| |
| |||||||
Log-Analyse und Auswertung: Loadtbs-3.0 entfernen, Schäden beseitigenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.02.2013, 13:51
| #1 |
 |  Loadtbs-3.0 entfernen, Schäden beseitigen Hallo zusammen, ich habe mit Avira Internetsecurity 2012 einen Vollscan durchgeführt, und das ist das Ergebnis: Code:
ATTFilter Avira Internet Security 2012
Erstellungsdatum der Reportdatei: Montag, 4. Februar 2013 17:26
Es wird nach 4925249 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : ***
Seriennummer :***
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MITCH-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1197 48681 Bytes 11.10.2012 15:22:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 13.11.2012 15:43:44
AVSCAN.DLL : 12.3.0.15 66256 Bytes 20.06.2012 17:56:38
LUKE.DLL : 12.3.0.15 68304 Bytes 20.06.2012 17:58:02
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 20.06.2012 18:00:05
AVREG.DLL : 12.3.0.17 232200 Bytes 20.06.2012 18:00:04
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 17:50:44
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 17:50:44
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:52:41
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 17:53:18
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 17:53:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 15:17:27
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 15:02:15
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 11:56:50
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 12:43:20
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 12:43:24
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 12:43:24
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 12:43:29
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 12:43:30
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 12:59:36
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 19:27:46
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 16:47:20
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 21:10:31
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 15:41:21
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 17:35:03
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 10:28:56
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 22:20:01
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 20:35:20
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 15:20:50
VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 16:02:28
VBASE024.VDF : 7.11.58.119 137728 Bytes 24.01.2013 15:24:48
VBASE025.VDF : 7.11.58.175 132608 Bytes 25.01.2013 23:11:17
VBASE026.VDF : 7.11.58.213 116736 Bytes 27.01.2013 11:04:43
VBASE027.VDF : 7.11.59.68 1887744 Bytes 31.01.2013 12:40:46
VBASE028.VDF : 7.11.59.159 431104 Bytes 04.02.2013 16:20:26
VBASE029.VDF : 7.11.59.160 2048 Bytes 04.02.2013 16:20:26
VBASE030.VDF : 7.11.59.161 2048 Bytes 04.02.2013 16:20:27
VBASE031.VDF : 7.11.59.162 2048 Bytes 04.02.2013 16:20:27
Engineversion : 8.2.10.246
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 17:02:09
AESCRIPT.DLL : 8.1.4.86 467323 Bytes 01.02.2013 00:53:24
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 16:36:03
AESBX.DLL : 8.2.5.12 606578 Bytes 20.06.2012 17:55:09
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 17:07:41
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 23:21:18
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 22:52:30
AEHEUR.DLL : 8.1.4.194 5710199 Bytes 01.02.2013 18:18:16
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 21:17:29
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 15:24:51
AEEXP.DLL : 8.3.0.18 188789 Bytes 01.02.2013 00:53:25
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 17:02:05
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 16:35:57
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 22:52:10
AVWINLL.DLL : 12.3.0.15 27344 Bytes 20.06.2012 17:50:44
AVPREF.DLL : 12.3.0.32 50720 Bytes 13.11.2012 15:43:42
AVREP.DLL : 12.3.0.15 179208 Bytes 20.06.2012 18:00:05
AVARKT.DLL : 12.3.0.33 209696 Bytes 13.11.2012 15:43:38
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 20.06.2012 17:56:03
SQLITE3.DLL : 3.7.0.1 398288 Bytes 20.06.2012 17:58:55
AVSMTP.DLL : 12.3.0.32 63992 Bytes 31.07.2012 08:39:51
NETNT.DLL : 12.3.0.15 17104 Bytes 20.06.2012 17:58:22
RCIMAGE.DLL : 12.3.0.31 4819704 Bytes 31.07.2012 08:39:44
RCTEXT.DLL : 12.3.0.32 98848 Bytes 13.11.2012 15:43:34
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20130204-172521-33BDC1E9.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, F:, G:, H:, O:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 4. Februar 2013 17:26
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD5
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD6
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'H:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'O:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Versteckter Treiber
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'AVWEBGRD.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'Reader_sl.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarWindServiceAE.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Windows\Sysnative\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '6948' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'F:\' <spiele>
Beginne mit der Suche in 'G:\' <Ungeschnitten>
Beginne mit der Suche in 'H:\' <Musik & Clips>
Beginne mit der Suche in 'O:\' <Sicherung>
Ende des Suchlaufs: Montag, 4. Februar 2013 17:55
Benötigte Zeit: 29:05 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
27308 Verzeichnisse wurden überprüft
504035 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
504034 Dateien ohne Befall
5439 Archive wurden durchsucht
1 Warnungen
0 Hinweise
48 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.04.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MITCH :: MITCH-PC [Administrator] Schutz: Aktiviert 04.02.2013 19:29:43 mbam-log-2013-02-04 (19-29-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|O:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354022 Laufzeit: 17 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\MITCH\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 19 C:\Users\MITCH\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\data\npm.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\data\ytdl.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\html\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MITCH\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Nach den Scanaktionen ist mir erst aufgefallen das Loadtbs-3.0 sich als Addon in Fiirefox installiert hat. Das Addon habe ich entfehrnt. Windows hat gestern die neuesten Systemupdates installiert (Fals das ne Rolle spielt) So und jetzt kommt die Frage aller Fragen: Kann mir bitte jemand weiter helfen? MFG Mitch Geändert von Mitchbox (14.02.2013 um 13:57 Uhr) |
|
14.02.2013, 13:59
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Loadtbs-3.0 entfernen, Schäden beseitigen Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ |
|
16.02.2013, 00:22
| #3 |
| | Loadtbs-3.0 entfernen, Schäden beseitigen Hallo Cosinus,
__________________danke für deine Hilfe. Ich habe deine Anweisungen gelesen und soweit durchgeführt. Hier sind die Logs: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 15/02/2013 um 00:34:56 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : MITCH - MITCH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MITCH\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\fr1nr1rq.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Uninstall.exe
Ordner Gelöscht : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\software@loadtubes.com
Ordner Gelöscht : C:\Users\MITCH\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\fr1nr1rq.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js
C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\user.js ... Gelöscht !
Gelöscht : user_pref("pttl.menu-search-groups-tab", false);
Gelöscht : user_pref("pttl.menu-search-groups-win", false);
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Chromium v window_placement: {
bottom: 988
Datei : C:\Users\MITCH\AppData\Local\Chromium\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2243 octets] - [15/02/2013 00:34:56]
########## EOF - C:\AdwCleaner[S1].txt - [2303 octets] ##########
Code:
ATTFilter OTL logfile created on: 15.02.2013 12:57:37 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MITCH\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,76 Gb Available Physical Memory | 84,46% Memory free 16,00 Gb Paging File | 14,66 Gb Available in Paging File | 91,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 65,35 Gb Free Space | 54,85% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 81,49 Gb Free Space | 83,45% Space Free | Partition Type: NTFS Drive G: | 423,03 Gb Total Space | 150,68 Gb Free Space | 35,62% Space Free | Partition Type: NTFS Drive H: | 199,09 Gb Total Space | 155,16 Gb Free Space | 77,94% Space Free | Partition Type: NTFS Drive O: | 119,92 Gb Total Space | 20,60 Gb Free Space | 17,18% Space Free | Partition Type: NTFS Computer Name: MITCH-PC | User Name: MITCH | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MITCH\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NTIOLib_1_0_6) -- C:\Program Files (x86)\Setup Files\Ms7642v1D0\NTIOLib_X64.sys (MSI) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 87 59 65 78 16 CD 01 [binary data] IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\SearchScopes\{75DE8DA1-9E23-422C-9F40-450857FE28F9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.0 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7B6bdc61ae-7b80-44a3-9476-e1d121ec2238%7D:0.85 FF - prefs.js..extensions.enabledAddons: %7Bfa8476cf-a98c-4e08-99b4-65a69cb4b7d4%7D:1.5.0.2 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 4001 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 4001 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 4001 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:11:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:11:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.17 20:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Extensions [2013.02.06 19:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions [2013.01.30 13:19:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.02.17 00:05:40 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\clickclean@hotcleaner.com [2012.09.15 18:59:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\ich@maltegoetz.de [2013.02.15 00:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2011.12.17 13:26:23 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008} [2012.07.30 22:41:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.07.30 22:41:17 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org [2011.12.17 13:26:24 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach [2011.11.17 20:29:34 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.02.09 23:32:14 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi [2013.01.30 13:19:51 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.10.03 17:45:15 | 000,048,875 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2012.03.21 20:35:25 | 000,447,072 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2012.07.30 22:41:17 | 000,526,190 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.30 22:41:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.12.30 12:46:09 | 000,044,727 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2012.02.24 21:40:47 | 000,002,419 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\englische-ergebnisse.xml [2012.02.24 21:40:47 | 000,010,525 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\gmx-suche.xml [2012.02.24 21:40:47 | 000,002,457 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\lastminute.xml [2012.02.24 21:40:47 | 000,005,508 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\webde-suche.xml [2013.02.06 17:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.02.06 17:11:29 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.21 01:53:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.11 12:06:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.21 01:53:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.21 01:53:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.21 01:53:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.21 01:53:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - Extension: WOT = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.9_0\ CHR - Extension: YouTube = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Click&Clean = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\ CHR - Extension: Click&Clean App = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\ CHR - Extension: Google Mail = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~2\FRESHD~1\FRESHD~1\fdiebar.dll File not found O3 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9 - Extra Button: FreshDownload - {0112EFE4-D779-47C0-90DC-E4170B88D340} - C:\Program Files (x86)\FreshDevices\FreshDownload\fd.exe File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD673351-AEB8-44A4-A92F-351229691467}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{91df1ea0-5d63-11e2-9181-6c626d05970a}\Shell - "" = AutoRun O33 - MountPoints2\{91df1ea0-5d63-11e2-9181-6c626d05970a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 23:59:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 23:59:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 23:59:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 23:59:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 23:59:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 23:59:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 23:59:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 23:59:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 23:59:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 23:59:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 23:59:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 23:59:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 23:59:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 23:59:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 23:59:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 23:50:02 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 23:50:01 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 23:50:01 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 23:48:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 23:48:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 23:48:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 23:48:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 23:48:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 23:48:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 23:48:46 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.11 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.11 17:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.11 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.02.06 17:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.04 20:45:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MITCH\Desktop\OTL.exe [2013.02.04 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\Malwarebytes [2013.02.04 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.04 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.04 19:25:37 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.04 19:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.04 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Local\Programs [2013.02.02 21:07:23 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\BitTorrent [2013.02.02 21:04:59 | 001,053,520 | ---- | C] (BitTorrent Inc.) -- C:\Program Files (x86)\BitTorrent_7.8.exe [2013.02.02 15:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD PVR Editor [2013.02.02 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD PVR Editor ========== Files - Modified Within 30 Days ========== [2013.02.15 12:50:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000UA.job [2013.02.15 12:32:28 | 000,023,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 12:32:28 | 000,023,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 12:29:10 | 001,622,486 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.15 12:29:10 | 000,699,776 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.15 12:29:10 | 000,654,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.15 12:29:10 | 000,149,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.15 12:29:10 | 000,122,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.15 12:25:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.15 12:24:59 | 2146,815,999 | -HS- | M] () -- C:\hiberfil.sys [2013.02.15 01:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.14 14:29:03 | 000,587,671 | ---- | M] () -- C:\Users\MITCH\Desktop\adwcleaner0.exe [2013.02.14 10:50:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000Core.job [2013.02.14 00:10:57 | 000,268,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.11 14:08:31 | 000,050,477 | ---- | M] () -- C:\Users\MITCH\Desktop\Defogger.exe [2013.02.10 00:27:47 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.10 00:27:47 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.04 20:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MITCH\Desktop\OTL.exe [2013.02.04 19:25:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.03 15:57:56 | 000,001,309 | ---- | M] () -- C:\Users\MITCH\Desktop\BitTorrent_7.8 - Verknüpfung.lnk [2013.02.02 21:05:05 | 001,053,520 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\BitTorrent_7.8.exe [2013.02.01 00:47:43 | 000,002,364 | ---- | M] () -- C:\Users\MITCH\Desktop\Google Chrome.lnk [2013.01.20 10:55:13 | 000,019,968 | ---- | M] () -- C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2013.02.14 14:29:02 | 000,587,671 | ---- | C] () -- C:\Users\MITCH\Desktop\adwcleaner0.exe [2013.02.11 14:08:31 | 000,050,477 | ---- | C] () -- C:\Users\MITCH\Desktop\Defogger.exe [2013.02.04 19:25:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.03 15:57:56 | 000,001,309 | ---- | C] () -- C:\Users\MITCH\Desktop\BitTorrent_7.8 - Verknüpfung.lnk [2012.06.25 17:16:28 | 000,000,292 | ---- | C] () -- C:\Users\MITCH\AppData\Local\HamsterBookConverter.cfg [2012.06.16 10:07:41 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\VBRUN100.DLL [2012.05.06 10:31:20 | 000,017,408 | ---- | C] () -- C:\Users\MITCH\AppData\Local\WebpageIcons.db [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.09 00:04:20 | 000,019,968 | ---- | C] () -- C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.11 16:09:42 | 001,599,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.02 22:19:34 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.09.02 21:20:01 | 000,007,604 | ---- | C] () -- C:\Users\MITCH\AppData\Local\resmon.resmoncfg [2011.08.25 15:33:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B6AC352B < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.02.2013 12:57:37 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MITCH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,76 Gb Available Physical Memory | 84,46% Memory free
