| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google suche zeigt Spam ErgebnisseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.03.2013, 13:09
| #1 |
 |  Google suche zeigt Spam Ergebnisse Hallo, habe auf meinem Netbook (Acer Eee PC, Windows 7 Starter) folgendes Problem: Wenn ich via Firefox bei Google etwas suche, werden unter dem ersten Suchergebniss weitere, nicht direkt von Google gefundene Ergebnisse eingeblendet. Ich vermute hierbei handelt es sich um einen Trojaner o.ä. Beim surfen mit dem Opera passiert das übrigens nicht. Bei meiner Suche nach dem Problem bin ich auf folgendes Thema gestoßen: http://www.trojaner-board.de/115597-...-ergebnis.html Ich habe Malwarebytes (neustes Update) drüber laufen lassen und das sagt die Log Datei. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.26.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Alex :: ALEX-NETBOOK [Administrator] 26.03.2013 10:18:24 MBAM-log-2013-03-26 (13-09-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 312050 Laufzeit: 2 Stunde(n), 21 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt. (Ende)  |
|
26.03.2013, 13:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google suche zeigt Spam Ergebnisse Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
26.03.2013, 14:00
| #3 |
| | Google suche zeigt Spam Ergebnisse Hallo, nein habe bisher keine weiteren Logs.
__________________ |
|
26.03.2013, 14:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suche zeigt Spam Ergebnisse Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2013, 15:55
| #5 |
| | Google suche zeigt Spam Ergebnisse OTL OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 26.03.2013 15:34:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,12 Mb Total Physical Memory | 292,44 Mb Available Physical Memory | 28,84% Memory free 1,99 Gb Paging File | 0,66 Gb Available in Paging File | 33,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 24,98 Gb Free Space | 24,98% Space Free | Partition Type: NTFS Drive D: | 117,87 Gb Total Space | 81,11 Gb Free Space | 68,82% Space Free | Partition Type: NTFS Computer Name: ALEX-NETBOOK | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InstantOn\InsOnWMI.exe (ASUS) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\ExpressGateUtil\VAWinService.exe () PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronic Corp.) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Asus\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (HPSLPSVC) -- C:\Users\Alex\AppData\Local\Temp\7zS4B4D\hpslpsvc32.dll (Hewlett-Packard Co.) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (VideAceWindowsService) -- C:\ExpressGateUtil\VAWinService.exe () SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (btwrchid) -- C:\windows\system32\drivers\btwrchid.sys File not found DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found DRV - (btwavdt) -- C:\windows\system32\drivers\btwavdt.sys File not found DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found DRV - (btwampfl) -- system32\drivers\btwampfl.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files\ASUS\ATK Package\ATK WMIACPI\epcwmiacpi.sys (ASUS) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (ASMMAP) -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=101641&babsrc=HP_ss&mntrId=2c9c114800000000000014dae9c4dc51 IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=101641&babsrc=SP_ss&mntrId=2c9c114800000000000014dae9c4dc51 IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.t-online.de" FF - prefs.js..extensions.enabledAddons: SkipScreen%40SkipScreen:0.7.0 FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2 FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..network.proxy.http: "69.65.46.61" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.11.02 22:25:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 23:14:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.28 23:14:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.16 08:35:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 23:14:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.28 23:14:16 | 000,000,000 | ---D | M] [2011.11.05 15:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2013.03.05 08:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8us933ho.default\extensions [2012.09.14 21:21:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8us933ho.default\extensions\ich@maltegoetz.de [2012.07.07 12:15:18 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.10.22 08:31:45 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\SkipScreen@SkipScreen.xpi [2011.11.07 12:06:51 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013.03.05 08:08:13 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.03.05 08:08:13 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.01.13 16:08:28 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013.02.14 08:36:28 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.28 23:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.02.28 23:14:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2012.01.03 02:04:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.10 07:36:38 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.18 17:24:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.03 02:04:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.03 02:04:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.03 02:04:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.03 02:04:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000..