.pstate", "");
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "2");
Gefunden : user_pref("extensions.asktb.sa", "YES");
Gefunden : user_pref("extensions.asktb.saguid", "7A0730D4-DBF6-4764-8F0C-0DED0CC02002");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gefunden : user_pref("extensions.asktb.socialmini-first", true);
Gefunden : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gefunden : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gefunden : user_pref("extensions.asktb.socialmini-max-items", "30");
Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Gefunden : user_pref("extensions.asktb.socialmini-speed", "10000");
Gefunden : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.timeinstalled", "17.09.2012 21:51:09");
Gefunden : user_pref("extensions.asktb.to", "");
Gefunden : user_pref("extensions.asktb.v", "3.15.4.100013");
Gefunden : user_pref("extensions.asktb.version", "5.15.4.23821");
Gefunden : user_pref("extensions.asktb.volume", "");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ALSV5&o=1665&locale=[...]
-\\ Opera v12.11.1661.0
Datei : C:\Users\Sebastian\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1769 octets] - [23/07/2012 16:08:07]
AdwCleaner[R2].txt - [1829 octets] - [23/07/2012 16:10:29]
AdwCleaner[R3].txt - [14718 octets] - [09/01/2013 19:28:15]
AdwCleaner[S1].txt - [1811 octets] - [23/07/2012 16:10:40]
########## EOF - C:\AdwCleaner[R3].txt - [14839 octets] ##########
Geändert von cosinus (29.01.2013 um 21:19 Uhr) Grund: So besser? |
|
09.01.2013, 19:20
| #2 |
| /// Malware-holic   | Malewarebytes Anti-Malware und viele PUP.LoadTubes hi
__________________welche Meldung genau? hast du den TDSS killer ausgeführt? öffne c:\tdss-killer-version.txt man sollte von solchen speziellen Tools eher die finger lassen.
__________________ |
|
09.01.2013, 19:37
| #3 |
| | Malewarebytes Anti-Malware und viele PUP.LoadTubes Danke für die schnelle Antwort.
__________________Mit dem AdwCleaner hab ich lediglich eine Suche durchgeführt und würde eine Bereinigung gerne vollziehen. Mit dem TDSS Killer habe ich noch nicht gearbeitet. Die Anregung zur Nutzung des AdwCleaners in dem Fall hab ich durch die Recherche im Forum zu meinem speziellen Befall bekommen. Der TDSS Killer hat nicht besonderes gefunden. Code:
ATTFilter 19:38:58.0787 4408 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:38:59.0151 4408 ============================================================
19:38:59.0151 4408 Current date / time: 2013/01/09 19:38:59.0151
19:38:59.0151 4408 SystemInfo:
19:38:59.0151 4408
19:38:59.0152 4408 OS Version: 6.0.6002 ServicePack: 2.0
19:38:59.0152 4408 Product type: Workstation
19:38:59.0152 4408 ComputerName: SEBASTIAN-PC
19:38:59.0153 4408 UserName: Sebastian
19:38:59.0154 4408 Windows directory: C:\Windows
19:38:59.0154 4408 System windows directory: C:\Windows
19:38:59.0154 4408 Running under WOW64
19:38:59.0154 4408 Processor architecture: Intel x64
19:38:59.0154 4408 Number of processors: 2
19:38:59.0154 4408 Page size: 0x1000
19:38:59.0154 4408 Boot type: Normal boot
19:38:59.0154 4408 ============================================================
19:39:00.0574 4408 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:00.0597 4408 ============================================================
19:39:00.0597 4408 \Device\Harddisk0\DR0:
19:39:00.0597 4408 MBR partitions:
19:39:00.0597 4408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
19:39:00.0597 4408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000
19:39:00.0597 4408 ============================================================
19:39:00.0615 4408 C: <-> \Device\Harddisk0\DR0\Partition1
19:39:00.0648 4408 D: <-> \Device\Harddisk0\DR0\Partition2
19:39:00.0649 4408 ============================================================
19:39:00.0649 4408 Initialize success
19:39:00.0649 4408 ============================================================
19:39:14.0840 4388 ============================================================
19:39:14.0840 4388 Scan started
19:39:14.0840 4388 Mode: Manual; SigCheck; TDLFS;
19:39:14.0840 4388 ============================================================
19:39:16.0397 4388 ================ Scan system memory ========================
19:39:16.0397 4388 System memory - ok
19:39:16.0398 4388 ================ Scan services =============================
19:39:16.0553 4388 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:39:16.0803 4388 ACPI - ok
19:39:16.0931 4388 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:16.0952 4388 AdobeARMservice - ok
19:39:17.0069 4388 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:39:17.0095 4388 AdobeFlashPlayerUpdateSvc - ok
19:39:17.0148 4388 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:39:17.0191 4388 adp94xx - ok
19:39:17.0217 4388 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:39:17.0254 4388 adpahci - ok
19:39:17.0274 4388 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:39:17.0303 4388 adpu160m - ok
19:39:17.0322 4388 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:39:17.0356 4388 adpu320 - ok
19:39:17.0403 4388 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:39:17.0552 4388 AeLookupSvc - ok
19:39:17.0603 4388 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
19:39:17.0705 4388 AFD - ok
19:39:17.0743 4388 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:39:17.0793 4388 agp440 - ok
19:39:17.0827 4388 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:39:17.0876 4388 aic78xx - ok
19:39:17.0910 4388 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
19:39:18.0064 4388 ALG - ok
19:39:18.0094 4388 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
19:39:18.0125 4388 aliide - ok
19:39:18.0210 4388 ALSysIO - ok
19:39:18.0237 4388 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:39:18.0311 4388 AMD External Events Utility - ok
19:39:18.0370 4388 AMD FUEL Service - ok
19:39:18.0393 4388 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
19:39:18.0413 4388 amdide - ok
19:39:18.0447 4388 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:39:18.0479 4388 amdiox64 - ok
19:39:18.0498 4388 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:39:18.0563 4388 AmdK8 - ok
19:39:18.0749 4388 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:19.0963 4388 amdkmdag - ok
19:39:20.0006 4388 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:39:20.0063 4388 amdkmdap - ok
19:39:20.0088 4388 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
19:39:20.0140 4388 Appinfo - ok
19:39:20.0211 4388 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:39:20.0238 4388 Apple Mobile Device - ok
19:39:20.0262 4388 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
19:39:20.0294 4388 arc - ok
19:39:20.0332 4388 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:39:20.0364 4388 arcsas - ok
19:39:20.0399 4388 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:39:20.0423 4388 aswFsBlk - ok
19:39:20.0457 4388 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:39:20.0480 4388 aswMonFlt - ok
19:39:20.0497 4388 [ A4096B90F21BBD2973AFAB8EEE01CD25 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
19:39:20.0520 4388 AswRdr - ok
19:39:20.0556 4388 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:39:20.0619 4388 aswSnx - ok
19:39:20.0647 4388 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:39:20.0684 4388 aswSP - ok
19:39:20.0726 4388 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:39:20.0751 4388 aswTdi - ok
19:39:20.0782 4388 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:20.0855 4388 AsyncMac - ok
19:39:20.0882 4388 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
19:39:20.0904 4388 atapi - ok
19:39:20.0979 4388 [ 64F07381335E37C142F6D176705FFCA6 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
19:39:21.0005 4388 atksgt - ok
19:39:21.0045 4388 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:39:21.0175 4388 AudioEndpointBuilder - ok
19:39:21.0187 4388 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:39:21.0248 4388 AudioSrv - ok
19:39:21.0284 4388 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:39:21.0308 4388 avast! Antivirus - ok
19:39:21.0320 4388 AWEAlloc - ok
19:39:21.0375 4388 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
19:39:21.0497 4388 BFE - ok
19:39:21.0553 4388 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
19:39:21.0720 4388 BITS - ok
19:39:21.0749 4388 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:39:21.0808 4388 blbdrive - ok
19:39:21.0891 4388 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:39:21.0946 4388 Bonjour Service - ok
19:39:21.0986 4388 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:39:22.0039 4388 bowser - ok
19:39:22.0071 4388 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:39:22.0130 4388 BrFiltLo - ok
19:39:22.0143 4388 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:39:22.0200 4388 BrFiltUp - ok
19:39:22.0237 4388 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
19:39:22.0309 4388 Browser - ok
19:39:22.0326 4388 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
19:39:22.0526 4388 Brserid - ok
19:39:22.0554 4388 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:39:22.0649 4388 BrSerWdm - ok
19:39:22.0663 4388 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:39:22.0787 4388 BrUsbMdm - ok
19:39:22.0816 4388 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:39:22.0904 4388 BrUsbSer - ok
19:39:22.0930 4388 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:39:22.0980 4388 BthEnum - ok
19:39:22.0998 4388 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:39:23.0078 4388 BTHMODEM - ok
19:39:23.0111 4388 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:39:23.0166 4388 BthPan - ok
19:39:23.0204 4388 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:39:23.0306 4388 BTHPORT - ok
19:39:23.0351 4388 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
19:39:23.0404 4388 BthServ - ok
19:39:23.0429 4388 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:39:23.0493 4388 BTHUSB - ok
19:39:23.0527 4388 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
19:39:23.0552 4388 btusbflt - ok
19:39:23.0590 4388 [ A72A9101F9730DB7332714E566614E4D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
19:39:23.0617 4388 btwaudio - ok
19:39:23.0648 4388 [ 5CEEC634B617525F2B6AD29F871033F7 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
19:39:23.0676 4388 btwavdt - ok
19:39:23.0732 4388 [ E45B07AA29D8B9B1E98E9F74FC4C8DB0 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
19:39:23.0827 4388 btwdins - ok
19:39:23.0852 4388 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
19:39:23.0880 4388 btwl2cap - ok
19:39:23.0892 4388 [ 2AF5604D28BEF77B7CF4B9D232FE7CD3 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
19:39:23.0922 4388 btwrchid - ok
19:39:23.0950 4388 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:39:24.0044 4388 cdfs - ok
19:39:24.0074 4388 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:39:24.0149 4388 cdrom - ok
19:39:24.0198 4388 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
19:39:24.0288 4388 CertPropSvc - ok
19:39:24.0309 4388 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
19:39:24.0432 4388 circlass - ok
19:39:24.0471 4388 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
19:39:24.0539 4388 CLFS - ok
19:39:24.0608 4388 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:24.0653 4388 clr_optimization_v2.0.50727_32 - ok
19:39:24.0700 4388 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:24.0744 4388 clr_optimization_v2.0.50727_64 - ok
19:39:24.0817 4388 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:24.0863 4388 clr_optimization_v4.0.30319_32 - ok
19:39:24.0900 4388 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:39:24.0948 4388 clr_optimization_v4.0.30319_64 - ok
19:39:24.0989 4388 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:25.0117 4388 CmBatt - ok
19:39:25.0142 4388 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:39:25.0188 4388 cmdide - ok
19:39:25.0208 4388 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:39:25.0242 4388 Compbatt - ok
19:39:25.0253 4388 COMSysApp - ok
19:39:25.0279 4388 cpuz130 - ok
19:39:25.0299 4388 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:39:25.0320 4388 crcdisk - ok
19:39:25.0339 4388 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:39:25.0394 4388 CryptSvc - ok
19:39:25.0440 4388 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:39:25.0505 4388 DcomLaunch - ok
19:39:25.0529 4388 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:39:25.0578 4388 DfsC - ok
19:39:25.0680 4388 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
19:39:25.0834 4388 DFSR - ok
19:39:25.0884 4388 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:39:25.0972 4388 Dhcp - ok
19:39:25.0996 4388 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
19:39:26.0028 4388 disk - ok
19:39:26.0076 4388 [ 03FE5C3790A491829EEC26A4EE1FC762 ] Diskeeper C:\Program Files (x86)\Executive Software\DiskeeperLite\DKService.exe
19:39:26.0108 4388 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
19:39:26.0108 4388 Diskeeper - detected UnsignedFile.Multi.Generic (1)
19:39:26.0135 4388 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:39:26.0184 4388 Dnscache - ok
19:39:26.0225 4388 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
19:39:26.0305 4388 dot3svc - ok
19:39:26.0332 4388 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