16,00 Gb Paging File | 14,66 Gb Available in Paging File | 91,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 65,35 Gb Free Space | 54,85% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 81,49 Gb Free Space | 83,45% Space Free | Partition Type: NTFS
Drive G: | 423,03 Gb Total Space | 150,68 Gb Free Space | 35,62% Space Free | Partition Type: NTFS
Drive H: | 199,09 Gb Total Space | 155,16 Gb Free Space | 77,94% Space Free | Partition Type: NTFS
Drive O: | 119,92 Gb Total Space | 20,60 Gb Free Space | 17,18% Space Free | Partition Type: NTFS
Computer Name: MITCH-PC | User Name: MITCH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0896509A-86AB-4E3E-B55F-E93C1BB76008}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{235BD6DF-CC63-4FD1-A65B-873017720E94}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2D0F3EE3-432A-42E3-A586-BF3A6E157B88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FC6E7FC-C9F7-47E9-8B44-B6E25FFB582B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B05E0B5-C227-4C46-A1D1-B1602679DF9D}" = lport=139 | protocol=6 | dir=in | app=system |
"{6048750D-A204-4ECE-A065-248F18D6DB2E}" = lport=137 | protocol=17 | dir=in | app=system |
"{608FB095-3F51-4442-81E5-EAE9CA3F2C42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67056C47-2006-4AEC-AB2E-CE8449DE9018}" = lport=10243 | protocol=6 | dir=in | app=system |
"{72425582-A4DC-4B98-A110-1908EA32CCDF}" = lport=445 | protocol=6 | dir=in | app=system |
"{75294EED-B704-4AAC-BAEE-C446CA763BF2}" = rport=139 | protocol=6 | dir=out | app=system |
"{9D410372-E819-4022-9F5B-15063F3634B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AFD8EA5E-CA05-4B13-8515-DDC9AF677A74}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B914FA62-E2E3-477D-B15D-99B71B13AD85}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA8BDCB1-FED7-4BDC-AAD5-C9CF8686F406}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA3E5C6D-19FD-44AA-8C09-B7D200857DBC}" = rport=445 | protocol=6 | dir=out | app=system |
"{E0F69884-C1F3-4182-AD6B-56C9FC0E242D}" = rport=137 | protocol=17 | dir=out | app=system |
"{E72E56B6-6B44-439F-B562-A883C199F6CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE09C395-8F44-4314-9FAA-1A70411C09F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FAFC504B-C285-4C5A-BC13-72A5BBE61C9A}" = lport=138 | protocol=17 | dir=in | app=system |
"{FE09AD30-FFC9-438F-BC4A-AE24FFFF657C}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE224476-E5A7-490A-AE47-EFA152E5ABE6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18945855-611F-4022-9574-56B535E25C54}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{334E2ADE-39A3-421A-859E-141F94192833}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{557DC502-5343-4E56-8226-AC2CBA9D0998}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5629ACDD-3391-4535-AE21-471636FF2F7B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{5AC12CFD-7351-4A7F-A2BE-14F67CCB48C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{649E8AF9-BD2A-4B1F-9C39-2ED3FF72FA82}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{676C76BD-0904-4B57-B61F-5166AF0A7D3C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E2EF138-F161-4373-B64B-7A3EE2C21DDF}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent_7.8.exe |
"{77CBABD5-0193-4344-884B-0957085842A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent_7.8.exe |
"{77E3EC31-8C6C-49A0-9FD2-D64EEDF07E21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D527085-9AAB-4E0E-95FA-A05340E6D934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7ED139D5-DA75-40B0-A563-D90FA094933F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{90724341-B414-4300-8926-8ED6D93DDA67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9838B095-28BC-4651-A35C-4AB161975CD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A15462F3-8EC2-4A9C-901B-5783820C9727}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA781861-FBD5-4ADA-A5A1-BC0C00E49AE3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AB177CB1-90FB-4FB6-9039-84347FE72CDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE6B921D-BF14-4C57-9CC5-059FABA4F81D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB67FFFF-E50B-4562-9BD1-59D95E64D46B}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{C8200822-18C7-4033-A3AE-4DC4E803588B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3424554-0B9E-4195-BACF-9D4E9BB5743E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E35F975F-571C-4DEA-A0FD-0F34DBF4BAEA}" = protocol=6 | dir=out | app=system |
"{EB41979B-AF59-4C06-868F-DA1FBAEAEABA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE176FDB-C254-47EC-8CCC-DEF2816A0201}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F5422D29-D615-45C0-94CF-AD1748ADFEE1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8707C83-BEAE-4F08-8D3B-75C97323AF55}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{FFC3EF5A-FA08-4500-BAFE-B01AB81D157E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{57BE2C44-E41F-46B4-93DC-746FD54E2ECB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{8DC304EE-DDDB-48BC-B656-24323B2EA75A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{C2FBB88A-65AA-6751-25EC-6A9046FA5F3B}" = Windows Driver Kit
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f65530f7-1696-4fcd-8876-37cdcacdbd4c}" = Windows Driver Kit
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FBDF7205-0CD2-435A-A595-58166C4C7953}" = Vector 12.04.073
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Internet Security 2012
"BitTorrent" = BitTorrent
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"HD PVR Editor_is1" = HD PVR Editor 2.0
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"JAP" = JAP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Notepad++" = Notepad++
"Orbit_is1" = Orbit Downloader
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.01.2013 11:04:56 | Computer Name = MITCH-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_InstallShield, Version:
14.0.0.162, Zeitstempel: 0x4626b2f4 Name des fehlerhaften Moduls: ISSetup.dll, Version:
14.0.0.162, Zeitstempel: 0x4626b290 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0009a0ef
ID
des fehlerhaften Prozesses: 0x790 Startzeit der fehlerhaften Anwendung: 0x01cdedb18321a642
Pfad
der fehlerhaften Anwendung: D:\Drv\Setup.exe Pfad des fehlerhaften Moduls: C:\Users\MITCH\AppData\Local\Temp\{DC17C0E7-3F03-476F-BD0F-5A95A6D3B7CB}\Disk1\ISSetup.dll
Berichtskennung:
c2f8c215-59a4-11e2-a006-6c626d05970a
Error - 08.01.2013 11:06:39 | Computer Name = MITCH-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
14.0.0.162, Zeitstempel: 0x4626b2f4 Name des fehlerhaften Moduls: ISSetup.dll, Version:
14.0.0.162, Zeitstempel: 0x4626b290 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0009a0ef
ID
des fehlerhaften Prozesses: 0x82c Startzeit der fehlerhaften Anwendung: 0x01cdedb1c2047d80
Pfad
der fehlerhaften Anwendung: C:\Users\MITCH\AppData\Local\Temp\{CC8ACC3D-BB74-4F65-A613-ED518C991144}\setup.exe
Pfad
des fehlerhaften Moduls: C:\Users\MITCH\AppData\Local\Temp\{CC8ACC3D-BB74-4F65-A613-ED518C991144}\ISSetup.dll
Berichtskennung:
009a4f3b-59a5-11e2-a006-6c626d05970a
Error - 08.01.2013 11:27:43 | Computer Name = MITCH-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0x80072EE7
Error - 08.01.2013 11:27:43 | Computer Name = MITCH-PC | Source = Software Protection Platform Service | ID = 8208
Description = Fehler bei der Erfassung des authentischen Tickets (hr=0x80072EE7)
für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error - 08.01.2013 11:38:03 | Computer Name = MITCH-PC | Source = Windows Backup | ID = 4104
Description =
Error - 09.01.2013 11:35:53 | Computer Name = MITCH-PC | Source = Dvd Maker | ID = 155649001
Description =
Error - 09.01.2013 11:36:37 | Computer Name = MITCH-PC | Source = Dvd Maker | ID = 155649001
Description =
Error - 10.01.2013 12:19:44 | Computer Name = MITCH-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mmc.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc808 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000
ID
des fehlerhaften Prozesses: 0x8f8 Startzeit der fehlerhaften Anwendung: 0x01cdef4d633c45b1
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\mmc.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 8ad08ec1-5b41-11e2-b7f5-6c626d05970a
Error - 12.01.2013 08:50:31 | Computer Name = MITCH-PC | Source = Dvd Maker | ID = 155649001
Description =
Error - 12.01.2013 09:09:36 | Computer Name = MITCH-PC | Source = Dvd Maker | ID = 155649001
Description =
Error - 20.01.2013 04:57:12 | Computer Name = MITCH-PC | Source = Dvd Maker | ID = 155649001
Description =
[ System Events ]
Error - 10.02.2013 14:08:43 | Computer Name = MITCH-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 11.02.2013 05:32:27 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 12.02.2013 05:44:13 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 13.02.2013 05:59:22 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 13.02.2013 18:34:54 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 13.02.2013 19:10:57 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 14.02.2013 05:08:56 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 14.02.2013 18:39:24 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 14.02.2013 19:38:27 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 15.02.2013 07:25:02 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
< End of report >
|
|
16.02.2013, 17:45
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Loadtbs-3.0 entfernen, Schäden beseitigen Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.02.2013, 20:22
| #5 |
| | Loadtbs-3.0 entfernen, Schäden beseitigen Ok alles erledigt, ohne Absturz: Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-16 19:53:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_470_Series_SSD rev.AXM09B1Q 119,24GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\MITCH\AppData\Local\Temp\fgloypog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88004058d64 12 bytes {MOV RAX, 0xfffffa80078a02a0; JMP RAX}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b41465 2 bytes [B4, 74]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b414bb 2 bytes [B4, 74]
.text ... * 2
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b41465 2 bytes [B4, 74]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b414bb 2 bytes [B4, 74]
.text ... * 2
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b41465 2 bytes [B4, 74]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b414bb 2 bytes [B4, 74]
.text ... * 2
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800104a0c0] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001049e4c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800104a838] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001049600] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800104aa8c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoWMIRegistrationControl] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ExFreePoolWithTag] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoWMIWriteEvent] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoRegisterDeviceInterface] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoStartPacket] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoStartTimer] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlInitUnicodeString] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoDeleteDevice] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeSetEvent] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoFreeWorkItem] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeInitializeEvent] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlQueryRegistryValues] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlInitAnsiString] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlGetVersion] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoDetachDevice] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!PoRequestPowerIrp] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoCancelIrp] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoStopTimer] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoStartNextPacket] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAllocateWorkItem] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!_vsnwprintf] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!PoStartNextPowerIrp] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!_vsnprintf] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ZwClose] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IofCompleteRequest] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoInitializeTimer] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoFreeIrp] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!PoCallDriver] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAllocateIrp] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlCompareMemory] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ObfReferenceObject] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoSetStartIoAttributes] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoCreateDevice] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IofCallDriver] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoBuildPartialMdl] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoFreeMdl] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeDelayExecutionThread] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoQueueWorkItem] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAllocateMdl] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ZwEnumerateValueKey] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ZwOpenKey] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeBugCheckEx] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeWaitForSingleObject] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!NlsMbCodePageTag] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoIs32bitProcess] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!MmProbeAndLockPages] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!MmUnlockPages] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoGetIoPriorityHint] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!EtwUnregister] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!EtwRegister] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!EtwEventEnabled] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!EtwWrite] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!EtwProviderEnabled] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!__C_specific_handler] [?]
IAT C:\Windows\System32\Drivers\aaro7b4o.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] [?]
---- Devices - GMER 2.1 ----
Device \Driver\atapi \Device\Ide\IdePort4 fffffa80069e52c0
Device \Driver\atapi \Device\Ide\IdePort0 fffffa80069e52c0
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-7 fffffa80069e52c0
Device \Driver\atapi \Device\Ide\IdePort5 fffffa80069e52c0
Device \Driver\atapi \Device\Ide\IdePort1 fffffa80069e52c0
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-6 fffffa80069e52c0
Device \Driver\atapi \Device\Ide\IdePort6 fffffa80069e52c0
Device \Driver\atapi \Device\Ide\IdePort2 fffffa80069e52c0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 fffffa80069e52c0
Device \Driver\atapi \Device\Ide\IdePort7 fffffa80069e52c0
Device \Driver\atapi \Device\Ide\IdePort3 fffffa80069e52c0
Device \Driver\aaro7b4o \Device\Scsi\aaro7b4o1 fffffa80079132c0
Device \Driver\aaro7b4o \Device\Scsi\aaro7b4o1Port8Path0Target0Lun0 fffffa80079132c0
Device \FileSystem\Ntfs \Ntfs fffffa8006aab2c0
Device \Driver\USBSTOR \Device\0000007e fffffa80076ef2c0
Device \Driver\atapi \Device\ScsiPort7 fffffa80069e52c0
Device \Driver\aaro7b4o \Device\ScsiPort8 fffffa80079132c0
Device \Driver\usbohci \Device\USBPDO-5 fffffa80078a22c0
Device \Driver\usbehci \Device\USBFDO-3 fffffa80078af2c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa80078af2c0
Device \Driver\USBSTOR \Device\00000080 fffffa80076ef2c0
Device \Driver\cdrom \Device\CdRom0 fffffa80076c02c0
Device \Driver\cdrom \Device\CdRom1 fffffa80076c02c0
Device \Driver\USBSTOR \Device\0000007f fffffa80076ef2c0
Device \Driver\usbehci \Device\USBPDO-6 fffffa80078af2c0
Device \Driver\usbohci \Device\USBFDO-4 fffffa80078a22c0
Device \Driver\usbohci \Device\USBPDO-2 fffffa80078a22c0
Device \Driver\usbohci \Device\USBFDO-0 fffffa80078a22c0
Device \Driver\USBSTOR \Device\00000081 fffffa80076ef2c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{FD673351-AEB8-44A4-A92F-351229691467} fffffa80077d42c0
Device \Driver\usbohci \Device\USBFDO-5 fffffa80078a22c0
Device \Driver\usbehci \Device\USBPDO-3 fffffa80078af2c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa80078af2c0
Device \Driver\USBSTOR \Device\00000082 fffffa80076ef2c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80077d42c0
Device \Driver\usbehci \Device\USBFDO-6 fffffa80078af2c0
Device \Driver\usbohci \Device\USBPDO-4 fffffa80078a22c0
Device \Driver\atapi \Device\ScsiPort0 fffffa80069e52c0
Device \Driver\usbohci \Device\USBFDO-2 fffffa80078a22c0
Device \Driver\usbohci \Device\USBPDO-0 fffffa80078a22c0
Device \Driver\atapi \Device\ScsiPort1 fffffa80069e52c0
Device \Driver\USBSTOR \Device\00000083 fffffa80076ef2c0
Device \Driver\atapi \Device\ScsiPort2 fffffa80069e52c0
Device \Driver\atapi \Device\ScsiPort3 fffffa80069e52c0
Device \Driver\atapi \Device\ScsiPort4 fffffa80069e52c0
Device \Driver\atapi \Device\ScsiPort5 fffffa80069e52c0
Device \Driver\atapi \Device\ScsiPort6 fffffa80069e52c0
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80069e52c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80069e52c0
Trace 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80072a1060] fffffa80072a1060
Trace 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80070501f0] fffffa80070501f0
Trace \Driver\atapi[0xfffffa8006b1ce70] -> IRP_MJ_CREATE -> 0xfffffa80069e52c0 fffffa80069e52c0
---- Modules - GMER 2.1 ----
Module \SystemRoot\System32\Drivers\aaro7b4o.SYS (USB Mass Storage Class Driver/Microsoft Corporation SIGNED)(2011-08-24 20:39:41) fffff880044ed000-fffff88004531000 (278528 bytes)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null)
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x99 0xC8 0x38 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x42 0xCA 0xE6 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0x77 0xF4 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x99 0xC8 0x38 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x42 0xCA 0xE6 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0x77 0xF4 0xDC ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.16.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MITCH :: MITCH-PC [administrator]
16.02.2013 20:10:35
mbar-log-2013-02-16 (20-10-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29142
Time elapsed: 4 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
16.02.2013, 20:26
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Loadtbs-3.0 entfernen, Schäden beseitigen aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Loadtbs-3.0 entfernen, Schäden beseitigen |
|
16.02.2013, 21:53
| #7 |
| | Loadtbs-3.0 entfernen, Schäden beseitigen Bei aswMBR-Scan war diese Zeile in rot geschrieben: 21:19:20.851 \Driver\atapi[0xfffffa8006b1ce70] -> IRP_MJ_CREATE -> 0xfffffa80069e52c0 Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-16 21:17:45
-----------------------------
21:17:45.316 OS Version: Windows x64 6.1.7601 Service Pack 1
21:17:45.316 Number of processors: 4 586 0x403
21:17:45.316 ComputerName: MITCH-PC UserName: MITCH
21:17:45.644 Initialize success
21:17:53.881 AVAST engine defs: 13021600
21:19:10.945 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-7
21:19:10.945 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 11
21:19:10.945 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4
21:19:10.945 Disk 1 Vendor: SAMSUNG_470_Series_SSD AXM09B1Q Size: 122104MB BusType: 11
21:19:10.960 Disk 1 MBR read successfully
21:19:10.960 Disk 1 MBR scan
21:19:10.960 Disk 1 Windows 7 default MBR code
21:19:10.960 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:19:10.960 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
21:19:10.976 Disk 1 scanning C:\Windows\system32\drivers
21:19:14.065 Service scanning
21:19:20.835 Modules scanning
21:19:20.835 Disk 1 trace - called modules:
21:19:20.835 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80069e52c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:19:20.835 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80072a1060]
21:19:20.835 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80070501f0]
21:19:20.851 \Driver\atapi[0xfffffa8006b1ce70] -> IRP_MJ_CREATE -> 0xfffffa80069e52c0
21:19:21.163 AVAST engine scan C:\Windows
21:19:21.568 AVAST engine scan C:\Windows\system32
21:20:29.007 AVAST engine scan C:\Windows\system32\drivers
21:20:31.987 AVAST engine scan C:\Users\MITCH
21:20:53.577 AVAST engine scan C:\ProgramData
21:20:59.147 Scan finished successfully
21:21:46.914 Disk 1 MBR has been saved successfully to "C:\Users\MITCH\Desktop\MBR.dat"
21:21:46.914 The log file has been saved successfully to "C:\Users\MITCH\Desktop\aswMBR.txt"
Code:
ATTFilter 21:24:46.0367 1564 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:24:46.0382 1564 ============================================================
21:24:46.0382 1564 Current date / time: 2013/02/16 21:24:46.0382
21:24:46.0382 1564 SystemInfo:
21:24:46.0382 1564
21:24:46.0382 1564 OS Version: 6.1.7601 ServicePack: 1.0
21:24:46.0382 1564 Product type: Workstation
21:24:46.0382 1564 ComputerName: MITCH-PC
21:24:46.0382 1564 UserName: MITCH
21:24:46.0382 1564 Windows directory: C:\Windows
21:24:46.0382 1564 System windows directory: C:\Windows
21:24:46.0382 1564 Running under WOW64
21:24:46.0382 1564 Processor architecture: Intel x64
21:24:46.0382 1564 Number of processors: 4
21:24:46.0382 1564 Page size: 0x1000
21:24:46.0382 1564 Boot type: Normal boot
21:24:46.0382 1564 ============================================================
21:24:46.0569 1564 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:24:54.0245 1564 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:24:54.0260 1564 ============================================================
21:24:54.0260 1564 \Device\Harddisk1\DR1:
21:24:54.0276 1564 MBR partitions:
21:24:54.0276 1564 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:24:54.0276 1564 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
21:24:54.0276 1564 \Device\Harddisk0\DR0:
21:24:54.0276 1564 MBR partitions:
21:24:54.0276 1564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC34F800
21:24:54.0276 1564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x34E0F000
21:24:54.0276 1564 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x493E0800, BlocksNum 0x18E2D800
21:24:54.0369 1564 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x6220E800, BlocksNum 0xEFD8000
21:24:54.0369 1564 ============================================================
21:24:54.0369 1564 C: <-> \Device\Harddisk1\DR1\Partition2
21:24:54.0791 1564 G: <-> \Device\Harddisk0\DR0\Partition2
21:24:55.0181 1564 H: <-> \Device\Harddisk0\DR0\Partition3
21:24:55.0586 1564 O: <-> \Device\Harddisk0\DR0\Partition4
21:24:55.0836 1564 F: <-> \Device\Harddisk0\DR0\Partition1
21:24:55.0836 1564 ============================================================
21:24:55.0836 1564 Initialize success
21:24:55.0836 1564 ============================================================
21:25:43.0073 3620 ============================================================
21:25:43.0073 3620 Scan started
21:25:43.0073 3620 Mode: Manual; SigCheck; TDLFS;
21:25:43.0073 3620 ============================================================
21:25:43.0369 3620 ================ Scan system memory ========================
21:25:43.0369 3620 System memory - ok
21:25:43.0369 3620 ================ Scan services =============================
21:25:43.0416 3620 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:25:43.0432 3620 1394ohci - ok
21:25:43.0447 3620 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:25:43.0463 3620 ACPI - ok
21:25:43.0463 3620 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:25:43.0463 3620 AcpiPmi - ok
21:25:43.0478 3620 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:25:43.0478 3620 AdobeARMservice - ok
21:25:43.0510 3620 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:25:43.0525 3620 AdobeFlashPlayerUpdateSvc - ok
21:25:43.0525 3620 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:25:43.0541 3620 adp94xx - ok
21:25:43.0541 3620 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:25:43.0556 3620 adpahci - ok
21:25:43.0556 3620 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:25:43.0572 3620 adpu320 - ok
21:25:43.0572 3620 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:25:43.0603 3620 AeLookupSvc - ok
21:25:43.0603 3620 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:25:43.0619 3620 AFD - ok
21:25:43.0619 3620 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:25:43.0634 3620 agp440 - ok
21:25:43.0634 3620 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:25:43.0634 3620 ALG - ok
21:25:43.0650 3620 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:25:43.0650 3620 aliide - ok
21:25:43.0650 3620 [ 962227630779043B5C1D4CD157ABB912 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:25:43.0681 3620 AMD External Events Utility - ok
21:25:43.0681 3620 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:25:43.0697 3620 amdide - ok
21:25:43.0697 3620 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
21:25:43.0712 3620 amdiox64 - ok
21:25:43.0712 3620 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:25:43.0728 3620 AmdK8 - ok
21:25:43.0822 3620 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:25:43.0915 3620 amdkmdag - ok
21:25:43.0915 3620 [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:25:43.0931 3620 amdkmdap - ok
21:25:43.0931 3620 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:25:43.0946 3620 AmdPPM - ok
21:25:43.0946 3620 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:25:43.0962 3620 amdsata - ok
21:25:43.0962 3620 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:25:43.0962 3620 amdsbs - ok
21:25:43.0978 3620 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:25:43.0978 3620 amdxata - ok
21:25:43.0993 3620 [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
21:25:44.0009 3620 AntiVirFirewallService - ok
21:25:44.0009 3620 [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
21:25:44.0024 3620 AntiVirMailService - ok
21:25:44.0024 3620 [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:25:44.0024 3620 AntiVirSchedulerService - ok
21:25:44.0040 3620 [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:25:44.0040 3620 AntiVirService - ok
21:25:44.0040 3620 [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:25:44.0056 3620 AntiVirWebService - ok
21:25:44.0056 3620 AODDriver4.01 - ok
21:25:44.0056 3620 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:25:44.0087 3620 AppID - ok
21:25:44.0087 3620 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:25:44.0118 3620 AppIDSvc - ok
21:25:44.0118 3620 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:25:44.0134 3620 Appinfo - ok
21:25:44.0134 3620 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:25:44.0149 3620 arc - ok
21:25:44.0149 3620 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:25:44.0165 3620 arcsas - ok
21:25:44.0180 3620 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:25:44.0180 3620 aspnet_state - ok
21:25:44.0180 3620 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:44.0212 3620 AsyncMac - ok
21:25:44.0212 3620 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:25:44.0212 3620 atapi - ok
21:25:44.0227 3620 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:25:44.0243 3620 AtiHDAudioService - ok
21:25:44.0258 3620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:25:44.0274 3620 AudioEndpointBuilder - ok
21:25:44.0290 3620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:25:44.0305 3620 AudioSrv - ok
21:25:44.0321 3620 [ C5B223B2C174147D00F64E0D783459C7 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
21:25:44.0336 3620 avfwim - ok
21:25:44.0336 3620 [ C7B2A376DCF4E1528B26358A9B341F4C ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
21:25:44.0368 3620 avfwot - ok
21:25:44.0368 3620 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:25:44.0383 3620 avgntflt - ok