19:39:26.0425 4388 DPS - ok
19:39:26.0452 4388 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:39:26.0518 4388 drmkaud - ok
19:39:26.0614 4388 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
19:39:26.0647 4388 DrvAgent64 - ok
19:39:26.0688 4388 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
19:39:26.0763 4388 dsNcAdpt - ok
19:39:26.0801 4388 [ DBB553EFC611BFC7FC2E658FFDD3AF33 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
19:39:26.0894 4388 dsNcService - ok
19:39:26.0953 4388 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:39:27.0007 4388 dtsoftbus01 - ok
19:39:27.0069 4388 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:39:27.0168 4388 DXGKrnl - ok
19:39:27.0202 4388 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:39:27.0338 4388 E1G60 - ok
19:39:27.0369 4388 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
19:39:27.0478 4388 EapHost - ok
19:39:27.0522 4388 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
19:39:27.0550 4388 Ecache - ok
19:39:27.0590 4388 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:39:27.0674 4388 ehRecvr - ok
19:39:27.0689 4388 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
19:39:27.0720 4388 ehSched - ok
19:39:27.0743 4388 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
19:39:27.0794 4388 ehstart - ok
19:39:27.0823 4388 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:39:27.0876 4388 elxstor - ok
19:39:27.0922 4388 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:39:28.0018 4388 EMDMgmt - ok
19:39:28.0042 4388 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:39:28.0113 4388 ErrDev - ok
19:39:28.0163 4388 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
19:39:28.0243 4388 EventSystem - ok
19:39:28.0277 4388 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
19:39:28.0343 4388 exfat - ok
19:39:28.0380 4388 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:39:28.0451 4388 fastfat - ok
19:39:28.0476 4388 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:39:28.0539 4388 fdc - ok
19:39:28.0562 4388 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
19:39:28.0637 4388 fdPHost - ok
19:39:28.0652 4388 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
19:39:28.0753 4388 FDResPub - ok
19:39:28.0772 4388 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:39:28.0798 4388 FileInfo - ok
19:39:28.0818 4388 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:39:28.0881 4388 Filetrace - ok
19:39:28.0895 4388 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:28.0957 4388 flpydisk - ok
19:39:29.0000 4388 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:39:29.0043 4388 FltMgr - ok
19:39:29.0121 4388 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
19:39:29.0253 4388 FontCache - ok
19:39:29.0300 4388 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:29.0327 4388 FontCache3.0.0.0 - ok
19:39:29.0349 4388 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:39:29.0403 4388 Fs_Rec - ok
19:39:29.0427 4388 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:39:29.0459 4388 gagp30kx - ok
19:39:29.0510 4388 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:39:29.0535 4388 GEARAspiWDM - ok
19:39:29.0578 4388 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
19:39:29.0660 4388 gpsvc - ok
19:39:29.0686 4388 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:39:29.0727 4388 HdAudAddService - ok
19:39:29.0808 4388 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:39:29.0898 4388 HDAudBus - ok
19:39:29.0931 4388 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:39:30.0030 4388 HidBth - ok
19:39:30.0046 4388 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:39:30.0147 4388 HidIr - ok
19:39:30.0184 4388 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
19:39:30.0246 4388 hidserv - ok
19:39:30.0265 4388 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:39:30.0325 4388 HidUsb - ok
19:39:30.0347 4388 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
19:39:30.0414 4388 hkmsvc - ok
19:39:30.0442 4388 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:39:30.0468 4388 HpCISSs - ok
19:39:30.0503 4388 [ 5A539A3CBD6EC1609D5333B486D5F74C ] HPSIService C:\Windows\system32\HPSIsvc.exe
19:39:30.0530 4388 HPSIService - ok
19:39:30.0573 4388 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:39:30.0649 4388 HTTP - ok
19:39:30.0694 4388 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:39:30.0724 4388 i2omp - ok
19:39:30.0748 4388 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:39:30.0808 4388 i8042prt - ok
19:39:30.0834 4388 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:39:30.0875 4388 iaStorV - ok
19:39:30.0910 4388 [ 22FEF6D8DDC3452EE5EC6FBD9920C74D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
19:39:30.0939 4388 IBMPMDRV - ok
19:39:30.0967 4388 [ 8D61BB5A7D6E08E278C84F852D07D516 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
19:39:30.0994 4388 IBMPMSVC - ok
19:39:31.0066 4388 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:31.0160 4388 idsvc - ok
19:39:31.0197 4388 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:39:31.0241 4388 iirsp - ok
19:39:31.0290 4388 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
19:39:31.0422 4388 IKEEXT - ok
19:39:31.0454 4388 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
19:39:31.0500 4388 intelide - ok
19:39:31.0517 4388 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:39:31.0627 4388 intelppm - ok
19:39:31.0653 4388 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:39:31.0725 4388 IPBusEnum - ok
19:39:31.0759 4388 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:31.0802 4388 IpFilterDriver - ok
19:39:31.0840 4388 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:39:31.0881 4388 iphlpsvc - ok
19:39:31.0887 4388 IpInIp - ok
19:39:31.0910 4388 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:39:31.0981 4388 IPMIDRV - ok
19:39:32.0001 4388 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:39:32.0076 4388 IPNAT - ok
19:39:32.0119 4388 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:39:32.0214 4388 iPod Service - ok
19:39:32.0230 4388 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:39:32.0319 4388 IRENUM - ok
19:39:32.0361 4388 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:39:32.0392 4388 isapnp - ok
19:39:32.0421 4388 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:39:32.0459 4388 iScsiPrt - ok
19:39:32.0518 4388 [ 420B9729A7DE07D4AAFFAA7D9D13B452 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
19:39:32.0545 4388 ISWKL - ok
19:39:32.0577 4388 [ EEDAC170E922A4BD19FDB3D0D55786BB ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
19:39:32.0635 4388 IswSvc - ok
19:39:32.0659 4388 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:39:32.0690 4388 iteatapi - ok
19:39:32.0715 4388 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:39:32.0735 4388 iteraid - ok
19:39:32.0764 4388 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:32.0786 4388 kbdclass - ok
19:39:32.0809 4388 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:32.0862 4388 kbdhid - ok
19:39:32.0892 4388 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
19:39:32.0942 4388 KeyIso - ok
19:39:32.0984 4388 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
19:39:33.0025 4388 KL1 - ok
19:39:33.0057 4388 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
19:39:33.0074 4388 kl2 - ok
19:39:33.0096 4388 [ 055790D38D7EC73AEF03E4AA7F67BA03 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
19:39:33.0130 4388 KLIF - ok
19:39:33.0168 4388 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:39:33.0204 4388 KSecDD - ok
19:39:33.0224 4388 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:39:33.0290 4388 ksthunk - ok
19:39:33.0335 4388 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
19:39:33.0416 4388 KtmRm - ok
19:39:33.0490 4388 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:39:33.0560 4388 LanmanServer - ok
19:39:33.0630 4388 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:39:33.0686 4388 LanmanWorkstation - ok
19:39:33.0744 4388 [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
19:39:33.0770 4388 lirsgt - ok
19:39:33.0797 4388 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:39:33.0857 4388 lltdio - ok
19:39:33.0889 4388 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:39:33.0951 4388 lltdsvc - ok
19:39:33.0973 4388 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:39:34.0035 4388 lmhosts - ok
19:39:34.0069 4388 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:39:34.0109 4388 LSI_FC - ok
19:39:34.0148 4388 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:39:34.0183 4388 LSI_SAS - ok
19:39:34.0259 4388 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:39:34.0328 4388 LSI_SCSI - ok
19:39:34.0357 4388 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
19:39:34.0429 4388 luafv - ok
19:39:34.0496 4388 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
19:39:34.0536 4388 ManyCam - ok
19:39:34.0558 4388 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
19:39:34.0593 4388 mcaudrv_simple - ok
19:39:34.0624 4388 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:39:34.0659 4388 Mcx2Svc - ok
19:39:34.0683 4388 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
19:39:34.0708 4388 megasas - ok
19:39:34.0728 4388 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:39:34.0803 4388 MegaSR - ok
19:39:34.0830 4388 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
19:39:34.0906 4388 MMCSS - ok
19:39:34.0923 4388 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
19:39:34.0993 4388 Modem - ok
19:39:35.0017 4388 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:39:35.0082 4388 monitor - ok
19:39:35.0107 4388 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:39:35.0132 4388 mouclass - ok
19:39:35.0145 4388 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:39:35.0212 4388 mouhid - ok
19:39:35.0231 4388 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:39:35.0259 4388 MountMgr - ok
19:39:35.0304 4388 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:39:35.0333 4388 MozillaMaintenance - ok
19:39:35.0362 4388 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
19:39:35.0392 4388 mpio - ok
19:39:35.0422 4388 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:39:35.0476 4388 mpsdrv - ok
19:39:35.0530 4388 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
19:39:35.0633 4388 MpsSvc - ok
19:39:35.0659 4388 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:39:35.0684 4388 Mraid35x - ok
19:39:35.0707 4388 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:39:35.0749 4388 MRxDAV - ok
19:39:35.0772 4388 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:35.0810 4388 mrxsmb - ok
19:39:35.0843 4388 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:35.0887 4388 mrxsmb10 - ok
19:39:35.0902 4388 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:35.0938 4388 mrxsmb20 - ok
19:39:35.0969 4388 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
19:39:35.0990 4388 msahci - ok
19:39:36.0015 4388 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:39:36.0041 4388 msdsm - ok
19:39:36.0055 4388 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
19:39:36.0118 4388 MSDTC - ok
19:39:36.0131 4388 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:39:36.0186 4388 Msfs - ok
19:39:36.0216 4388 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:39:36.0238 4388 msisadrv - ok
19:39:36.0266 4388 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:39:36.0323 4388 MSiSCSI - ok
19:39:36.0329 4388 msiserver - ok
19:39:36.0355 4388 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:39:36.0418 4388 MSKSSRV - ok
19:39:36.0430 4388 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:36.0489 4388 MSPCLOCK - ok
19:39:36.0503 4388 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:39:36.0565 4388 MSPQM - ok
19:39:36.0605 4388 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:39:36.0638 4388 MsRPC - ok
19:39:36.0665 4388 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:39:36.0687 4388 mssmbios - ok
19:39:36.0706 4388 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:39:36.0765 4388 MSTEE - ok
19:39:36.0795 4388 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
19:39:36.0817 4388 Mup - ok
19:39:36.0838 4388 [ 8FA52B6049596FE2FDBC8A5E8B14EBFC ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
19:39:36.0874 4388 mvusbews - ok
19:39:36.0912 4388 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
19:39:36.0967 4388 napagent - ok
19:39:37.0002 4388 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:39:37.0053 4388 NativeWifiP - ok
19:39:37.0078 4388 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:39:37.0129 4388 NDIS - ok
19:39:37.0158 4388 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:37.0220 4388 NdisTapi - ok
19:39:37.0231 4388 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:37.0302 4388 Ndisuio - ok
19:39:37.0343 4388 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:37.0412 4388 NdisWan - ok
19:39:37.0425 4388 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:39:37.0495 4388 NDProxy - ok
19:39:37.0514 4388 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:39:37.0591 4388 NetBIOS - ok
19:39:37.0612 4388 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:39:37.0683 4388 netbt - ok
19:39:37.0701 4388 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
19:39:37.0730 4388 Netlogon - ok