21:25:44.0383 3620 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:25:44.0414 3620 avipbb - ok
21:25:44.0414 3620 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:25:44.0430 3620 avkmgr - ok
21:25:44.0430 3620 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:25:44.0446 3620 AxInstSV - ok
21:25:44.0461 3620 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:25:44.0461 3620 b06bdrv - ok
21:25:44.0477 3620 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:25:44.0477 3620 b57nd60a - ok
21:25:44.0492 3620 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:25:44.0492 3620 BDESVC - ok
21:25:44.0492 3620 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:25:44.0524 3620 Beep - ok
21:25:44.0524 3620 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:25:44.0555 3620 BFE - ok
21:25:44.0570 3620 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:25:44.0602 3620 BITS - ok
21:25:44.0602 3620 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:25:44.0602 3620 blbdrive - ok
21:25:44.0602 3620 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:25:44.0617 3620 bowser - ok
21:25:44.0617 3620 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:25:44.0633 3620 BrFiltLo - ok
21:25:44.0633 3620 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:25:44.0633 3620 BrFiltUp - ok
21:25:44.0648 3620 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:25:44.0648 3620 Browser - ok
21:25:44.0664 3620 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:25:44.0664 3620 Brserid - ok
21:25:44.0664 3620 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:44.0680 3620 BrSerWdm - ok
21:25:44.0680 3620 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:44.0695 3620 BrUsbMdm - ok
21:25:44.0695 3620 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:44.0711 3620 BrUsbSer - ok
21:25:44.0711 3620 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:25:44.0711 3620 BTHMODEM - ok
21:25:44.0726 3620 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:25:44.0742 3620 bthserv - ok
21:25:44.0742 3620 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:25:44.0773 3620 cdfs - ok
21:25:44.0773 3620 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:25:44.0789 3620 cdrom - ok
21:25:44.0789 3620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:25:44.0804 3620 CertPropSvc - ok
21:25:44.0820 3620 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:25:44.0820 3620 circlass - ok
21:25:44.0820 3620 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\Windows\system32\CISVC.EXE
21:25:44.0836 3620 CISVC - ok
21:25:44.0836 3620 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:25:44.0851 3620 CLFS - ok
21:25:44.0851 3620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:44.0867 3620 clr_optimization_v2.0.50727_32 - ok
21:25:44.0867 3620 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:25:44.0882 3620 clr_optimization_v2.0.50727_64 - ok
21:25:44.0898 3620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:25:44.0898 3620 clr_optimization_v4.0.30319_32 - ok
21:25:44.0898 3620 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:25:44.0914 3620 clr_optimization_v4.0.30319_64 - ok
21:25:44.0914 3620 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:25:44.0929 3620 CmBatt - ok
21:25:44.0929 3620 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:25:44.0929 3620 cmdide - ok
21:25:44.0945 3620 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
21:25:44.0960 3620 CNG - ok
21:25:44.0960 3620 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:25:44.0960 3620 Compbatt - ok
21:25:44.0976 3620 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:25:44.0976 3620 CompositeBus - ok
21:25:44.0976 3620 COMSysApp - ok
21:25:45.0007 3620 cpuz135 - ok
21:25:45.0007 3620 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:25:45.0007 3620 crcdisk - ok
21:25:45.0023 3620 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:25:45.0023 3620 CryptSvc - ok
21:25:45.0038 3620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:25:45.0070 3620 DcomLaunch - ok
21:25:45.0070 3620 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:25:45.0085 3620 defragsvc - ok
21:25:45.0101 3620 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:25:45.0116 3620 DfsC - ok
21:25:45.0132 3620 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:25:45.0132 3620 Dhcp - ok
21:25:45.0148 3620 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:25:45.0163 3620 discache - ok
21:25:45.0163 3620 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:25:45.0179 3620 Disk - ok
21:25:45.0179 3620 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:25:45.0194 3620 Dnscache - ok
21:25:45.0194 3620 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:25:45.0210 3620 dot3svc - ok
21:25:45.0226 3620 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:25:45.0241 3620 DPS - ok
21:25:45.0241 3620 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:25:45.0257 3620 drmkaud - ok
21:25:45.0272 3620 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:25:45.0288 3620 DXGKrnl - ok
21:25:45.0288 3620 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:25:45.0319 3620 EapHost - ok
21:25:45.0350 3620 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:25:45.0366 3620 ebdrv - ok
21:25:45.0382 3620 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:25:45.0382 3620 EFS - ok
21:25:45.0397 3620 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:25:45.0413 3620 elxstor - ok
21:25:45.0413 3620 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:25:45.0413 3620 ErrDev - ok
21:25:45.0428 3620 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:25:45.0444 3620 EventSystem - ok
21:25:45.0460 3620 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:25:45.0475 3620 exfat - ok
21:25:45.0491 3620 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:25:45.0506 3620 fastfat - ok
21:25:45.0522 3620 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:25:45.0538 3620 Fax - ok
21:25:45.0538 3620 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:25:45.0538 3620 fdc - ok
21:25:45.0553 3620 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:25:45.0569 3620 fdPHost - ok
21:25:45.0569 3620 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:25:45.0600 3620 FDResPub - ok
21:25:45.0600 3620 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:25:45.0600 3620 FileInfo - ok
21:25:45.0616 3620 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:25:45.0631 3620 Filetrace - ok
21:25:45.0631 3620 FLASHSYS - ok
21:25:45.0631 3620 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:25:45.0647 3620 flpydisk - ok
21:25:45.0647 3620 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:25:45.0662 3620 FltMgr - ok
21:25:45.0678 3620 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:25:45.0694 3620 FontCache - ok
21:25:45.0694 3620 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:25:45.0694 3620 FontCache3.0.0.0 - ok
21:25:45.0709 3620 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:25:45.0709 3620 FsDepends - ok
21:25:45.0709 3620 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:25:45.0725 3620 Fs_Rec - ok
21:25:45.0725 3620 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:25:45.0740 3620 fvevol - ok
21:25:45.0740 3620 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:25:45.0756 3620 gagp30kx - ok
21:25:45.0756 3620 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:25:45.0787 3620 gpsvc - ok
21:25:45.0787 3620 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:25:45.0803 3620 hcw85cir - ok
21:25:45.0803 3620 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:25:45.0818 3620 HdAudAddService - ok
21:25:45.0818 3620 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:25:45.0834 3620 HDAudBus - ok
21:25:45.0834 3620 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:25:45.0834 3620 HidBatt - ok
21:25:45.0850 3620 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:25:45.0850 3620 HidBth - ok
21:25:45.0850 3620 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:25:45.0865 3620 HidIr - ok
21:25:45.0865 3620 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:25:45.0896 3620 hidserv - ok
21:25:45.0896 3620 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:25:45.0896 3620 HidUsb - ok
21:25:45.0912 3620 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:25:45.0928 3620 hkmsvc - ok
21:25:45.0943 3620 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:25:45.0943 3620 HomeGroupListener - ok
21:25:45.0943 3620 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:25:45.0959 3620 HomeGroupProvider - ok
21:25:45.0959 3620 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:25:45.0974 3620 HpSAMD - ok
21:25:45.0974 3620 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:25:46.0006 3620 HTTP - ok
21:25:46.0006 3620 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:25:46.0021 3620 hwpolicy - ok
21:25:46.0021 3620 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:25:46.0021 3620 i8042prt - ok
21:25:46.0037 3620 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:25:46.0052 3620 iaStorV - ok
21:25:46.0052 3620 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:25:46.0052 3620 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:25:46.0052 3620 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:25:46.0068 3620 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:25:46.0084 3620 idsvc - ok
21:25:46.0084 3620 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:25:46.0084 3620 iirsp - ok
21:25:46.0099 3620 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
21:25:46.0099 3620 IJPLMSVC - ok
21:25:46.0115 3620 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:25:46.0146 3620 IKEEXT - ok
21:25:46.0146 3620 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:25:46.0146 3620 intelide - ok
21:25:46.0162 3620 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:25:46.0162 3620 intelppm - ok
21:25:46.0162 3620 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:25:46.0193 3620 IPBusEnum - ok
21:25:46.0193 3620 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:46.0208 3620 IpFilterDriver - ok
21:25:46.0224 3620 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:25:46.0240 3620 iphlpsvc - ok
21:25:46.0240 3620 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:25:46.0240 3620 IPMIDRV - ok
21:25:46.0255 3620 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:25:46.0271 3620 IPNAT - ok
21:25:46.0271 3620 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:25:46.0286 3620 IRENUM - ok
21:25:46.0286 3620 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:25:46.0302 3620 isapnp - ok
21:25:46.0302 3620 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:25:46.0318 3620 iScsiPrt - ok
21:25:46.0318 3620 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:25:46.0333 3620 kbdclass - ok
21:25:46.0333 3620 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:25:46.0333 3620 kbdhid - ok
21:25:46.0333 3620 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:25:46.0349 3620 KeyIso - ok
21:25:46.0349 3620 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:25:46.0364 3620 KSecDD - ok
21:25:46.0364 3620 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:25:46.0380 3620 KSecPkg - ok
21:25:46.0380 3620 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:25:46.0396 3620 ksthunk - ok
21:25:46.0411 3620 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:25:46.0427 3620 KtmRm - ok
21:25:46.0442 3620 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:25:46.0458 3620 LanmanServer - ok
21:25:46.0458 3620 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:25:46.0489 3620 LanmanWorkstation - ok
21:25:46.0489 3620 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:25:46.0520 3620 lltdio - ok
21:25:46.0520 3620 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:25:46.0552 3620 lltdsvc - ok
21:25:46.0552 3620 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:25:46.0567 3620 lmhosts - ok
21:25:46.0583 3620 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:25:46.0583 3620 LSI_FC - ok
21:25:46.0583 3620 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:25:46.0598 3620 LSI_SAS - ok
21:25:46.0598 3620 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:25:46.0614 3620 LSI_SAS2 - ok
21:25:46.0614 3620 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:25:46.0614 3620 LSI_SCSI - ok
21:25:46.0630 3620 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:25:46.0645 3620 luafv - ok
21:25:46.0645 3620 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:25:46.0661 3620 MBAMProtector - ok
21:25:46.0676 3620 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:25:46.0676 3620 MBAMScheduler - ok
21:25:46.0692 3620 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:25:46.0708 3620 MBAMService - ok
21:25:46.0708 3620 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:25:46.0708 3620 megasas - ok
21:25:46.0723 3620 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:25:46.0723 3620 MegaSR - ok
21:25:46.0739 3620 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:25:46.0754 3620 MMCSS - ok
21:25:46.0754 3620 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:25:46.0786 3620 Modem - ok
21:25:46.0786 3620 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:25:46.0801 3620 monitor - ok
21:25:46.0801 3620 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:25:46.0801 3620 mouclass - ok
21:25:46.0817 3620 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:25:46.0817 3620 mouhid - ok
21:25:46.0817 3620 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:25:46.0832 3620 mountmgr - ok
21:25:46.0832 3620 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:25:46.0848 3620 MozillaMaintenance - ok
21:25:46.0848 3620 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:25:46.0848 3620 mpio - ok
21:25:46.0864 3620 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:25:46.0879 3620 mpsdrv - ok
21:25:46.0895 3620 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:25:46.0926 3620 MpsSvc - ok
21:25:46.0926 3620 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:25:46.0942 3620 MRxDAV - ok
21:25:46.0942 3620 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:46.0942 3620 mrxsmb - ok
21:25:46.0957 3620 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:46.0957 3620 mrxsmb10 - ok
21:25:46.0973 3620 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:46.0973 3620 mrxsmb20 - ok
21:25:46.0973 3620 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:25:46.0988 3620 msahci - ok
21:25:46.0988 3620 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:25:47.0004 3620 msdsm - ok
21:25:47.0004 3620 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:25:47.0004 3620 MSDTC - ok
21:25:47.0020 3620 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:25:47.0035 3620 Msfs - ok
21:25:47.0035 3620 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:25:47.0066 3620 mshidkmdf - ok
21:25:47.0066 3620 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:25:47.0082 3620 msisadrv - ok
21:25:47.0082 3620 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:25:47.0098 3620 MSiSCSI - ok
21:25:47.0113 3620 msiserver - ok
21:25:47.0113 3620 MSI_MSIBIOS_010507 - ok
21:25:47.0113 3620 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:25:47.0129 3620 MSKSSRV - ok
21:25:47.0144 3620 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:47.0160 3620 MSPCLOCK - ok
21:25:47.0160 3620 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:25:47.0191 3620 MSPQM - ok
21:25:47.0191 3620 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:25:47.0207 3620 MsRPC - ok
21:25:47.0207 3620 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:25:47.0222 3620 mssmbios - ok
21:25:47.0222 3620 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:25:47.0238 3620 MSTEE - ok
21:25:47.0238 3620 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:25:47.0254 3620 MTConfig - ok
21:25:47.0254 3620 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:25:47.0269 3620 Mup - ok
21:25:47.0269 3620 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:25:47.0300 3620 napagent - ok
21:25:47.0300 3620 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:25:47.0316 3620 NativeWifiP - ok
21:25:47.0332 3620 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:25:47.0347 3620 NDIS - ok
21:25:47.0347 3620 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:47.0363 3620 NdisCap - ok
21:25:47.0378 3620 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:47.0394 3620 NdisTapi - ok
21:25:47.0394 3620 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:47.0425 3620 Ndisuio - ok
21:25:47.0425 3620 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:47.0441 3620 NdisWan - ok
21:25:47.0456 3620 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:25:47.0472 3620 NDProxy - ok
21:25:47.0472 3620 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:25:47.0503 3620 NetBIOS - ok
21:25:47.0503 3620 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:25:47.0519 3620 NetBT - ok
21:25:47.0534 3620 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:25:47.0534 3620 Netlogon - ok
21:25:47.0550 3620 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:25:47.0566 3620 Netman - ok
21:25:47.0566 3620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:47.0581 3620 NetMsmqActivator - ok
21:25:47.0581 3620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:47.0597 3620 NetPipeActivator - ok
21:25:47.0597 3620 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:25:47.0628 3620 netprofm - ok
21:25:47.0628 3620 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
21:25:47.0644 3620 netr28ux - ok
21:25:47.0659 3620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:47.0659 3620 NetTcpActivator - ok
21:25:47.0659 3620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:47.0675 3620 NetTcpPortSharing - ok
21:25:47.0675 3620 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:25:47.0675 3620 nfrd960 - ok
21:25:47.0690 3620 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:25:47.0690 3620 NlaSvc - ok
21:25:47.0706 3620 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:25:47.0722 3620 Npfs - ok
21:25:47.0722 3620 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:25:47.0753 3620 nsi - ok
21:25:47.0753 3620 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:25:47.0768 3620 nsiproxy - ok
21:25:47.0800 3620 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:25:47.0815 3620 Ntfs - ok
21:25:47.0815 3620 NTIOLib_1_0_2 - ok
21:25:47.0815 3620 NTIOLib_1_0_4 - ok
21:25:47.0831 3620 [ C02F70960FA934B8DEFA16A03D7F6556 ] NTIOLib_1_0_6 C:\Program Files (x86)\Setup Files\Ms7642v1D0\NTIOLib_X64.sys
21:25:47.0846 3620 NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - warning
21:25:47.0846 3620 NTIOLib_1_0_6 - detected UnsignedFile.Multi.Generic (1)
21:25:47.0846 3620 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:25:47.0878 3620 Null - ok
21:25:47.0878 3620 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:25:47.0878 3620 nusb3hub - ok
21:25:47.0893 3620 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:25:47.0893 3620 nusb3xhc - ok
21:25:47.0893 3620 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:25:47.0909 3620 nvraid - ok
21:25:47.0909 3620 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:25:47.0924 3620 nvstor - ok
21:25:47.0924 3620 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:25:47.0924 3620 nv_agp - ok
21:25:47.0940 3620 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:25:47.0940 3620 ohci1394 - ok
21:25:47.0956 3620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:25:47.0956 3620 p2pimsvc - ok
21:25:47.0971 3620 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:25:47.0971 3620 p2psvc - ok
21:25:47.0987 3620 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:25:47.0987 3620 Parport - ok
21:25:47.0987 3620 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:25:48.0002 3620 partmgr - ok
21:25:48.0002 3620 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:25:48.0018 3620 PcaSvc - ok
21:25:48.0018 3620 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:25:48.0034 3620 pci - ok
21:25:48.0034 3620 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:25:48.0034 3620 pciide - ok
21:25:48.0049 3620 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:25:48.0049 3620 pcmcia - ok
21:25:48.0065 3620 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:25:48.0065 3620 pcw - ok
21:25:48.0080 3620 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:25:48.0096 3620 PEAUTH - ok
21:25:48.0127 3620 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:25:48.0127 3620 PerfHost - ok
21:25:48.0158 3620 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:25:48.0190 3620 pla - ok
21:25:48.0190 3620 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:25:48.0205 3620 PlugPlay - ok
21:25:48.0205 3620 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:25:48.0221 3620 PNRPAutoReg - ok
21:25:48.0221 3620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:25:48.0236 3620 PNRPsvc - ok
21:25:48.0236 3620 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:25:48.0268 3620 PolicyAgent - ok
21:25:48.0268 3620 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:25:48.0299 3620 Power - ok
21:25:48.0299 3620 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:25:48.0330 3620 PptpMiniport - ok
21:25:48.0330 3620 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:25:48.0330 3620 Processor - ok
21:25:48.0346 3620 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:25:48.0346 3620 ProfSvc - ok
21:25:48.0346 3620 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:25:48.0361 3620 ProtectedStorage - ok
21:25:48.0361 3620 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:25:48.0392 3620 Psched - ok
21:25:48.0408 3620 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:25:48.0424 3620 ql2300 - ok
21:25:48.0424 3620 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:25:48.0439 3620 ql40xx - ok
21:25:48.0439 3620 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:25:48.0455 3620 QWAVE - ok
21:25:48.0455 3620 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:25:48.0470 3620 QWAVEdrv - ok
21:25:48.0470 3620 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:25:48.0486 3620 RasAcd - ok
21:25:48.0502 3620 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:25:48.0517 3620 RasAgileVpn - ok
21:25:48.0517 3620 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:25:48.0548 3620 RasAuto - ok
21:25:48.0548 3620 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:25:48.0580 3620 Rasl2tp - ok
21:25:48.0580 3620 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:25:48.0611 3620 RasMan - ok
21:25:48.0611 3620 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:25:48.0626 3620 RasPppoe - ok
21:25:48.0642 3620 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:25:48.0658 3620 RasSstp - ok
21:25:48.0658 3620 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:25:48.0689 3620 rdbss - ok
21:25:48.0689 3620 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:25:48.0704 3620 rdpbus - ok
21:25:48.0704 3620 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:25:48.0720 3620 RDPCDD - ok
21:25:48.0736 3620 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:25:48.0751 3620 RDPENCDD - ok
21:25:48.0751 3620 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:25:48.0782 3620 RDPREFMP - ok
21:25:48.0782 3620 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:25:48.0798 3620 RdpVideoMiniport - ok
21:25:48.0798 3620 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:25:48.0814 3620 RDPWD - ok
21:25:48.0814 3620 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:25:48.0829 3620 rdyboost - ok
21:25:48.0829 3620 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:25:48.0845 3620 RemoteAccess - ok
21:25:48.0860 3620 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:25:48.0876 3620 RemoteRegistry - ok
21:25:48.0876 3620 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:25:48.0907 3620 RpcEptMapper - ok
21:25:48.0907 3620 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:25:48.0923 3620 RpcLocator - ok
21:25:48.0923 3620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:25:48.0954 3620 RpcSs - ok
21:25:48.0954 3620 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:25:48.0970 3620 rspndr - ok
21:25:48.0985 3620 [ 39A719875F572241C585A629EE62EB14 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:25:49.0016 3620 RTL8167 - ok
21:25:49.0016 3620 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:25:49.0016 3620 SamSs - ok
21:25:49.0032 3620 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:25:49.0032 3620 sbp2port - ok
21:25:49.0032 3620 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:25:49.0063 3620 SCardSvr - ok
21:25:49.0063 3620 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:25:49.0094 3620 scfilter - ok
21:25:49.0094 3620 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:25:49.0126 3620 Schedule - ok
21:25:49.0141 3620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:25:49.0157 3620 SCPolicySvc - ok
21:25:49.0157 3620 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:25:49.0172 3620 SDRSVC - ok
21:25:49.0172 3620 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:25:49.0204 3620 secdrv - ok
21:25:49.0204 3620 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:25:49.0219 3620 seclogon - ok
21:25:49.0235 3620 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:25:49.0250 3620 SENS - ok
21:25:49.0250 3620 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:25:49.0266 3620 SensrSvc - ok
21:25:49.0266 3620 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:25:49.0266 3620 Serenum - ok
21:25:49.0282 3620 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:25:49.0282 3620 Serial - ok
21:25:49.0282 3620 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:25:49.0297 3620 sermouse - ok
21:25:49.0297 3620 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:25:49.0328 3620 SessionEnv - ok
21:25:49.0328 3620 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:25:49.0344 3620 sffdisk - ok
21:25:49.0344 3620 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:25:49.0344 3620 sffp_mmc - ok
21:25:49.0344 3620 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:25:49.0360 3620 sffp_sd - ok
21:25:49.0360 3620 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:25:49.0375 3620 sfloppy - ok
21:25:49.0375 3620 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:25:49.0406 3620 SharedAccess - ok
21:25:49.0406 3620 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:25:49.0438 3620 ShellHWDetection - ok
21:25:49.0438 3620 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:25:49.0438 3620 SiSRaid2 - ok
21:25:49.0453 3620 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:25:49.0453 3620 SiSRaid4 - ok
21:25:49.0453 3620 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:25:49.0484 3620 Smb - ok
21:25:49.0484 3620 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:25:49.0500 3620 SNMPTRAP - ok
21:25:49.0500 3620 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:25:49.0516 3620 spldr - ok
21:25:49.0516 3620 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:25:49.0531 3620 Spooler - ok
21:25:49.0562 3620 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:25:49.0609 3620 sppsvc - ok
21:25:49.0609 3620 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:25:49.0640 3620 sppuinotify - ok
21:25:49.0640 3620 [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd C:\Windows\system32\Drivers\sptd.sys
21:25:49.0640 3620 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97
21:25:49.0640 3620 sptd ( LockedFile.Multi.Generic ) - warning
21:25:49.0640 3620 sptd - detected LockedFile.Multi.Generic (1)
21:25:49.0656 3620 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:25:49.0672 3620 srv - ok