19:39:37.0759 4388 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
19:39:37.0833 4388 Netman - ok
19:39:37.0853 4388 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
19:39:37.0918 4388 netprofm - ok
19:39:37.0954 4388 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:37.0978 4388 NetTcpPortSharing - ok
19:39:38.0017 4388 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:39:38.0041 4388 nfrd960 - ok
19:39:38.0069 4388 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
19:39:38.0149 4388 NlaSvc - ok
19:39:38.0222 4388 [ F554C5FD7BD1EFA4DA5CFE2EED86391F ] nm3 C:\Windows\system32\DRIVERS\nm3.sys
19:39:38.0248 4388 nm3 - ok
19:39:38.0281 4388 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
19:39:38.0306 4388 NPF - ok
19:39:38.0339 4388 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:39:38.0406 4388 Npfs - ok
19:39:38.0424 4388 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
19:39:38.0508 4388 nsi - ok
19:39:38.0536 4388 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:39:38.0604 4388 nsiproxy - ok
19:39:38.0674 4388 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:39:38.0778 4388 Ntfs - ok
19:39:38.0800 4388 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
19:39:38.0883 4388 Null - ok
19:39:38.0904 4388 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:39:38.0934 4388 nvraid - ok
19:39:38.0953 4388 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:39:38.0980 4388 nvstor - ok
19:39:39.0018 4388 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:39:39.0044 4388 nv_agp - ok
19:39:39.0049 4388 NwlnkFlt - ok
19:39:39.0057 4388 NwlnkFwd - ok
19:39:39.0088 4388 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:39:39.0177 4388 ohci1394 - ok
19:39:39.0228 4388 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
19:39:39.0250 4388 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
19:39:39.0250 4388 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
19:39:39.0293 4388 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:39:39.0317 4388 ose - ok
19:39:39.0373 4388 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:39:39.0452 4388 p2pimsvc - ok
19:39:39.0470 4388 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
19:39:39.0558 4388 p2psvc - ok
19:39:39.0584 4388 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
19:39:39.0702 4388 Parport - ok
19:39:39.0734 4388 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:39:39.0765 4388 partmgr - ok
19:39:39.0795 4388 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
19:39:39.0854 4388 PcaSvc - ok
19:39:39.0877 4388 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
19:39:39.0913 4388 pci - ok
19:39:39.0928 4388 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
19:39:39.0958 4388 pciide - ok
19:39:39.0982 4388 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:39:40.0018 4388 pcmcia - ok
19:39:40.0052 4388 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:39:40.0192 4388 PEAUTH - ok
19:39:40.0219 4388 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:39:40.0289 4388 PerfHost - ok
19:39:40.0358 4388 [ 563A380DFB29E083DE4037E7C1EE1E5B ] PhenomMsrTweaker C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
19:39:40.0386 4388 PhenomMsrTweaker ( UnsignedFile.Multi.Generic ) - warning
19:39:40.0386 4388 PhenomMsrTweaker - detected UnsignedFile.Multi.Generic (1)
19:39:40.0431 4388 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
19:39:40.0526 4388 pla - ok
19:39:40.0556 4388 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:39:40.0612 4388 PlugPlay - ok
19:39:40.0639 4388 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:39:40.0691 4388 PNRPAutoReg - ok
19:39:40.0708 4388 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:39:40.0752 4388 PNRPsvc - ok
19:39:40.0793 4388 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:39:40.0869 4388 PolicyAgent - ok
19:39:40.0905 4388 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:39:40.0959 4388 PptpMiniport - ok
19:39:40.0975 4388 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:39:41.0028 4388 Processor - ok
19:39:41.0060 4388 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
19:39:41.0119 4388 ProfSvc - ok
19:39:41.0134 4388 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:39:41.0165 4388 ProtectedStorage - ok
19:39:41.0185 4388 [ 4A768FB063A38B0A78AD97617D3A04F5 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
19:39:41.0226 4388 psadd - ok
19:39:41.0259 4388 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:39:41.0312 4388 PSched - ok
19:39:41.0368 4388 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:39:41.0473 4388 ql2300 - ok
19:39:41.0494 4388 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:39:41.0527 4388 ql40xx - ok
19:39:41.0557 4388 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
19:39:41.0615 4388 QWAVE - ok
19:39:41.0628 4388 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:39:41.0672 4388 QWAVEdrv - ok
19:39:41.0683 4388 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:39:41.0743 4388 RasAcd - ok
19:39:41.0756 4388 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
19:39:41.0818 4388 RasAuto - ok
19:39:41.0853 4388 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:41.0896 4388 Rasl2tp - ok
19:39:41.0927 4388 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
19:39:41.0987 4388 RasMan - ok
19:39:42.0002 4388 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:42.0053 4388 RasPppoe - ok
19:39:42.0074 4388 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:39:42.0102 4388 RasSstp - ok
19:39:42.0122 4388 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:39:42.0174 4388 rdbss - ok
19:39:42.0209 4388 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:42.0270 4388 RDPCDD - ok
19:39:42.0300 4388 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:39:42.0384 4388 rdpdr - ok
19:39:42.0390 4388 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:39:42.0457 4388 RDPENCDD - ok
19:39:42.0486 4388 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:39:42.0535 4388 RDPWD - ok
19:39:42.0557 4388 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:39:42.0626 4388 RemoteAccess - ok
19:39:42.0660 4388 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:39:42.0739 4388 RemoteRegistry - ok
19:39:42.0784 4388 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:39:42.0848 4388 RFCOMM - ok
19:39:42.0882 4388 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
19:39:42.0910 4388 rpcapd - ok
19:39:42.0932 4388 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
19:39:42.0992 4388 RpcLocator - ok
19:39:43.0018 4388 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
19:39:43.0100 4388 RpcSs - ok
19:39:43.0127 4388 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:39:43.0206 4388 rspndr - ok
19:39:43.0250 4388 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
19:39:43.0281 4388 RTHDMIAzAudService - ok
19:39:43.0311 4388 [ E3AA12FAA3192D1090B9069C3925373B ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
19:39:43.0374 4388 RTL8169 - ok
19:39:43.0578 4388 [ 01F443A817F803625AB9010DF21A1063 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
19:39:43.0748 4388 RTL8192Ce - ok
19:39:43.0785 4388 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
19:39:43.0837 4388 SamSs - ok
19:39:43.0861 4388 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:39:43.0895 4388 sbp2port - ok
19:39:43.0957 4388 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:39:44.0034 4388 SCardSvr - ok
19:39:44.0108 4388 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
19:39:44.0197 4388 Schedule - ok
19:39:44.0224 4388 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:39:44.0271 4388 SCPolicySvc - ok
19:39:44.0309 4388 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:39:44.0361 4388 SDRSVC - ok
19:39:44.0410 4388 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:39:44.0499 4388 secdrv - ok
19:39:44.0519 4388 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
19:39:44.0588 4388 seclogon - ok
19:39:44.0608 4388 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
19:39:44.0682 4388 SENS - ok
19:39:44.0697 4388 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:39:44.0802 4388 Serenum - ok
19:39:44.0824 4388 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
19:39:44.0920 4388 Serial - ok
19:39:44.0942 4388 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:39:45.0005 4388 sermouse - ok
19:39:45.0036 4388 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
19:39:45.0096 4388 SessionEnv - ok
19:39:45.0130 4388 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:39:45.0184 4388 sffdisk - ok
19:39:45.0195 4388 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:39:45.0249 4388 sffp_mmc - ok
19:39:45.0267 4388 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:39:45.0337 4388 sffp_sd - ok
19:39:45.0355 4388 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:39:45.0469 4388 sfloppy - ok
19:39:45.0582 4388 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:39:45.0680 4388 SharedAccess - ok
19:39:45.0761 4388 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:39:45.0835 4388 ShellHWDetection - ok
19:39:45.0861 4388 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:39:45.0892 4388 SiSRaid2 - ok
19:39:45.0912 4388 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:39:45.0944 4388 SiSRaid4 - ok
19:39:45.0995 4388 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:39:46.0029 4388 SkypeUpdate - ok
19:39:46.0133 4388 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
19:39:46.0350 4388 slsvc - ok
19:39:46.0384 4388 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:39:46.0432 4388 SLUINotify - ok
19:39:46.0461 4388 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:39:46.0517 4388 Smb - ok
19:39:46.0544 4388 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:39:46.0593 4388 SNMPTRAP - ok
19:39:46.0618 4388 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
19:39:46.0638 4388 spldr - ok
19:39:46.0664 4388 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
19:39:46.0717 4388 Spooler - ok
19:39:46.0742 4388 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
19:39:46.0786 4388 srv - ok
19:39:46.0803 4388 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:39:46.0849 4388 srv2 - ok
19:39:46.0860 4388 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:39:46.0891 4388 srvnet - ok
19:39:46.0914 4388 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:39:46.0978 4388 SSDPSRV - ok
19:39:46.0991 4388 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:39:47.0038 4388 SstpSvc - ok
19:39:47.0060 4388 Steam Client Service - ok
19:39:47.0105 4388 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
19:39:47.0171 4388 stisvc - ok
19:39:47.0195 4388 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:39:47.0220 4388 swenum - ok
19:39:47.0265 4388 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
19:39:47.0337 4388 swprv - ok
19:39:47.0355 4388 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:39:47.0376 4388 Symc8xx - ok
19:39:47.0394 4388 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:39:47.0415 4388 Sym_hi - ok
19:39:47.0432 4388 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:39:47.0452 4388 Sym_u3 - ok
19:39:47.0500 4388 [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:39:47.0525 4388 SynTP - ok
19:39:47.0547 4388 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
19:39:47.0672 4388 SysMain - ok
19:39:47.0695 4388 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:39:47.0746 4388 TabletInputService - ok
19:39:47.0793 4388 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
19:39:47.0839 4388 tap0901 - ok
19:39:47.0877 4388 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:39:47.0955 4388 TapiSrv - ok
19:39:47.0983 4388 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
19:39:48.0065 4388 TBS - ok
19:39:48.0125 4388 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:39:48.0213 4388 Tcpip - ok
19:39:48.0245 4388 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:39:48.0322 4388 Tcpip6 - ok
19:39:48.0344 4388 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:39:48.0400 4388 tcpipreg - ok
19:39:48.0443 4388 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:39:48.0561 4388 TDPIPE - ok
19:39:48.0592 4388 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:39:48.0683 4388 TDTCP - ok
19:39:48.0711 4388 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:39:48.0784 4388 tdx - ok
19:39:48.0804 4388 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:39:48.0836 4388 TermDD - ok
19:39:48.0876 4388 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
19:39:48.0973 4388 TermService - ok
19:39:48.0995 4388 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
19:39:49.0044 4388 Themes - ok
19:39:49.0108 4388 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
19:39:49.0189 4388 ThinkVantage Registry Monitor Service - ok
19:39:49.0206 4388 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
19:39:49.0285 4388 THREADORDER - ok
19:39:49.0305 4388 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
19:39:49.0368 4388 TrkWks - ok
19:39:49.0396 4388 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:39:49.0439 4388 TrustedInstaller - ok
19:39:49.0473 4388 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:49.0535 4388 tssecsrv - ok
19:39:49.0552 4388 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:39:49.0595 4388 tunmp - ok