21:25:49.0672 3620 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:25:49.0687 3620 srv2 - ok
21:25:49.0687 3620 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:25:49.0687 3620 srvnet - ok
21:25:49.0703 3620 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:25:49.0718 3620 SSDPSRV - ok
21:25:49.0734 3620 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:25:49.0750 3620 SstpSvc - ok
21:25:49.0765 3620 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
21:25:49.0765 3620 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
21:25:49.0765 3620 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
21:25:49.0765 3620 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:25:49.0781 3620 stexstor - ok
21:25:49.0781 3620 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:25:49.0781 3620 StillCam - ok
21:25:49.0796 3620 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:25:49.0812 3620 stisvc - ok
21:25:49.0812 3620 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:25:49.0828 3620 swenum - ok
21:25:49.0828 3620 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:25:49.0859 3620 swprv - ok
21:25:49.0874 3620 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:25:49.0890 3620 SysMain - ok
21:25:49.0906 3620 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:25:49.0906 3620 TabletInputService - ok
21:25:49.0921 3620 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:25:49.0937 3620 TapiSrv - ok
21:25:49.0952 3620 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:25:49.0968 3620 TBS - ok
21:25:49.0984 3620 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:25:50.0015 3620 Tcpip - ok
21:25:50.0030 3620 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:25:50.0062 3620 TCPIP6 - ok
21:25:50.0062 3620 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:25:50.0077 3620 tcpipreg - ok
21:25:50.0077 3620 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:25:50.0077 3620 TDPIPE - ok
21:25:50.0093 3620 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:25:50.0093 3620 TDTCP - ok
21:25:50.0093 3620 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:25:50.0124 3620 tdx - ok
21:25:50.0124 3620 [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
21:25:50.0124 3620 Te.Service ( UnsignedFile.Multi.Generic ) - warning
21:25:50.0124 3620 Te.Service - detected UnsignedFile.Multi.Generic (1)
21:25:50.0155 3620 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
21:25:50.0202 3620 TeamViewer8 - ok
21:25:50.0202 3620 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:25:50.0218 3620 TermDD - ok
21:25:50.0218 3620 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:25:50.0249 3620 TermService - ok
21:25:50.0249 3620 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:25:50.0264 3620 Themes - ok
21:25:50.0264 3620 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:25:50.0296 3620 THREADORDER - ok
21:25:50.0296 3620 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:25:50.0327 3620 TrkWks - ok
21:25:50.0327 3620 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:25:50.0342 3620 TrustedInstaller - ok
21:25:50.0358 3620 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:50.0374 3620 tssecsrv - ok
21:25:50.0374 3620 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:25:50.0389 3620 TsUsbFlt - ok
21:25:50.0389 3620 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:25:50.0405 3620 tunnel - ok
21:25:50.0420 3620 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:25:50.0420 3620 uagp35 - ok
21:25:50.0436 3620 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:25:50.0452 3620 udfs - ok
21:25:50.0467 3620 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:25:50.0467 3620 UI0Detect - ok
21:25:50.0467 3620 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:25:50.0483 3620 uliagpkx - ok
21:25:50.0483 3620 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:25:50.0498 3620 umbus - ok
21:25:50.0498 3620 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:25:50.0498 3620 UmPass - ok
21:25:50.0514 3620 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:25:50.0530 3620 upnphost - ok
21:25:50.0545 3620 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:50.0545 3620 usbccgp - ok
21:25:50.0545 3620 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:25:50.0561 3620 usbcir - ok
21:25:50.0561 3620 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:25:50.0576 3620 usbehci - ok
21:25:50.0576 3620 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:25:50.0592 3620 usbhub - ok
21:25:50.0592 3620 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:25:50.0592 3620 usbohci - ok
21:25:50.0592 3620 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:25:50.0608 3620 usbprint - ok
21:25:50.0608 3620 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:50.0623 3620 USBSTOR - ok
21:25:50.0623 3620 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:25:50.0623 3620 usbuhci - ok
21:25:50.0639 3620 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:25:50.0654 3620 UxSms - ok
21:25:50.0654 3620 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:25:50.0670 3620 VaultSvc - ok
21:25:50.0670 3620 [ 9E607F6240EADC4C0B3570F3E5E0358C ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:25:50.0686 3620 VBoxNetAdp - ok
21:25:50.0701 3620 VBoxNetFlt - ok
21:25:50.0701 3620 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:25:50.0701 3620 vdrvroot - ok
21:25:50.0717 3620 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:25:50.0732 3620 vds - ok
21:25:50.0748 3620 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:50.0748 3620 vga - ok
21:25:50.0748 3620 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:25:50.0779 3620 VgaSave - ok
21:25:50.0779 3620 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:25:50.0795 3620 vhdmp - ok
21:25:50.0795 3620 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:25:50.0810 3620 viaide - ok
21:25:50.0810 3620 vmci - ok
21:25:50.0810 3620 VMnetAdapter - ok
21:25:50.0810 3620 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:25:50.0826 3620 volmgr - ok
21:25:50.0826 3620 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:25:50.0842 3620 volmgrx - ok
21:25:50.0842 3620 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:25:50.0857 3620 volsnap - ok
21:25:50.0857 3620 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:25:50.0873 3620 vsmraid - ok
21:25:50.0888 3620 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:25:50.0920 3620 VSS - ok
21:25:50.0920 3620 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:25:50.0935 3620 vwifibus - ok
21:25:50.0935 3620 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:25:50.0951 3620 vwififlt - ok
21:25:50.0951 3620 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:25:50.0982 3620 W32Time - ok
21:25:50.0982 3620 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:25:50.0998 3620 WacomPen - ok
21:25:50.0998 3620 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:25:51.0013 3620 WANARP - ok
21:25:51.0013 3620 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:25:51.0044 3620 Wanarpv6 - ok
21:25:51.0060 3620 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:25:51.0076 3620 WatAdminSvc - ok
21:25:51.0091 3620 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:25:51.0107 3620 wbengine - ok
21:25:51.0107 3620 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:25:51.0122 3620 WbioSrvc - ok
21:25:51.0138 3620 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:25:51.0154 3620 wcncsvc - ok
21:25:51.0154 3620 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:25:51.0154 3620 WcsPlugInService - ok
21:25:51.0154 3620 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:25:51.0169 3620 Wd - ok
21:25:51.0185 3620 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:25:51.0200 3620 Wdf01000 - ok
21:25:51.0200 3620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:25:51.0216 3620 WdiServiceHost - ok
21:25:51.0216 3620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:25:51.0232 3620 WdiSystemHost - ok
21:25:51.0232 3620 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:25:51.0247 3620 WebClient - ok
21:25:51.0247 3620 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:25:51.0278 3620 Wecsvc - ok
21:25:51.0278 3620 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:25:51.0294 3620 wercplsupport - ok
21:25:51.0310 3620 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:25:51.0325 3620 WerSvc - ok
21:25:51.0325 3620 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:51.0356 3620 WfpLwf - ok
21:25:51.0356 3620 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:25:51.0372 3620 WIMMount - ok
21:25:51.0372 3620 WinDefend - ok
21:25:51.0372 3620 WinHttpAutoProxySvc - ok
21:25:51.0388 3620 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:25:51.0403 3620 Winmgmt - ok
21:25:51.0434 3620 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:25:51.0466 3620 WinRM - ok
21:25:51.0466 3620 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:25:51.0481 3620 WinUsb - ok
21:25:51.0497 3620 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:25:51.0512 3620 Wlansvc - ok
21:25:51.0528 3620 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:25:51.0559 3620 wlidsvc - ok
21:25:51.0559 3620 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:25:51.0575 3620 WmiAcpi - ok
21:25:51.0575 3620 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:25:51.0590 3620 wmiApSrv - ok
21:25:51.0590 3620 WMPNetworkSvc - ok
21:25:51.0590 3620 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:25:51.0606 3620 WPCSvc - ok
21:25:51.0606 3620 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:25:51.0622 3620 WPDBusEnum - ok
21:25:51.0622 3620 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:25:51.0637 3620 ws2ifsl - ok
21:25:51.0637 3620 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:25:51.0653 3620 wscsvc - ok
21:25:51.0653 3620 WSearch - ok
21:25:51.0684 3620 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:25:51.0715 3620 wuauserv - ok
21:25:51.0715 3620 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:25:51.0731 3620 WudfPf - ok
21:25:51.0731 3620 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:51.0746 3620 WUDFRd - ok
21:25:51.0746 3620 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:25:51.0746 3620 wudfsvc - ok
21:25:51.0762 3620 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:25:51.0778 3620 WwanSvc - ok
21:25:51.0778 3620 ================ Scan global ===============================
21:25:51.0778 3620 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:25:51.0778 3620 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:25:51.0778 3620 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:25:51.0793 3620 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:25:51.0793 3620 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:25:51.0793 3620 [Global] - ok
21:25:51.0793 3620 ================ Scan MBR ==================================
21:25:51.0793 3620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:25:51.0871 3620 \Device\Harddisk1\DR1 - ok
21:25:51.0871 3620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:25:51.0918 3620 \Device\Harddisk0\DR0 - ok
21:25:51.0918 3620 ================ Scan VBR ==================================
21:25:51.0918 3620 [ A20B692F4B7C1988C50B025811349D8C ] \Device\Harddisk1\DR1\Partition1
21:25:51.0918 3620 \Device\Harddisk1\DR1\Partition1 - ok
21:25:51.0918 3620 [ C47CB2C5D9E3CE77E06EA6D495EEF8DD ] \Device\Harddisk1\DR1\Partition2
21:25:51.0918 3620 \Device\Harddisk1\DR1\Partition2 - ok
21:25:51.0918 3620 [ 9C080BD7AC4CAAF789FB7C8725FD31EA ] \Device\Harddisk0\DR0\Partition1
21:25:51.0918 3620 \Device\Harddisk0\DR0\Partition1 - ok
21:25:51.0918 3620 [ 22DA2A1F88839784DCCE389C343DEBF4 ] \Device\Harddisk0\DR0\Partition2
21:25:51.0918 3620 \Device\Harddisk0\DR0\Partition2 - ok
21:25:51.0934 3620 [ 0AC8289E08EC261E067861309C724C57 ] \Device\Harddisk0\DR0\Partition3
21:25:51.0934 3620 \Device\Harddisk0\DR0\Partition3 - ok
21:25:51.0934 3620 [ 3417EA08D4EC4243BBA877A8998462EF ] \Device\Harddisk0\DR0\Partition4
21:25:51.0934 3620 \Device\Harddisk0\DR0\Partition4 - ok
21:25:51.0934 3620 ============================================================
21:25:51.0934 3620 Scan finished
21:25:51.0934 3620 ============================================================
21:25:51.0934 2184 Detected object count: 5
21:25:51.0934 2184 Actual detected object count: 5
21:28:41.0087 2184 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:41.0087 2184 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:41.0087 2184 NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:41.0087 2184 NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:41.0087 2184 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:28:41.0087 2184 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:28:41.0087 2184 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:41.0087 2184 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:28:41.0102 2184 Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:41.0102 2184 Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:15.0085 3820 Deinitialize success
|
|
18.02.2013, 12:38
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Loadtbs-3.0 entfernen, Schäden beseitigen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.02.2013, 23:23
| #9 |
| | Loadtbs-3.0 entfernen, Schäden beseitigen Ähm sorry Cosinus, ich hab vergessen vor dem Scan die Firewall auszuschalten. Der Scan lief aber ganz durch und Probleme sind auch keine aufgetreten. Muß ich jetzt das System zurücksetzten? Code:
ATTFilter ComboFix 13-02-18.02 - MITCH 18.02.2013 19:09:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8191.6866 [GMT 1:00]
ausgeführt von:: c:\users\MITCH\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MITCH\AppData\Roaming\convert\convert.exe
c:\windows\desktop
H:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-18 bis 2013-02-18 ))))))))))))))))))))))))))))))
.