19:39:49.0623 4388 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:39:49.0660 4388 tunnel - ok
19:39:49.0703 4388 [ A65643ED30A30E46317C0B25818BC9B7 ] TVicPort64 C:\Windows\system32\drivers\TVicPort64.sys
19:39:49.0722 4388 TVicPort64 - ok
19:39:49.0789 4388 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
19:39:49.0861 4388 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
19:39:49.0861 4388 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
19:39:49.0894 4388 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:39:49.0920 4388 uagp35 - ok
19:39:49.0953 4388 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:39:50.0030 4388 udfs - ok
19:39:50.0062 4388 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:39:50.0150 4388 UI0Detect - ok
19:39:50.0172 4388 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:39:50.0205 4388 uliagpkx - ok
19:39:50.0227 4388 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:39:50.0270 4388 uliahci - ok
19:39:50.0301 4388 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:39:50.0334 4388 UlSata - ok
19:39:50.0360 4388 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:39:50.0394 4388 ulsata2 - ok
19:39:50.0414 4388 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:39:50.0493 4388 umbus - ok
19:39:50.0523 4388 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
19:39:50.0603 4388 upnphost - ok
19:39:50.0637 4388 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:50.0686 4388 usbccgp - ok
19:39:50.0699 4388 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:39:50.0788 4388 usbcir - ok
19:39:50.0843 4388 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:39:50.0902 4388 usbehci - ok
19:39:50.0928 4388 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:39:50.0991 4388 usbhub - ok
19:39:51.0011 4388 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:39:51.0053 4388 usbohci - ok
19:39:51.0075 4388 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:39:51.0128 4388 usbprint - ok
19:39:51.0149 4388 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:51.0199 4388 USBSTOR - ok
19:39:51.0218 4388 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:39:51.0265 4388 usbuhci - ok
19:39:51.0293 4388 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:39:51.0363 4388 usbvideo - ok
19:39:51.0395 4388 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
19:39:51.0449 4388 UxSms - ok
19:39:51.0487 4388 [ 9024E915F803431E2C2C85070DC919FB ] VCam_WDM C:\Windows\system32\DRIVERS\VCam_WDM.sys
19:39:51.0511 4388 VCam_WDM - ok
19:39:51.0533 4388 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
19:39:51.0616 4388 vds - ok
19:39:51.0655 4388 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:51.0719 4388 vga - ok
19:39:51.0737 4388 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:39:51.0798 4388 VgaSave - ok
19:39:51.0812 4388 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
19:39:51.0832 4388 viaide - ok
19:39:51.0860 4388 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:39:51.0883 4388 volmgr - ok
19:39:51.0918 4388 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:39:51.0953 4388 volmgrx - ok
19:39:51.0990 4388 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:39:52.0024 4388 volsnap - ok
19:39:52.0066 4388 [ 1B6892429CB452F4434F1B51CF921369 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
19:39:52.0103 4388 Vsdatant - ok
19:39:52.0165 4388 vsmon - ok
19:39:52.0196 4388 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:39:52.0228 4388 vsmraid - ok
19:39:52.0288 4388 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
19:39:52.0462 4388 VSS - ok
19:39:52.0488 4388 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
19:39:52.0576 4388 W32Time - ok
19:39:52.0613 4388 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:39:52.0728 4388 WacomPen - ok
19:39:52.0754 4388 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:39:52.0806 4388 Wanarp - ok
19:39:52.0811 4388 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:39:52.0854 4388 Wanarpv6 - ok
19:39:52.0879 4388 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:39:52.0943 4388 wcncsvc - ok
19:39:52.0969 4388 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:39:53.0019 4388 WcsPlugInService - ok
19:39:53.0049 4388 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
19:39:53.0073 4388 Wd - ok
19:39:53.0111 4388 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:39:53.0200 4388 Wdf01000 - ok
19:39:53.0212 4388 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:39:53.0289 4388 WdiServiceHost - ok
19:39:53.0295 4388 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:39:53.0364 4388 WdiSystemHost - ok
19:39:53.0400 4388 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
19:39:53.0460 4388 WebClient - ok
19:39:53.0490 4388 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:39:53.0558 4388 Wecsvc - ok
19:39:53.0574 4388 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:39:53.0648 4388 wercplsupport - ok
19:39:53.0664 4388 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
19:39:53.0717 4388 WerSvc - ok
19:39:53.0737 4388 WinDefend - ok
19:39:53.0744 4388 WinHttpAutoProxySvc - ok
19:39:53.0782 4388 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:39:53.0836 4388 Winmgmt - ok
19:39:53.0896 4388 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
19:39:54.0108 4388 WinRM - ok
19:39:54.0164 4388 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
19:39:54.0235 4388 WinUSB - ok
19:39:54.0275 4388 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:39:54.0366 4388 Wlansvc - ok
19:39:54.0392 4388 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:39:54.0464 4388 WmiAcpi - ok
19:39:54.0512 4388 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:39:54.0599 4388 wmiApSrv - ok
19:39:54.0636 4388 WMPNetworkSvc - ok
19:39:54.0664 4388 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:39:54.0732 4388 WPCSvc - ok
19:39:54.0767 4388 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:39:54.0858 4388 WPDBusEnum - ok
19:39:54.0914 4388 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:39:54.0965 4388 WpdUsb - ok
19:39:55.0054 4388 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:39:55.0140 4388 WPFFontCache_v0400 - ok
19:39:55.0175 4388 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:39:55.0235 4388 ws2ifsl - ok
19:39:55.0266 4388 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
19:39:55.0298 4388 wscsvc - ok
19:39:55.0303 4388 WSearch - ok
19:39:55.0386 4388 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:39:55.0490 4388 wuauserv - ok
19:39:55.0515 4388 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:55.0584 4388 WUDFRd - ok
19:39:55.0614 4388 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:39:55.0681 4388 wudfsvc - ok
19:39:55.0722 4388 ================ Scan global ===============================
19:39:55.0744 4388 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
19:39:55.0817 4388 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:39:55.0837 4388 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:39:55.0878 4388 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
19:39:55.0888 4388 [Global] - ok
19:39:55.0892 4388 ================ Scan MBR ==================================
19:39:55.0902 4388 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:39:56.0268 4388 \Device\Harddisk0\DR0 - ok
19:39:56.0269 4388 ================ Scan VBR ==================================
19:39:56.0272 4388 [ ED9B3952D13137DFA7104D8462391812 ] \Device\Harddisk0\DR0\Partition1
19:39:56.0274 4388 \Device\Harddisk0\DR0\Partition1 - ok
19:39:56.0309 4388 [ 615B8CAD080B1BA1BCCF8132C4568FD5 ] \Device\Harddisk0\DR0\Partition2
19:39:56.0311 4388 \Device\Harddisk0\DR0\Partition2 - ok
19:39:56.0311 4388 ============================================================
19:39:56.0311 4388 Scan finished
19:39:56.0311 4388 ============================================================
19:39:56.0329 0156 Detected object count: 4
19:39:56.0329 0156 Actual detected object count: 4
19:40:45.0690 0156 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:45.0690 0156 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:45.0695 0156 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:45.0698 0156 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:45.0701 0156 PhenomMsrTweaker ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:45.0701 0156 PhenomMsrTweaker ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:45.0706 0156 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:45.0706 0156 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter Infektionsdetails
URL: hxxp://www.proxyempire.com/index.php?q
Prozess: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Infektion: JS:Includer-L [Trj]
Geändert von Atina (09.01.2013 um 19:49 Uhr) |
|
09.01.2013, 20:31
| #4 | |
| /// Malware-holic | Malewarebytes Anti-Malware und viele PUP.LoadTubes Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 21:04
| #5 |
| | Malewarebytes Anti-Malware und viele PUP.LoadTubes Combofix: Code:
ATTFilter ComboFix 13-01-08.01 - Sebastian 09.01.2013 20:44:47.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.5885.3600 [GMT 1:00]
ausgeführt von:: c:\users\Sebastian\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Outdated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Sebastian\AppData\Roaming\convert\convert.exe
c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\SysWow64\AdbWinApi.dll
c:\windows\SysWow64\msvcrt.1
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-09 bis 2013-01-09 ))))))))))))))))))))))))))))))
.
.
2013-01-09 19:57 . 2013-01-09 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-09 19:57 . 2013-01-09 19:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-09 19:40 . 2013-01-09 19:41 -------- d-----w- C:\32788R22FWJFW
2013-01-09 15:19 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-09 15:19 . 2013-01-09 15:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-09 13:32 . 2013-01-09 14:23 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-07 19:48 . 2013-01-07 19:48 -------- d-----w- c:\program files (x86)\FireArc Arcade
2012-12-15 13:19 . 2012-12-15 13:19 -------- d-----w- c:\users\Sebastian\AppData\Local\Native Instruments
2012-12-15 13:17 . 2012-12-15 13:17 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-12-15 13:16 . 2012-12-15 13:16 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-12-15 13:16 . 2012-12-15 13:16 -------- d-----w- c:\program files\Vstplugins
2012-12-15 13:16 . 2012-12-15 13:16 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2012-12-15 13:16 . 2012-12-15 13:16 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
2012-12-15 13:16 . 2012-12-15 13:16 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2012-12-15 13:16 . 2012-12-15 13:16 -------- d-----w- c:\program files\Native Instruments
2012-12-15 13:16 . 2012-12-15 13:16 -------- d-----w- c:\programdata\Native Instruments
2012-12-12 19:43 . 2012-12-12 19:43 -------- d-----w- c:\users\Sebastian\AppData\Roaming\MPEG Streamclip
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 15:34 . 2012-07-23 09:54 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 15:34 . 2011-06-06 14:41 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-07-23 15:01 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-07-23 15:01 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-07-23 15:01 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-07-23 15:01 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-07-23 15:01 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-07-23 15:01 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-07-23 15:01 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-07-23 15:01 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-07-23 15:01 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"Spotify Web Helper"="c:\users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-31 1199576]
"googletalk"="c:\users\Sebastian\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-08-07 1240848]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-03 73392]
"TVT Scheduler Proxy"="c:\program files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-4 28539232]
.
c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
K10STAT.exe -loadprofile1 -nowindow -ClkCtrl1 -StayOnTray.lnk - c:\users\Sebastian\Desktop\k10stat\K10STAT.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 31182099
*Deregistered* - 31182099
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 15:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.ask.com/?l=dis&o=1689
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
Trusted Zone: fabasoft.com\folio
TCP: DhcpNameServer = 192.168.1.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\bqr6bhwq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ALSV5&o=1665&locale=de_DE&apn_uid=9c38d42c-00b2-453e-9962-e9c5cf9e6b39&apn_ptnrs=AU&apn_sauid=7A0730D4-DBF6-4764-8F0C-0DED0CC02002&apn_dtid=YYYYYYYYDE&&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-06-09 17:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPFanControl - :c:\program files\TPFanControl\TPFanControl.exe
HKLM-Run-ISW - (no file)
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2013-01-09 21:00:43
ComboFix-quarantined-files.txt 2013-01-09 20:00
.
Vor Suchlauf: 18 Verzeichnis(se), 24.688.885.760 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 24.678.772.736 Bytes frei
.
- - End Of File - - F37D82AF013D473EA00AE79AB1ABD0D1
|
|
10.01.2013, 00:47
| #6 |
| /// Malware-holic | Malewarebytes Anti-Malware und viele PUP.LoadTubes Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> Malewarebytes Anti-Malware und viele PUP.LoadTubes |
|
10.01.2013, 03:56
| #7 |
| | Malewarebytes Anti-Malware und viele PUP.LoadTubes Ich habs etwas anders gehandhabt - wenn du noch die Liste der benötigten brauchst, sag bescheid: Ich würde auf folgende Progs verzichten können, wenn nötig: Code:
ATTFilter nicht notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 11.5.502.146
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 11.5.502.146
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 04.10.2012 10,2MB 11.6.7.637
Allway Sync version 12.2.1 Botkind Inc 14.08.2012 27,1MB
Amazon Kindle Amazon 21.03.2012 69,9MB
Anti-Twin (Installation 14.08.2012) Joerg Rosenthal, Germany 14.08.2012 1,08MB
Apple Application Support Apple Inc. 27.03.2012 60,9MB 2.1.7
Apple Mobile Device Support Apple Inc. 27.03.2012 24,4MB 5.1.1.4
Apple Software Update Apple Inc. 02.07.2011 2,25MB 2.1.3.127
ATI Catalyst Install Manager ATI Technologies, Inc. 06.06.2011 22,4MB 3.0.825.0
Auslogics Toolbar Ask.com 17.09.2012 4,43MB 1.15.4.0
Auslogics Toolbar Updater Ask.com 17.09.2012 1,53MB 1.2.2.23821
Avira NTFS4DOS 1.9 Avira GmbH 28.07.2012 984KB 1.9
Bonjour Apple Inc. 27.03.2012 2,01MB 3.0.0.10
Cisco EAP-FAST Module Cisco Systems, Inc. 06.06.2011 1,55MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 06.06.2011 644KB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 06.06.2011 1,23MB 1.1.6
Core Temp 1.0 RC3 Alcpu 26.07.2012 2,05MB 1.0
CPUID HWMonitor 1.20 28.08.2012 2,43MB
DAEMON Tools Lite DT Soft Ltd 28.07.2012 24,8MB 4.45.4.0314
Der Herr der Ringe Online v03.03.05.8039 Turbine, Inc. 21.10.2012 10,9GB 03.03.05.803
DPM Player Philips Speech Processing 02.07.2012 2,78MB 1.00.0000
DPMCtrl.dll 2009.3 James M. Voelker 02.07.2012 4,88MB 2009.3
DriverAgent by eSupport.com 07.06.2011
DriverTools 1.0 Huawei Technologies Co.,Ltd 28.07.2012 13,5MB 1.0
DSS to Wave Converter 2011.1 James M. Voelker 02.07.2012 4,88MB 2011.1
EA SPORTS(TM) FIFA Online Electronic Arts 09.01.2013 1,51GB 1.0.1.1
ESET Online Scanner v3 28.07.2012 135MB
EVEREST Home Edition v2.20 Lavalys Inc 28.07.2012 6,58MB 2.20
EzLog 28.07.2012 7,68MB
Fabasoft Folio Cloud Plug-in Fabasoft R&D GmbH 09.06.2012 15,1MB 12.3.2015
Fake Webcam 7.2 Web Solution Mart 07.08.2012 16,3MB 7.2.0
FileHippo.com Update Checker 28.07.2012 380KB
FireArc Arcade FireArc.com 07.01.2013 39,2MB 0.3.18
Free Download Manager 3.9 FreeDownloadManager.ORG 17.06.2012 23,5MB
Free YouTube Download version 3.1.40.1031 DVDVideoSoft Ltd. 04.12.2012 6,76MB 3.1.40.1031
FreeFileSync v5.2 ZenJu 28.07.2012 23,0MB 5.2
Futuremark SystemInfo Futuremark Corporation 04.09.2012 2,89MB 3.21.2.1
GadgetPack (remove only) 28.07.2012 12,2MB
Gephi 0.8.1 Gephi 13.06.2012 75,2MB
Google Talk (remove only) 05.10.2012 3,71MB
GPL Ghostscript Artifex Software Inc. 28.07.2012 29,0MB 9.05
Grim Fandango Quick and Easy Software 24.05.2012 2,98GB 1.0
GSview 5.0 Ghostgum Software Pty Ltd 28.07.2012 2,85MB 5.0
HijackThis 2.0.2 TrendMicro 14.08.2012 416KB 2.0.2
HP LaserJet Professional P1100-P1560-P1600 Series 28.06.2011 10,5MB
HP USB Disk Storage Format Tool 28.07.2012 812KB
ImagePrinter 2.0.1 Ibadov Tariel 28.07.2012 3,02MB 2.0.1
ImagePrinter Pro 4.0 Code-Industry Team. 19.07.2011 26,4MB
ImgBurn LIGHTNING UK! 03.08.2012 3,08MB 2.5.5.0
JDiskReport 1.4.0 JGoodies Karsten Lentzsch 28.07.2012 2,02MB 1.4.0 (2012-01-20 11:38:43)
JDownloader 0.9 AppWork GmbH 28.07.2012 66,0MB 0.9
loadtbs-3.0 14.08.2012 1,93MB
Mustrum 2.1.2 21.01.2012 15,6MB
NetworkView Version 3.62 NetworkView Software 07.08.2012 4,49MB 3.62
nLite 1.4.9.1 Dino Nuhagic (nuhi) 18.06.2011 9,48MB 1.4.9.1
OLYMPUS DSS Player-Lite 28.07.2012 1,63MB
OpenAL 04.09.2012 792KB
PDFCreator Frank Heindörfer, Philip Chinery 28.01.2012 32,1MB 1.2.3
PhenomMsrTweaker Martin Kinkelin 26.07.2012 420KB 2.0.4
Philips DPM Player Hot Fix 02.07.2012
PunkBuster Services Even Balance, Inc. 09.01.2013 0.987
RMPrepUSB 28.07.2012 12,4MB
Secure Download Manager e-academy Inc. 06.05.2012 1,14MB 3.0.3
SecureW2 EAP Suite 1.1.3 for Windows 28.07.2012 64,0KB
Similarity 1.7.1 GAR Software 14.08.2012 4,40MB 1.7.1403
SIW version 2011.10.29 Topala Software Solutions 24.08.2012 5,78MB 2011.10.29
Switch Sound File Converter NCH Software 28.07.2012 3,05MB
System Update Lenovo 28.08.2012 26,6MB 3.15.0017
ThinkPad Bluetooth with Enhanced Data Rate Software Broadcom Corporation 23.07.2012 144MB 6.2.1.3200
ThinkPad UltraNav Driver 23.07.2012 24,6MB 15.0.18.0
Thoosje Sevenbar 28.07.2012 116KB
TPFanControl v0.62 troubadix 26.07.2012 1,58MB
Trojan Remover 6.8.4 Simply Super Software 07.08.2012 10,2MB 6.8.4
Ultra Image Printer 2.0 Ultrashareware Software, Inc. 19.07.2011 2,37MB
UltraVNC 1.0.9.1 1.0.9.1 03.08.2012 4,40MB 1.0.9.1
Unity Web Player Unity Technologies ApS 09.01.2013 216KB
VideoPad Video Editor NCH Software 07.08.2012 13,1MB
Wireshark 1.8.1 (64-bit) The Wireshark developer community, hxxp://www.wireshark.org 07.08.2012 102MB 1.8.1
Xaldon WebSpider2 28.07.2012 1,64MB
µTorrent
|
|
10.01.2013, 14:51
| #8 |
| /// Malware-holic | Malewarebytes Anti-Malware und viele PUP.LoadTubes ich benötige die Liste, wie beschrieben.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 20:51
| #9 |
| | Malewarebytes Anti-Malware und viele PUP.LoadTubesCode:
ATTFilter 7-Zip 9.20 28.07.2012 3,53MB (benötigt) Adobe Acrobat X Pro - English, Français, Deutsch Adobe Systems 13.09.2012 10.1.4(benötigt) Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 11.5.502.146(benötigt) Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 11.5.502.146(benötigt) Adobe Shockwave Player 11.6 Adobe Systems, Inc. 04.10.2012 10,2MB 11.6.7.637(benötigt) Allway Sync version 12.2.1 Botkind Inc 14.08.2012 27,1MB (benötigt) Amazon Kindle Amazon 21.03.2012 69,9MB (benötigt) Anti-Twin (Installation 14.08.2012) Joerg Rosenthal, Germany 14.08.2012 1,08MB (nicht benötigt) Apple Application Support Apple Inc. 27.03.2012 60,9MB 2.1.7(nicht benötigt) Apple Mobile Device Support Apple Inc. 27.03.2012 24,4MB 5.1.1.4(nicht benötigt) Apple Software Update Apple Inc. 02.07.2011 2,25MB 2.1.3.127 (nicht benötigt) ATI Catalyst Install Manager ATI Technologies, Inc. 06.06.2011 22,4MB 3.0.825.0(benötigt) Auslogics Disk Defrag Auslogics Software Pty Ltd 17.09.2012 9,37MB 3.5(benötigt) Auslogics Toolbar Ask.com 17.09.2012 4,43MB 1.15.4.0 (nicht benötigt) Auslogics Toolbar Updater Ask.com 17.09.2012 1,53MB 1.2.2.23821 (nicht benötigt) avast! Free Antivirus AVAST Software 15.11.2012 251MB 7.0.1474.0(benötigt) Avira NTFS4DOS 1.9 Avira GmbH 28.07.2012 984KB 1.9(benötigt) Bonjour Apple Inc. 27.03.2012 2,01MB 3.0.0.10 (nicht benötigt) CCleaner Piriform 24.07.2012 8,96MB 3.21(benötigt) CDex - Open Source Digital Audio CD Extractor Georgy Berdyshev 28.07.2012 5,22MB 1.70.4.2009(benötigt) Cisco EAP-FAST Module Cisco Systems, Inc. 06.06.2011 1,55MB 2.2.147-Zip 9.20 28.07.2012 3,53MB (benötigt) Adobe Acrobat X Pro - English, Français, Deutsch Adobe Systems 13.09.2012 10.1.4(benötigt) Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 11.5.502.146(benötigt) Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 11.5.502.146(benötigt) Adobe Shockwave Player 11.6 Adobe Systems, Inc. 04.10.2012 10,2MB 11.6.7.637(benötigt) Allway Sync version 12.2.1 Botkind Inc 14.08.2012 27,1MB (benötigt) Amazon Kindle Amazon 21.03.2012 69,9MB (benötigt) Anti-Twin (Installation 14.08.2012) Joerg Rosenthal, Germany 14.08.2012 1,08MB (nicht benötigt) Apple Application Support Apple Inc. 27.03.2012 60,9MB 2.1.7(nicht benötigt) Apple Mobile Device Support Apple Inc. 27.03.2012 24,4MB 5.1.1.4(nicht benötigt) Apple Software Update Apple Inc. 02.07.2011 2,25MB 2.1.3.127 (nicht benötigt) ATI Catalyst Install Manager ATI Technologies, Inc. 06.06.2011 22,4MB 3.0.825.0(benötigt) Auslogics Disk Defrag Auslogics Software Pty Ltd 17.09.2012 9,37MB 3.5(benötigt) Auslogics Toolbar Ask.com 17.09.2012 4,43MB 1.15.4.0 (nicht benötigt) Auslogics Toolbar Updater Ask.com 17.09.2012 1,53MB 1.2.2.23821 (nicht benötigt) avast! Free Antivirus AVAST Software 15.11.2012 251MB 7.0.1474.0(benötigt) Avira NTFS4DOS 1.9 Avira GmbH 28.07.2012 984KB 1.9(benötigt) Bonjour Apple Inc. 27.03.2012 2,01MB 3.0.0.10 (nicht benötigt) CCleaner Piriform 24.07.2012 8,96MB 3.21(benötigt) CDex - Open Source Digital Audio CD Extractor Georgy Berdyshev 28.07.2012 5,22MB 1.70.4.2009(benötigt) Cisco EAP-FAST Module Cisco Systems, Inc. 06.06.2011 1,55MB 2.2.14(benötigt) Cisco LEAP Module Cisco Systems, Inc. 06.06.2011 644KB 1.0.19(benötigt) Cisco PEAP Module Cisco Systems, Inc. 06.06.2011 1,23MB 1.1.6(benötigt) Compatibility Pack für 2007 Office System Microsoft Corporation 16.08.2012 (benötigt) Copernic Desktop Search - Home Copernic Inc. 28.07.2012 32,4MB (benötigt) Core Temp 1.0 RC3 Alcpu 26.07.2012 2,05MB 1.0(benötigt) CPUID HWMonitor 1.20 28.08.2012 2,43MB (benötigt) DAEMON Tools Lite DT Soft Ltd 28.07.2012 24,8MB 4.45.4.0314(benötigt) Der Herr der Ringe Online v03.03.05.8039 