.
2013-02-18 18:12 . 2013-02-18 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-13 23:00 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 23:00 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 22:50 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 22:50 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 22:50 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 22:49 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 22:48 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 22:48 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 22:48 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 22:48 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 22:48 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 22:48 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 22:48 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 22:48 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-11 16:16 . 2013-02-11 16:16 -------- d-----w- c:\program files\WinRAR
2013-02-04 18:25 . 2013-02-04 18:25 -------- d-----w- c:\users\MITCH\AppData\Roaming\Malwarebytes
2013-02-04 18:25 . 2013-02-04 18:25 -------- d-----w- c:\programdata\Malwarebytes
2013-02-04 18:25 . 2013-02-04 18:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-04 18:25 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-04 18:25 . 2013-02-04 18:25 -------- d-----w- c:\users\MITCH\AppData\Local\Programs
2013-02-02 20:07 . 2013-02-11 16:32 -------- d-----w- c:\users\MITCH\AppData\Roaming\BitTorrent
2013-02-02 20:04 . 2013-02-02 20:05 1053520 ----a-w- c:\program files (x86)\BitTorrent_7.8.exe
2013-02-02 14:52 . 2013-02-02 14:52 -------- d-----w- c:\program files (x86)\HD PVR Editor
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 23:01 . 2011-08-24 19:32 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-09 23:27 . 2012-04-13 00:41 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 23:27 . 2012-04-13 00:41 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-15 15:56 . 2012-06-25 18:35 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 15:56 . 2011-12-16 22:26 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 22:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 00:30 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 00:30 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:30 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 15:16 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 15:16 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 15:16 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 15:16 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 15:16 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 15:16 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 15:16 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 15:16 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 15:16 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 15:16 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 15:16 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 15:16 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 15:16 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 15:16 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 15:16 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 15:16 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 15:16 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 15:16 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 15:16 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 15:16 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 15:16 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 15:16 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 15:16 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 15:16 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 15:16 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 15:16 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 15:16 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 15:16 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 15:16 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 15:16 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 15:16 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 15:16 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 15:15 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 15:15 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 15:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 15:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 15:15 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 15:15 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 15:15 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 15:15 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-31 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 cpuz135;cpuz135;c:\users\MITCH\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_2;NTIOLib_1_0_2;c:\program files (x86)\MSI\BIOS Code Unlocked Technology\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7642v1D0\NTIOLib_X64.sys [2011-01-06 11888]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-02 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-29 503352]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-11-13 140936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-06-20 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-06-20 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-06-20 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-20 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-06-20 465360]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-11-13 114168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 23:27]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000Core.job
- c:\users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-03 19:29]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000UA.job
- c:\users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-03 19:29]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.orbitdownloader.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: {{0112EFE4-D779-47C0-90DC-E4170B88D340} - c:\program files (x86)\FreshDevices\FreshDownload\fd.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\fr1nr1rq.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-02-02 20:52; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BitTorrent - c:\downloads\BitTorrent.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3879921085-4238989401-138329163-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,ec,34,e9,19,63,89,37,1e,e4,bb,fb,db,fe,f5,82,ae,cc,6c,f9,5a,
b4,da,ba,94,d6,cf,4b,70,3b,5d,07,2a,eb,87,80,e8,1a,f8,a3,2a,1a,8a,ad,8a,5d,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-18 19:13:44
ComboFix-quarantined-files.txt 2013-02-18 18:13
.
Vor Suchlauf: 10 Verzeichnis(se), 69.695.954.944 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 76.089.708.544 Bytes frei
.
- - End Of File - - 0938606FF9180269B15D87C47FDF7C16
|
|
20.02.2013, 13:01
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Loadtbs-3.0 entfernen, Schäden beseitigen JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2013, 17:00
| #11 |
| | Loadtbs-3.0 entfernen, Schäden beseitigenCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by MITCH on 20.02.2013 at 16:16:42,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\minidumps [204 files]
Emptied folder: C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\minidumps [41 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2013 at 16:20:32,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.112 - Datei am 20/02/2013 um 16:23:43 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : MITCH - MITCH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MITCH\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\fr1nr1rq.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Chromium v window_placement: {
bottom: 988
Datei : C:\Users\MITCH\AppData\Local\Chromium\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2372 octets] - [15/02/2013 00:34:56]
AdwCleaner[S2].txt - [1223 octets] - [20/02/2013 16:23:43]
########## EOF - C:\AdwCleaner[S2].txt - [1283 octets] ##########
Code:
ATTFilter OTL logfile created on: 20.02.2013 16:32:07 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MITCH\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,57 Gb Available Physical Memory | 82,12% Memory free 16,00 Gb Paging File | 14,47 Gb Available in Paging File | 90,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 70,73 Gb Free Space | 59,36% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 81,49 Gb Free Space | 83,45% Space Free | Partition Type: NTFS Drive G: | 423,03 Gb Total Space | 151,03 Gb Free Space | 35,70% Space Free | Partition Type: NTFS Drive H: | 199,09 Gb Total Space | 156,03 Gb Free Space | 78,37% Space Free | Partition Type: NTFS Drive O: | 119,92 Gb Total Space | 13,49 Gb Free Space | 11,25% Space Free | Partition Type: NTFS Computer Name: MITCH-PC | User Name: MITCH | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MITCH\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NTIOLib_1_0_6) -- C:\Program Files (x86)\Setup Files\Ms7642v1D0\NTIOLib_X64.sys (MSI) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 87 59 65 78 16 CD 01 [binary data] IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\SearchScopes\{75DE8DA1-9E23-422C-9F40-450857FE28F9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.0 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7B6bdc61ae-7b80-44a3-9476-e1d121ec2238%7D:0.85 FF - prefs.js..extensions.enabledAddons: %7Bfa8476cf-a98c-4e08-99b4-65a69cb4b7d4%7D:1.5.0.2 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 4001 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 4001 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 4001 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:11:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:11:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.17 20:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Extensions [2013.02.20 15:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions [2013.01.30 13:19:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.02.17 00:05:40 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\clickclean@hotcleaner.com [2012.09.15 18:59:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\ich@maltegoetz.de [2013.02.15 00:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2011.12.17 13:26:23 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008} [2012.07.30 22:41:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.07.30 22:41:17 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org [2011.12.17 13:26:24 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach [2011.11.17 20:29:34 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.02.09 23:32:14 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi [2013.02.20 15:54:07 | 000,530,982 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.10.03 17:45:15 | 000,048,875 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2012.03.21 20:35:25 | 000,447,072 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2012.07.30 22:41:17 | 000,526,190 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.30 22:41:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.12.30 12:46:09 | 000,044,727 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2012.02.24 21:40:47 | 000,002,419 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\englische-ergebnisse.xml [2012.02.24 21:40:47 | 000,010,525 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\gmx-suche.xml [2012.02.24 21:40:47 | 000,002,457 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\lastminute.xml [2012.02.24 21:40:47 | 000,005,508 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\webde-suche.xml [2013.02.06 17:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.02.06 17:11:29 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.21 01:53:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.11 12:06:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.21 01:53:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.21 01:53:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.21 01:53:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.21 01:53:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Orbit Downloader (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: O1 HOSTS File: ([2013.02.18 19:12:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~2\FRESHD~1\FRESHD~1\fdiebar.dll File not found O3 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9 - Extra Button: FreshDownload - {0112EFE4-D779-47C0-90DC-E4170B88D340} - C:\Program Files (x86)\FreshDevices\FreshDownload\fd.exe File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD673351-AEB8-44A4-A92F-351229691467}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.20 16:16:42 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.20 16:16:21 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.20 16:00:51 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\MITCH\Desktop\JRT.exe [2013.02.18 19:13:45 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.18 19:09:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.18 19:09:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.18 19:09:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.18 19:08:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.18 19:08:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.18 17:42:35 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\MITCH\Desktop\ComboFix.exe [2013.02.16 20:35:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MITCH\Desktop\tdsskiller.exe [2013.02.16 20:34:39 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\MITCH\Desktop\aswMBR.exe [2013.02.16 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\MITCH\Desktop\mbar [2013.02.13 23:59:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 23:59:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 23:59:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 23:59:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 23:59:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 23:59:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 23:59:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 23:59:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 23:59:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 23:59:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 