Turbine, Inc. 21.10.2012 10,9GB 03.03.05.8039(benötigt) Device Doctor v1.0 Device Doctor Software Inc. 07.06.2011 1,65MB 1.0(benötigt) Diskeeper Lite Executive Software International, Inc. 17.09.2012 3,51MB 7.0.418(benötigt) DPM Player Philips Speech Processing 02.07.2012 2,78MB 1.00.0000(benötigt) DPMCtrl.dll 2009.3 James M. Voelker 02.07.2012 4,88MB 2009.3(benötigt) DriverAgent by eSupport.com 07.06.2011 (benötigt) DriverTools 1.0 Huawei Technologies Co.,Ltd 28.07.2012 13,5MB 1.0(benötigt) Dropbox Dropbox, Inc. 09.01.2013 24,2MB 1.6.13(benötigt) DSS to Wave Converter 2011.1 James M. Voelker 02.07.2012 4,88MB 2011.1(benötigt) EA SPORTS(TM) FIFA Online Electronic Arts 09.01.2013 1,51GB 1.0.1.1(benötigt) ESET Online Scanner v3 28.07.2012 135MB (benötigt) EVEREST Home Edition v2.20 Lavalys Inc 28.07.2012 6,58MB 2.20(benötigt) EzLog 28.07.2012 7,68MB (benötigt) f4 2012 audiotranskription.de 28.07.2012 (benötigt) Fabasoft Folio Cloud Plug-in Fabasoft R&D GmbH 09.06.2012 15,1MB 12.3.2015 FileHippo.com Update Checker 28.07.2012 380KB (benötigt) FireArc Arcade FireArc.com 07.01.2013 39,2MB 0.3.18 (unbekannt) Foxit Reader 5.1 Foxit Corporation 12.04.2012 30,8MB 5.1.4.104(benötigt) Free Download Manager 3.9 FreeDownloadManager.ORG 17.06.2012 23,5MB (benötigt) Free YouTube Download version 3.1.40.1031 DVDVideoSoft Ltd. 04.12.2012 6,76MB 3.1.40.1031(benötigt) FreeFileSync v5.2 ZenJu 28.07.2012 23,0MB 5.2(benötigt) Futuremark SystemInfo Futuremark Corporation 04.09.2012 2,89MB 3.21.2.1(benötigt) GadgetPack (remove only) 28.07.2012 12,2MB (unbekannt) Gephi 0.8.1 Gephi 13.06.2012 75,2MB (benötigt) Google Talk (remove only) 05.10.2012 3,71MB (benötigt) GPL Ghostscript Artifex Software Inc. 28.07.2012 29,0MB 9.05 (unbekannt) Grim Fandango Quick and Easy Software 24.05.2012 2,98GB 1.0(benötigt) GSview 5.0 Ghostgum Software Pty Ltd 28.07.2012 2,85MB 5.0 (unbekannt) HijackThis 2.0.2 TrendMicro 14.08.2012 416KB 2.0.2(benötigt) HP LaserJet Professional P1100-P1560-P1600 Series 28.06.2011 10,5MB (benötigt) HP USB Disk Storage Format Tool 28.07.2012 812KB (benötigt) HUAWEI DataCard Driver 3.10.00.00 Huawei technologies Co., Ltd. 28.07.2012 4,90MB 3.10.00.00(benötigt) ImagePrinter 2.0.1 Ibadov Tariel 28.07.2012 3,02MB 2.0.1(benötigt) ImagePrinter Pro 4.0 Code-Industry Team. 19.07.2011 26,4MB (benötigt) ImgBurn LIGHTNING UK! 03.08.2012 3,08MB 2.5.5.0(benötigt) IrfanView (remove only) Irfan Skiljan 28.07.2012 1,70MB 4.32(benötigt) iTunes Apple Inc. 27.03.2012 156MB 10.6.0.40(benötigt) Java 7 Update 7 Oracle 13.09.2012 128MB 7.0.70(benötigt) JavaFX 2.1.1 Oracle Corporation 27.07.2012 20,8MB 2.1.1(benötigt) JDiskReport 1.4.0 JGoodies Karsten Lentzsch 28.07.2012 2,02MB 1.4.0 (2012-01-20 11:38:43)(benötigt) JDownloader 0.9 AppWork GmbH 28.07.2012 66,0MB 0.9(benötigt) Juniper Networks Network Connect 7.1.0 Juniper Networks 28.07.2012 7,43MB 7.1.0.19243(benötigt) Juniper Networks, Inc. Setup Client Juniper Networks, Inc. 15.03.2012 1,62MB 7.1.4.13103(benötigt) Juniper Networks, Inc. Setup Client Activex Control Juniper Networks, Inc. 28.07.2012 2.1.1(benötigt).1 K-Lite Mega Codec Pack 7.2.0 08.07.2011 45,4MB 7.2.0(benötigt) Lenovo Patch Utility Lenovo Group Limited 03.08.2012 1,33MB 1.3.0.9(benötigt) Lenovo Patch Utility 64 bit Lenovo Group Limited 03.08.2012 1,35MB 1.3.0.9(benötigt) Lenovo Power Management Driver 28.08.2012 1.65.05.21(benötigt) LibreOffice 3.5 The Document Foundation 23.05.2012 530MB 3.5.3.2(benötigt) LinuxLive USB Creator Thibaut Lauziere 28.07.2012 9,10MB 2.8(benötigt) loadtbs-3.0 14.08.2012 1,93MB (benötigt) LOTRO Plugin Compendium Lunarwater 19.09.2012 1,48MB 1.0.3(benötigt) Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 09.01.2013 11,8MB 1.70.0.1100(benötigt) ManyCam 3.0.80 (remove only) ManyCam LLC 12.09.2012 26,5MB 3.0.80(benötigt) Microsoft .NET Framework 1.1 28.07.2012(benötigt) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 09.06.2011 42,0MB (benötigt) Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 08.06.2011 42,0MB (benötigt) Microsoft .NET Framework 4 Client Profile Microsoft Corporation 12.06.2011 189MB 4.0.30319(benötigt) Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.06.2011 46,4MB 4.0(benötigt).30319 Microsoft Network Monitor 3.4 Microsoft Corporation 11.08.2012 11,2MB 3.4.2350.0(benötigt) Microsoft Network Monitor: NetworkMonitor Parsers 3.4 Microsoft Corporation 11.08.2012 20,3MB 3.4.2350.0(benötigt) Microsoft Office Excel Viewer Microsoft Corporation 16.08.2012 12.0.6612.1000(benötigt) Microsoft Office Word Viewer 2003 Microsoft Corporation 16.08.2012 11.0.8173.0(benötigt) Microsoft Silverlight Microsoft Corporation 23.07.2012 22,5MB 5.1.10411.0(benötigt) Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2012 293KB 8.0.56336(benötigt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 22.06.2011 782KB 9.0.30729.4148(benötigt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19.04.2012 782KB 9.0.30729.6161(benötigt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 07.08.2012 1,41MB 9.0.21022(benötigt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.04.2012 234KB 9.0.30729(benötigt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.06.2011 590KB 9.0.30729.4148(benötigt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.04.2012 594KB 9.0.30729.6161(benötigt) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 10.08.2012 10.0.40219(benötigt) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 19.04.2012 10.0.30319(benötigt) MixPad NCH Software 28.07.2012 4,99MB (nicht benötigt) Monitor Calibration Wizard 1.0 28.07.2012 624KB Mozilla Firefox 17.0.1 (x86 de) Mozilla 17.12.2012 41,8MB 17.0.1(benötigt) Mozilla Maintenance Service Mozilla 09.01.2013 216KB 17.0.2(benötigt) Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 09.01.2013 43,5MB 17.0.2(benötigt) MSXML 4.0 SP3 Parser Microsoft Corporation 29.05.2012 1,47MB 4.30.2100.0(benötigt) MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 13.07.2012 1,53MB 4.30.(benötigt)2114.0 MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 31.05.2012 1,53MB 4.30.2107.0(benötigt) Mustrum 2.1.2 21.01.2012 15,6MB (benötigt) MyPhoneExplorer F.J. Wechselberger 28.07.2012 11,2MB 1.8.2(benötigt) Native Instruments Massive Native Instruments 15.12.2012 96,2MB (benötigt) Native Instruments Service Center Native Instruments 15.12.2012 45,8MB (benötigt) NetworkView Version 3.62 NetworkView Software 07.08.2012 4,49MB 3.62(benötigt) nLite 1.4.9.1 Dino Nuhagic (nuhi) 18.06.2011 9,48MB 1.4.9.1(benötigt) Notebook Hardware Control 2.0 Pre-Release-06 Bugfix Manfred Jaider 28.07.201(benötigt)2 4,86MB 2.0 Pre-Release-06 Bugfix OLYMPUS DSS Player-Lite 28.07.2012 1,63MB (benötigt) OpenAL 04.09.2012 792KB (benötigt) OpenVPN 2.2.2 28.07.2012 3,39MB 2.(benötigt)2.2 Opera 12.11 Opera Software ASA 17.12.2012 41,9(benötigt)MB 12.11.1661 PDFCreator Frank Heindörfer, Philip Chinery 28.01.2012 (benötigt)32,1MB 1.2.3 PhenomMsrTweaker Martin Kinkelin 26.07.2012 420KB 2.0.4(benötigt) Philips DPM Player Hot Fix 02.07.2012 (benötigt) PreSonus Studio One 2 x64 PreSonus Audio Electronics 25.05.2012 149MB 2.0.5.18179(benötigt) PunkBuster Services Even Balance, Inc. 09.01.2013 0.987(benötigt) QuickTime Apple Inc. 27.03.2012 73,2MB 7.71.80.42(benötigt) Realtek Ethernet Controller Driver For Windows Vista and Later Realtek 05.06.2011 372KB 1.00.0010(benötigt) Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 28.07.2012 1,78MB 6.0.1.6034(benötigt) Realtek High Definition Audio Driver Realtek Semiconductor Corp. 07.06.2011 1,78MB 6.0.1.6146(benötigt) REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 06.06.2011 2,02MB 1.00.0143(benötigt) RMPrepUSB 28.07.2012 12,4MB (benötigt) Samplitude Silver – SoundCloud Edition MAGIX AG 28.07.2012 123MB 11.0.1.2(benötigt) Secure Download Manager e-academy Inc. 06.05.2012 1,14MB 3.0.3(benötigt) SecureW2 EAP Suite 1.1.3 for Windows 28.07.2012 64,0KB (benötigt) Similarity 1.7.1 GAR Software 14.08.2012 4,40MB 1.7.1403(benötigt) SIW version 2011.10.29 Topala Software Solutions 24.08.2012 5,78MB 20(benötigt)11.10.29 Skype Click to Call Skype Technologies S.A. 04.02.2012 5,86MB 5.9.9216(benötigt) Skype™ 5.10 Skype Technologies S.A. 21.07.2012 19,0MB 5.10.116(benötigt) Spotify 28.07.2012 60,5MB 0.5.1(benötigt) Spotify Spotify AB 06.05.2012 60,5MB 0.8.3.2(benötigt)22.g317ab79d Steam Valve Corporation 03.02.2012 35,4MB 1.0.0.0(benötigt) Superior Search Home 5.0 11.04.2012 79,0MB (benötigt) Switch Sound File Converter NCH Software 28.07.2012 3,05MB (nicht benötigt) System Update Lenovo 28.08.2012 26,6MB 3.15.0017(benötigt) TeamSpeak 3 Client TeamSpeak Systems GmbH 01.09.2012 52,(benötigt)5MB 3.0.6 ThinkPad Bluetooth with Enhanced Data Rate Software Broadcom Corporation 23.07.2012 (benötigt)144MB 6.2.1.3200 ThinkPad UltraNav Driver 23.07.2012 24,6MB 15.0.18.0(benötigt) Thoosje Sevenbar 28.07.2012 116KB (benötigt) TPFanControl v0.62 troubadix 26.07.2012 1,58MB (benötigt) Trojan Remover 6.8.4 Simply Super Software 07.08.2012 10,2MB 6.8.4(benötigt) Ultra Image Printer 2.0 Ultrashareware Software, Inc. 19.07.2011 2,37MB (benötigt) UltraVNC 1.0.9.1 1.0.9.1 03.08.2012 4,40MB 1.0.9.1(benötigt) Unity Web Player Unity Technologies ApS 09.01.2013 216KB (benötigt) VideoPad Video Editor NCH Software 07.08.2012 13,1MB (nicht benötigt) Visual Studio 2008 x64 Redistributables AVG Technologies 11.06.2012 8,14M(benötigt)B 10.0.0.2 WavePad Sound Editor NCH Software 28.07.2012 5,58MB (benötigt) WinDirStat 1.1.2 14.08.2012 852KB (benötigt) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 (benötigt)6.3.5.430) Broadcom 23.07.2012 04/08/2010 6.3.5.430 Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 23.07.2012(benötigt) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) Google, Inc. (benötigt) WinPcap 4.1.2 CACE Technologies 28.07.2012 240KB 4.1.0.2001(benötigt) Wireshark 1.8.1 (64-bit) The Wireshark developer community, hxxp://www.wireshark.org 07.08.2012 102MB 1.8.1(benötigt) Xaldon WebSpider2 28.07.2012 1,64MB (benötigt) ZoneAlarm Free Antivirus + Firewall Check Point 11.08.2012 54,4MB 10.2.074.000(benötigt) µTorrent 28.07.2012 860KB 3.1.3(benötigt) Cisco LEAP Module Cisco Systems, Inc. 06.06.2011 644KB 1.0.19 Cisco PEAP Module Cisco Systems, Inc. 06.06.2011 1,23MB 1.1.6 Compatibility Pack für 2007 Office System Microsoft Corporation 16.08.2012 (benötigt) Copernic Desktop Search - Home Copernic Inc. 28.07.2012 32,4MB (benötigt) Core Temp 1.0 RC3 Alcpu 26.07.2012 2,05MB 1.0(benötigt) CPUID HWMonitor 1.20 28.08.2012 2,43MB (benötigt) DAEMON Tools Lite DT Soft Ltd 28.07.2012 24,8MB 4.45.4.0314(benötigt) Der Herr der Ringe Online v03.03.05.8039 Turbine, Inc. 21.10.2012 10,9GB 03.03.05.8039(benötigt) Device Doctor v1.0 Device Doctor Software Inc. 07.06.2011 1,65MB 1.0(benötigt) Diskeeper Lite Executive Software International, Inc. 17.09.2012 3,51MB 7.0.418(benötigt) DPM Player Philips Speech Processing 02.07.2012 2,78MB 1.00.0000(benötigt) DPMCtrl.dll 2009.3 James M. Voelker 02.07.2012 4,88MB 2009.3(benötigt) DriverAgent by eSupport.com 07.06.2011 (benötigt) DriverTools 1.0 Huawei Technologies Co.,Ltd 28.07.2012 13,5MB 1.0(benötigt) Dropbox Dropbox, Inc. 09.01.2013 24,2MB 1.6.13(benötigt) DSS to Wave Converter 2011.1 James M. Voelker 02.07.2012 4,88MB 2011.1(benötigt) EA SPORTS(TM) FIFA Online Electronic Arts 09.01.2013 1,51GB 1.0.1.1(benötigt) ESET Online Scanner v3 28.07.2012 135MB (benötigt) EVEREST Home Edition v2.20 Lavalys Inc 28.07.2012 6,58MB 2.20(benötigt) EzLog 28.07.2012 7,68MB (benötigt) f4 2012 audiotranskription.de 28.07.2012 (benötigt) Fabasoft Folio Cloud Plug-in Fabasoft R&D GmbH 09.06.2012 15,1MB 12.3.2015 FileHippo.com Update Checker 28.07.2012 380KB (benötigt) FireArc Arcade FireArc.com 07.01.2013 39,2MB 0.3.18 (unbekannt) Foxit Reader 5.1 Foxit Corporation 12.04.2012 30,8MB 5.1.4.104(benötigt) Free Download Manager 3.9 FreeDownloadManager.ORG 17.06.2012 23,5MB (benötigt) Free YouTube Download version 3.1.40.1031 DVDVideoSoft Ltd. 04.12.2012 6,76MB 3.1.40.1031(benötigt) FreeFileSync v5.2 ZenJu 28.07.2012 23,0MB 5.2(benötigt) Futuremark SystemInfo Futuremark Corporation 04.09.2012 2,89MB 3.21.2.1(benötigt) GadgetPack (remove only) 28.07.2012 12,2MB (unbekannt) Gephi 0.8.1 Gephi 13.06.2012 75,2MB (benötigt) Google Talk (remove only) 05.10.2012 3,71MB (benötigt) GPL Ghostscript Artifex Software Inc. 28.07.2012 29,0MB 9.05 (unbekannt) Grim Fandango Quick and Easy Software 24.05.2012 2,98GB 1.0(benötigt) GSview 5.0 Ghostgum Software Pty Ltd 28.07.2012 2,85MB 5.0 (unbekannt) HijackThis 2.0.2 TrendMicro 14.08.2012 416KB 2.0.2(benötigt) HP LaserJet Professional P1100-P1560-P1600 Series 28.06.2011 10,5MB (benötigt) HP USB Disk Storage Format Tool 28.07.2012 812KB (benötigt) HUAWEI DataCard Driver 3.10.00.00 Huawei technologies Co., Ltd. 28.07.2012 4,90MB 3.10.00.00(benötigt) ImagePrinter 2.0.1 Ibadov Tariel 28.07.2012 3,02MB 2.0.1(benötigt) ImagePrinter Pro 4.0 Code-Industry Team. 19.07.2011 26,4MB (benötigt) ImgBurn LIGHTNING UK! 03.08.2012 3,08MB 2.5.5.0(benötigt) IrfanView (remove only) Irfan Skiljan 28.07.2012 1,70MB 4.32(benötigt) iTunes Apple Inc. 27.03.2012 156MB 10.6.0.40(benötigt) Java 7 Update 7 Oracle 13.09.2012 128MB 7.0.70(benötigt) JavaFX 2.1.1 Oracle Corporation 27.07.2012 20,8MB 2.1.1(benötigt) JDiskReport 1.4.0 JGoodies Karsten Lentzsch 28.07.2012 2,02MB 1.4.0 (2012-01-20 11:38:43)(benötigt) JDownloader 0.9 AppWork GmbH 28.07.2012 66,0MB 0.9(benötigt) Juniper Networks Network Connect 7.1.0 Juniper Networks 28.07.2012 7,43MB 7.1.0.19243(benötigt) Juniper Networks, Inc. Setup Client Juniper Networks, Inc. 15.03.2012 1,62MB 7.1.4.13103(benötigt) Juniper Networks, Inc. Setup Client Activex Control Juniper Networks, Inc. 28.07.2012 2.1.1(benötigt).1 K-Lite Mega Codec Pack 7.2.0 08.07.2011 45,4MB 7.2.0(benötigt) Lenovo Patch Utility Lenovo Group Limited 03.08.2012 1,33MB 1.3.0.9(benötigt) Lenovo Patch Utility 64 bit Lenovo Group Limited 03.08.2012 1,35MB 1.3.0.9(benötigt) Lenovo Power Management Driver 28.08.2012 1.65.05.21(benötigt) LibreOffice 3.5 The Document Foundation 23.05.2012 530MB 3.5.3.2(benötigt) LinuxLive USB Creator Thibaut Lauziere 28.07.2012 9,10MB 2.8(benötigt) loadtbs-3.0 14.08.2012 1,93MB (benötigt) LOTRO Plugin Compendium Lunarwater 19.09.2012 1,48MB 1.0.3(benötigt) Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 09.01.2013 11,8MB 1.70.0.1100(benötigt) ManyCam 3.0.80 (remove only) ManyCam LLC 12.09.2012 26,5MB 3.0.80(benötigt) Microsoft .NET Framework 1.1 28.07.2012(benötigt) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 09.06.2011 42,0MB (benötigt) Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 08.06.2011 42,0MB (benötigt) Microsoft .NET Framework 4 Client Profile Microsoft Corporation 12.06.2011 189MB 4.0.30319(benötigt) Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.06.2011 46,4MB 4.0(benötigt).30319 Microsoft Network Monitor 3.4 Microsoft Corporation 11.08.2012 11,2MB 3.4.2350.0(benötigt) Microsoft Network Monitor: NetworkMonitor Parsers 3.4 Microsoft Corporation 11.08.2012 20,3MB 3.4.2350.0(benötigt) Microsoft Office Excel Viewer Microsoft Corporation 16.08.2012 12.0.6612.1000(benötigt) Microsoft Office Word Viewer 2003 Microsoft Corporation 16.08.2012 11.0.8173.0(benötigt) Microsoft Silverlight Microsoft Corporation 23.07.2012 22,5MB 5.1.10411.0(benötigt) Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2012 293KB 8.0.56336(benötigt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 22.06.2011 782KB 9.0.30729.4148(benötigt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19.04.2012 782KB 9.0.30729.6161(benötigt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 07.08.2012 1,41MB 9.0.21022(benötigt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.04.2012 234KB 9.0.30729(benötigt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.06.2011 590KB 9.0.30729.4148(benötigt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.04.2012 594KB 9.0.30729.6161(benötigt) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 10.08.2012 10.0.40219(benötigt) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 19.04.2012 10.0.30319(benötigt) MixPad NCH Software 28.07.2012 4,99MB (nicht benötigt) Monitor Calibration Wizard 1.0 28.07.2012 624KB Mozilla Firefox 17.0.1 (x86 de) Mozilla 17.12.2012 41,8MB 17.0.1(benötigt) Mozilla Maintenance Service Mozilla 09.01.2013 216KB 17.0.2(benötigt) Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 09.01.2013 43,5MB 17.0.2(benötigt) MSXML 4.0 SP3 Parser Microsoft Corporation 29.05.2012 1,47MB 4.30.2100.0(benötigt) MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 13.07.2012 1,53MB 4.30.(benötigt)2114.0 MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 31.05.2012 1,53MB 4.30.2107.0(benötigt) Mustrum 2.1.2 21.01.2012 15,6MB (benötigt) MyPhoneExplorer F.J. Wechselberger 28.07.2012 11,2MB 1.8.2(benötigt) Native Instruments Massive Native Instruments 15.12.2012 96,2MB (benötigt) Native Instruments Service Center Native Instruments 15.12.2012 45,8MB (benötigt) NetworkView Version 3.62 NetworkView Software 07.08.2012 4,49MB 3.62(benötigt) nLite 1.4.9.1 Dino Nuhagic (nuhi) 18.06.2011 9,48MB 1.4.9.1(benötigt) Notebook Hardware Control 2.0 Pre-Release-06 Bugfix Manfred Jaider 28.07.201(benötigt)2 4,86MB 2.0 Pre-Release-06 Bugfix OLYMPUS DSS Player-Lite 28.07.2012 1,63MB (benötigt) OpenAL 04.09.2012 792KB (benötigt) OpenVPN 2.2.2 28.07.2012 3,39MB 2.