23:59:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 23:59:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 23:59:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 23:59:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 23:59:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 23:50:02 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 23:50:01 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 23:50:01 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 23:48:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 23:48:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 23:48:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 23:48:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 23:48:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 23:48:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 23:48:46 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.11 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.11 17:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.11 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.02.06 17:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.04 20:45:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MITCH\Desktop\OTL.exe [2013.02.04 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\Malwarebytes [2013.02.04 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.04 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.04 19:25:37 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.04 19:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.04 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Local\Programs [2013.02.02 21:07:23 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\BitTorrent [2013.02.02 21:04:59 | 001,053,520 | ---- | C] (BitTorrent Inc.) -- C:\Program Files (x86)\BitTorrent_7.8.exe [2013.02.02 15:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD PVR Editor [2013.02.02 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD PVR Editor ========== Files - Modified Within 30 Days ========== [2013.02.20 16:32:49 | 000,023,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.20 16:32:49 | 000,023,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.20 16:29:40 | 001,622,486 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.20 16:29:40 | 000,699,776 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.20 16:29:40 | 000,654,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.20 16:29:40 | 000,149,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.20 16:29:40 | 000,122,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.20 16:25:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.20 16:25:20 | 2146,815,999 | -HS- | M] () -- C:\hiberfil.sys [2013.02.20 16:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.20 16:00:51 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\MITCH\Desktop\JRT.exe [2013.02.19 21:50:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000UA.job [2013.02.18 19:12:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.18 17:43:07 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\MITCH\Desktop\ComboFix.exe [2013.02.17 10:50:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000Core.job [2013.02.17 01:05:18 | 654,226,071 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.16 21:21:46 | 000,000,512 | ---- | M] () -- C:\Users\MITCH\Desktop\MBR.dat [2013.02.16 20:35:52 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\MITCH\Desktop\aswMBR.exe [2013.02.16 20:35:20 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MITCH\Desktop\tdsskiller.exe [2013.02.16 19:47:13 | 000,374,784 | ---- | M] () -- C:\Users\MITCH\Desktop\GMER_2.1.18952.exe [2013.02.14 14:29:03 | 000,587,671 | ---- | M] () -- C:\Users\MITCH\Desktop\adwcleaner0.exe [2013.02.14 00:10:57 | 000,268,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.11 14:08:31 | 000,050,477 | ---- | M] () -- C:\Users\MITCH\Desktop\Defogger.exe [2013.02.10 00:27:47 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.10 00:27:47 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.04 20:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MITCH\Desktop\OTL.exe [2013.02.04 19:25:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.03 15:57:56 | 000,001,309 | ---- | M] () -- C:\Users\MITCH\Desktop\BitTorrent_7.8 - Verknüpfung.lnk [2013.02.02 21:05:05 | 001,053,520 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\BitTorrent_7.8.exe [2013.02.01 00:47:43 | 000,002,364 | ---- | M] () -- C:\Users\MITCH\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.02.18 19:09:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.18 19:09:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.18 19:09:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.18 19:09:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.18 19:09:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.16 21:21:46 | 000,000,512 | ---- | C] () -- C:\Users\MITCH\Desktop\MBR.dat [2013.02.16 19:47:13 | 000,374,784 | ---- | C] () -- C:\Users\MITCH\Desktop\GMER_2.1.18952.exe [2013.02.14 14:29:02 | 000,587,671 | ---- | C] () -- C:\Users\MITCH\Desktop\adwcleaner0.exe [2013.02.11 14:08:31 | 000,050,477 | ---- | C] () -- C:\Users\MITCH\Desktop\Defogger.exe [2013.02.04 19:25:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.03 15:57:56 | 000,001,309 | ---- | C] () -- C:\Users\MITCH\Desktop\BitTorrent_7.8 - Verknüpfung.lnk [2012.06.25 17:16:28 | 000,000,292 | ---- | C] () -- C:\Users\MITCH\AppData\Local\HamsterBookConverter.cfg [2012.06.16 10:07:41 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\VBRUN100.DLL [2012.05.06 10:31:20 | 000,017,408 | ---- | C] () -- C:\Users\MITCH\AppData\Local\WebpageIcons.db [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.09 00:04:20 | 000,019,968 | ---- | C] () -- C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.11 16:09:42 | 001,599,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.02 22:19:34 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.09.02 21:20:01 | 000,007,604 | ---- | C] () -- C:\Users\MITCH\AppData\Local\resmon.resmoncfg [2011.08.25 15:33:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B6AC352B < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.02.2013 16:32:07 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MITCH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,57 Gb Available Physical Memory | 82,12% Memory free
16,00 Gb Paging File | 14,47 Gb Available in Paging File | 90,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 70,73 Gb Free Space | 59,36% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 81,49 Gb Free Space | 83,45% Space Free | Partition Type: NTFS
Drive G: | 423,03 Gb Total Space | 151,03 Gb Free Space | 35,70% Space Free | Partition Type: NTFS
Drive H: | 199,09 Gb Total Space | 156,03 Gb Free Space | 78,37% Space Free | Partition Type: NTFS
Drive O: | 119,92 Gb Total Space | 13,49 Gb Free Space | 11,25% Space Free | Partition Type: NTFS
Computer Name: MITCH-PC | User Name: MITCH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0896509A-86AB-4E3E-B55F-E93C1BB76008}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{235BD6DF-CC63-4FD1-A65B-873017720E94}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2D0F3EE3-432A-42E3-A586-BF3A6E157B88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FC6E7FC-C9F7-47E9-8B44-B6E25FFB582B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B05E0B5-C227-4C46-A1D1-B1602679DF9D}" = lport=139 | protocol=6 | dir=in | app=system |
"{6048750D-A204-4ECE-A065-248F18D6DB2E}" = lport=137 | protocol=17 | dir=in | app=system |
"{608FB095-3F51-4442-81E5-EAE9CA3F2C42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67056C47-2006-4AEC-AB2E-CE8449DE9018}" = lport=10243 | protocol=6 | dir=in | app=system |
"{72425582-A4DC-4B98-A110-1908EA32CCDF}" = lport=445 | protocol=6 | dir=in | app=system |
"{75294EED-B704-4AAC-BAEE-C446CA763BF2}" = rport=139 | protocol=6 | dir=out | app=system |
"{9D410372-E819-4022-9F5B-15063F3634B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AFD8EA5E-CA05-4B13-8515-DDC9AF677A74}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B914FA62-E2E3-477D-B15D-99B71B13AD85}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA8BDCB1-FED7-4BDC-AAD5-C9CF8686F406}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA3E5C6D-19FD-44AA-8C09-B7D200857DBC}" = rport=445 | protocol=6 | dir=out | app=system |
"{E0F69884-C1F3-4182-AD6B-56C9FC0E242D}" = rport=137 | protocol=17 | dir=out | app=system |
"{E72E56B6-6B44-439F-B562-A883C199F6CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE09C395-8F44-4314-9FAA-1A70411C09F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FAFC504B-C285-4C5A-BC13-72A5BBE61C9A}" = lport=138 | protocol=17 | dir=in | app=system |
"{FE09AD30-FFC9-438F-BC4A-AE24FFFF657C}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE224476-E5A7-490A-AE47-EFA152E5ABE6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18945855-611F-4022-9574-56B535E25C54}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{334E2ADE-39A3-421A-859E-141F94192833}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{557DC502-5343-4E56-8226-AC2CBA9D0998}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5629ACDD-3391-4535-AE21-471636FF2F7B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{5AC12CFD-7351-4A7F-A2BE-14F67CCB48C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{649E8AF9-BD2A-4B1F-9C39-2ED3FF72FA82}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{676C76BD-0904-4B57-B61F-5166AF0A7D3C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E2EF138-F161-4373-B64B-7A3EE2C21DDF}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent_7.8.exe |
"{77CBABD5-0193-4344-884B-0957085842A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent_7.8.exe |
"{77E3EC31-8C6C-49A0-9FD2-D64EEDF07E21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D527085-9AAB-4E0E-95FA-A05340E6D934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7ED139D5-DA75-40B0-A563-D90FA094933F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{90724341-B414-4300-8926-8ED6D93DDA67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9838B095-28BC-4651-A35C-4AB161975CD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A15462F3-8EC2-4A9C-901B-5783820C9727}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA781861-FBD5-4ADA-A5A1-BC0C00E49AE3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AB177CB1-90FB-4FB6-9039-84347FE72CDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE6B921D-BF14-4C57-9CC5-059FABA4F81D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB67FFFF-E50B-4562-9BD1-59D95E64D46B}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{C8200822-18C7-4033-A3AE-4DC4E803588B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3424554-0B9E-4195-BACF-9D4E9BB5743E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E35F975F-571C-4DEA-A0FD-0F34DBF4BAEA}" = protocol=6 | dir=out | app=system |
"{EB41979B-AF59-4C06-868F-DA1FBAEAEABA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE176FDB-C254-47EC-8CCC-DEF2816A0201}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F5422D29-D615-45C0-94CF-AD1748ADFEE1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8707C83-BEAE-4F08-8D3B-75C97323AF55}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{FFC3EF5A-FA08-4500-BAFE-B01AB81D157E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{57BE2C44-E41F-46B4-93DC-746FD54E2ECB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{8DC304EE-DDDB-48BC-B656-24323B2EA75A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{C2FBB88A-65AA-6751-25EC-6A9046FA5F3B}" = Windows Driver Kit
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f65530f7-1696-4fcd-8876-37cdcacdbd4c}" = Windows Driver Kit
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FBDF7205-0CD2-435A-A595-58166C4C7953}" = Vector 12.04.073
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Internet Security 2012
"BitTorrent" = BitTorrent
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"HD PVR Editor_is1" = HD PVR Editor 2.0
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"JAP" = JAP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Notepad++" = Notepad++
"Orbit_is1" = Orbit Downloader
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 20.02.2013 11:25:23 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
< End of report >
|
|
20.02.2013, 21:11
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Loadtbs-3.0 entfernen, Schäden beseitigenFixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 4
[2013.02.16 21:21:46 | 000,000,512 | ---- | C] () -- C:\Users\MITCH\Desktop\MBR.dat
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B6AC352B
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2013, 17:20
| #13 |
| | Loadtbs-3.0 entfernen, Schäden beseitigenCode:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 4001 removed from network.proxy.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 4001 removed from network.proxy.http_port
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 4001 removed from network.proxy.ssl_port
Prefs.js: 4 removed from network.proxy.type
C:\Users\MITCH\Desktop\MBR.dat moved successfully.
ADS C:\ProgramData\TEMP:B6AC352B deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\MITCH\Desktop\cmd.bat deleted successfully.
C:\Users\MITCH\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: MITCH
->Temp folder emptied: 1081139 bytes
->Temporary Internet Files folder emptied: 7809444 bytes
->Java cache emptied: 13869 bytes
->FireFox cache emptied: 120836552 bytes
->Google Chrome cache emptied: 83820130 bytes
->Flash cache emptied: 296 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1312 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 140063 bytes
Total Files Cleaned = 204,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 02222013_171112
Files\Folders moved on Reboot...
C:\Users\MITCH\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
22.02.2013, 22:16
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Loadtbs-3.0 entfernen, Schäden beseitigen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2013, 00:11
| #15 |
| | Loadtbs-3.0 entfernen, Schäden beseitigen Alles klar, ich mach das dann morgen Abend. |
|
| Themen zu Loadtbs-3.0 entfernen, Schäden beseitigen |
| .dll, administrator, antivir, autostart, avg, avira, desktop, explorer, februar 2013, frage, home, html, install.exe, loadtbs-3.0, malwarebytes, microsoft, modul, musik, programm, prozesse, registry, security, service.exe, software, usb, virus, warnung, windows |
Textbox. 
Linear-Darstellung