(benötigt)2.2 Opera 12.11 Opera Software ASA 17.12.2012 41,9(benötigt)MB 12.11.1661 PDFCreator Frank Heindörfer, Philip Chinery 28.01.2012 (benötigt)32,1MB 1.2.3 PhenomMsrTweaker Martin Kinkelin 26.07.2012 420KB 2.0.4(benötigt) Philips DPM Player Hot Fix 02.07.2012 (benötigt) PreSonus Studio One 2 x64 PreSonus Audio Electronics 25.05.2012 149MB 2.0.5.18179(benötigt) PunkBuster Services Even Balance, Inc. 09.01.2013 0.987(benötigt) QuickTime Apple Inc. 27.03.2012 73,2MB 7.71.80.42(benötigt) Realtek Ethernet Controller Driver For Windows Vista and Later Realtek 05.06.2011 372KB 1.00.0010(benötigt) Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 28.07.2012 1,78MB 6.0.1.6034(benötigt) Realtek High Definition Audio Driver Realtek Semiconductor Corp. 07.06.2011 1,78MB 6.0.1.6146(benötigt) REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 06.06.2011 2,02MB 1.00.0143(benötigt) RMPrepUSB 28.07.2012 12,4MB (benötigt) Samplitude Silver – SoundCloud Edition MAGIX AG 28.07.2012 123MB 11.0.1.2(benötigt) Secure Download Manager e-academy Inc. 06.05.2012 1,14MB 3.0.3(benötigt) SecureW2 EAP Suite 1.1.3 for Windows 28.07.2012 64,0KB (benötigt) Similarity 1.7.1 GAR Software 14.08.2012 4,40MB 1.7.1403(benötigt) SIW version 2011.10.29 Topala Software Solutions 24.08.2012 5,78MB 20(benötigt)11.10.29 Skype Click to Call Skype Technologies S.A. 04.02.2012 5,86MB 5.9.9216(benötigt) Skype™ 5.10 Skype Technologies S.A. 21.07.2012 19,0MB 5.10.116(benötigt) Spotify 28.07.2012 60,5MB 0.5.1(benötigt) Spotify Spotify AB 06.05.2012 60,5MB 0.8.3.2(benötigt)22.g317ab79d Steam Valve Corporation 03.02.2012 35,4MB 1.0.0.0(benötigt) Superior Search Home 5.0 11.04.2012 79,0MB (benötigt) Switch Sound File Converter NCH Software 28.07.2012 3,05MB (nicht benötigt) System Update Lenovo 28.08.2012 26,6MB 3.15.0017(benötigt) TeamSpeak 3 Client TeamSpeak Systems GmbH 01.09.2012 52,(benötigt)5MB 3.0.6 ThinkPad Bluetooth with Enhanced Data Rate Software Broadcom Corporation 23.07.2012 (benötigt)144MB 6.2.1.3200 ThinkPad UltraNav Driver 23.07.2012 24,6MB 15.0.18.0(benötigt) Thoosje Sevenbar 28.07.2012 116KB (benötigt) TPFanControl v0.62 troubadix 26.07.2012 1,58MB (benötigt) Trojan Remover 6.8.4 Simply Super Software 07.08.2012 10,2MB 6.8.4(benötigt) Ultra Image Printer 2.0 Ultrashareware Software, Inc. 19.07.2011 2,37MB (benötigt) UltraVNC 1.0.9.1 1.0.9.1 03.08.2012 4,40MB 1.0.9.1(benötigt) Unity Web Player Unity Technologies ApS 09.01.2013 216KB (benötigt) VideoPad Video Editor NCH Software 07.08.2012 13,1MB (nicht benötigt) Visual Studio 2008 x64 Redistributables AVG Technologies 11.06.2012 8,14M(benötigt)B 10.0.0.2 WavePad Sound Editor NCH Software 28.07.2012 5,58MB (benötigt) WinDirStat 1.1.2 14.08.2012 852KB (benötigt) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 (benötigt)6.3.5.430) Broadcom 23.07.2012 04/08/2010 6.3.5.430 Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 23.07.2012(benötigt) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) Google, Inc. (benötigt) WinPcap 4.1.2 CACE Technologies 28.07.2012 240KB 4.1.0.2001(benötigt) Wireshark 1.8.1 (64-bit) The Wireshark developer community, hxxp://www.wireshark.org 07.08.2012 102MB 1.8.1(benötigt) Xaldon WebSpider2 28.07.2012 1,64MB (benötigt) ZoneAlarm Free Antivirus + Firewall Check Point 11.08.2012 54,4MB 10.2.074.000(benötigt) µTorrent 28.07.2012 860KB 3.1.3(benötigt) "adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Schließe alle offenen Programme und Browser. Starte die adwcleaner.exe mit einem Doppelklick. Klicke auf Löschen. Bestätige jeweils mit Ok. Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir den Inhalt mit deiner nächsten Antwort. Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)" Hier das Protokoll des Adw-CLeaners nach der Säuberung: Code:
ATTFilter "# AdwCleaner v2.104 - Datei am 11/01/2013 um 02:42:32 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Sebastian - SEBASTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sebastian\Downloads\adwcleaner_2.1.0.5.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Program Files (x86)\Conduit
Gelöscht mit Neustart : C:\ProgramData\Ask
Gelöscht mit Neustart : C:\Users\Sebastian\AppData\Local\Conduit
Gelöscht mit Neustart : C:\Users\Sebastian\AppData\Roaming\loadtbs
Gelöscht mit Neustart : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\bqr6bhwq.default\Smartbar
Gelöscht mit Neustart : C:\Users\Sebastian\Desktop\Software
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16448
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=1689 --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0 (de)
Datei : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\bqr6bhwq.default\prefs.js
Gelöscht : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_city", "BERLIN");
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2319825.FirstTime", "true");
Gelöscht : user_pref("CT2319825.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.UserID", "UN31948728478789015");
Gelöscht : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.autoDisableScopes", 10);
Gelöscht : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2319825.defaultSearch", "true");
Gelöscht : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2319825.enableAlerts", "always");
Gelöscht : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2319825.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundError", "false");
Gelöscht : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2319825.fixUrls", true);
Gelöscht : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.isNewTabEnabled", false);
Gelöscht : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2319825.keyword", false);
Gelöscht : user_pref("CT2319825.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Gelöscht : user_pref("CT2319825.openThankYouPage", "false");
Gelöscht : user_pref("CT2319825.openUninstallPage", "true");
Gelöscht : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Gelöscht : user_pref("CT2319825.search.searchCount", "0");
Gelöscht : user_pref("CT2319825.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Gelöscht : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.sendUsageEnabled", "false");
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344945709131");
Gelöscht : user_pref("CT2319825.serviceLayer_services_appTracking_lastUpdate", "1344945712472");
Gelöscht : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1344945708948");
Gelöscht : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344945711572");
Gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344945711968");
Gelöscht : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344945709977");
Gelöscht : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1344945708842");
Gelöscht : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1344945707944");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344945711630");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1344945708234");
Gelöscht : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1344945708931");
Gelöscht : user_pref("CT2319825.settingsINI", true);
Gelöscht : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2319825.smartbar.homepage", true);
Gelöscht : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Gelöscht : user_pref("CT2319825.toolbarBornServerTime", "14-8-2012");
Gelöscht : user_pref("CT2319825.toolbarCurrentServerTime", "14-8-2012");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
-\\ Opera v12.11.1661.0
Datei : C:\Users\Sebastian\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1769 octets] - [23/07/2012 16:08:07]
AdwCleaner[R2].txt - [1829 octets] - [23/07/2012 16:10:29]
AdwCleaner[R3].txt - [14899 octets] - [09/01/2013 19:28:15]
AdwCleaner[R4].txt - [9703 octets] - [11/01/2013 02:42:03]
AdwCleaner[S1].txt - [1811 octets] - [23/07/2012 16:10:40]
AdwCleaner[S2].txt - [9296 octets] - [11/01/2013 02:42:32]
########## EOF - C:\AdwCleaner[S2].txt - [9356 octets] ##########
"
|
|
11.01.2013, 14:38
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes Anti-Malware und viele PUP.LoadTubes @Atina: Wir löschen keine Logs! Siehe http://www.trojaner-board.de/108422-...tml#post758384
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.01.2013, 15:27
| #11 |
| /// Malware-holic | Malewarebytes Anti-Malware und viele PUP.LoadTubes hi kannst du deine Version vom adw cleaner löschen, neu laden, und erneut löschen, und dann das log posten?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 18:15
| #12 |
| | Malewarebytes Anti-Malware und viele PUP.LoadTubes Tut mir leid, das versteh ich nicht. |
|
11.01.2013, 19:37
| #13 |
| /// Malware-holic | Malewarebytes Anti-Malware und viele PUP.LoadTubes sorry, du sollst bitte den adwcleaner löschen, laden und erneut ausführen da deine Version veraltet ist vor allem würd mich eh mal interessieren, warum du den ausgeführt hast ohne anweisung? vor allem gleich gelöscht... hätte auch schief gehen können
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.01.2013, 20:13
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes Anti-Malware und viele PUP.LoadTubes Nochmal @Atina, wir löschen keine Logs 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.01.2013, 20:16
| #15 |
| /// Malware-holic | Malewarebytes Anti-Malware und viele PUP.LoadTubes wollt ich auch grad schreiben, vor allem, was ist bitte sensibel an der Firefox Version
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Malewarebytes Anti-Malware und viele PUP.LoadTubes |
| 7-zip, antivirus, appdatalow, avira, bho, bonjour, cloud, converter, error, excel, firefox, flash player, free download, google, hijack, hijackthis, home, hängen, iexplore.exe, install.exe, internet browser, jdownloader, kaspersky, lenovo, loadtbs-3.0, logfile, object, olympus, plug-in, pup.operapasswordtool, realtek, registrierungsdatenbank, scan, security, software, spotify web helper, super, svchost.exe, teamspeak, vista, visual studio |
Linear-Darstellung