\Run: [Facebook Update] C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64615E91-9EDE-43E4-9829-096C7DC9CEF1}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A107864B-506B-4CA3-A641-03129A8F052F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCF8A0C1-5E98-4EA2-87FE-2523361ED5FC}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{16dd07ea-34a2-11e1-b5dd-14dae9c4dc51}\Shell - "" = AutoRun O33 - MountPoints2\{16dd07ea-34a2-11e1-b5dd-14dae9c4dc51}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{924f0def-05a3-11e1-afd8-14dae9c4dc51}\Shell - "" = AutoRun O33 - MountPoints2\{924f0def-05a3-11e1-afd8-14dae9c4dc51}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{924f0e80-05a3-11e1-afd8-14dae9c4dc51}\Shell - "" = AutoRun O33 - MountPoints2\{924f0e80-05a3-11e1-afd8-14dae9c4dc51}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2030.01.02 02:50:34 | 000,000,000 | -HSD | C] -- C:\Boot [2013.03.26 15:32:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2013.03.26 10:17:26 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2013.03.26 10:17:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes [2013.03.26 10:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.26 10:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.26 10:16:52 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013.03.26 10:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.26 10:16:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Programs [2013.03.26 10:15:52 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.28 23:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.25 19:13:48 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.02.25 19:12:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.02.25 19:12:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe [2013.02.25 19:12:59 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [8 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.26 15:32:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2013.03.26 13:10:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.26 13:10:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.26 13:10:03 | 000,001,134 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1660716950-1217732575-2718607636-1000UA.job [2013.03.26 10:17:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2013.03.26 10:16:56 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.26 10:16:03 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.26 09:35:20 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.03.26 09:35:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.03.26 09:09:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.03.26 09:09:33 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 22:10:03 | 000,001,112 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1660716950-1217732575-2718607636-1000Core.job [2013.02.25 19:12:42 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.02.25 19:12:41 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2013.02.25 19:12:41 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2013.02.25 19:12:41 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.02.25 19:12:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.02.25 19:12:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe [8 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2030.01.02 02:50:35 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2013.03.26 10:16:56 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.19 16:42:16 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat [2013.01.15 13:19:22 | 008,936,800 | ---- | C] () -- C:\Users\Alex\SonderproblemeLB2-Suesse-Adam-Skript_2012.pdf [2012.04.17 16:21:19 | 000,000,043 | ---- | C] () -- C:\Users\Alex\gsview32.ini [2011.11.02 23:37:58 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2011.11.02 23:35:31 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.04.21 02:19:31 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe [2011.04.21 02:19:31 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2011.04.21 01:56:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.04.21 01:54:52 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2011.04.21 01:54:50 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys [2011.04.21 01:54:26 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini [2011.04.21 01:46:52 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2011.04.21 01:43:40 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2011.04.21 01:43:40 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2010.03.15 20:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2011.11.02 23:38:24 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ɔ [2011.11.02 23:38:24 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ɔ < End of report > Extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.03.2013 15:34:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,12 Mb Total Physical Memory | 292,44 Mb Available Physical Memory | 28,84% Memory free
1,99 Gb Paging File | 0,66 Gb Available in Paging File | 33,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 24,98 Gb Free Space | 24,98% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 81,11 Gb Free Space | 68,82% Space Free | Partition Type: NTFS
Computer Name: ALEX-NETBOOK | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11CDF821-4B0D-406A-9A0F-61895E2ED648}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1634A81D-945E-48B1-BE8F-BF38E2682ABA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21274DFB-8932-40E1-B0BF-5D3F4D466475}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21FD37FC-8911-47F1-A9EE-F438E1C8F394}" = lport=137 | protocol=17 | dir=in | app=system |
"{2A101415-5816-42CF-AB52-6785D0D12346}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D697E0E-C0E4-46FE-995E-D433B2D26C6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39456E91-A258-45C3-858C-07C22ECEA6BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{405A632E-D68E-49FA-8B2A-7F4A7BDB045C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4AD07965-D53A-4D9C-8E78-5FF5B0527B0A}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B0DB3B9-D189-4FEC-914A-2DFDB1289BBB}" = rport=138 | protocol=17 | dir=out | app=system |
"{55C7B969-B3C0-4586-8CC8-77C93539C863}" = lport=10243 | protocol=6 | dir=in | app=system |
"{58974CAA-0B1E-48C0-AA60-869AD0DF227A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{642EEBA9-EE62-4A60-A2D5-3E8D38B79B01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{734F2423-289A-408E-9A17-97FA51E7AAD1}" = rport=137 | protocol=17 | dir=out | app=system |
"{96D9C37B-5F36-4B60-83BE-E52BEE2AD35E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A08B9884-D10A-4FAE-993A-C5D48A522CEC}" = lport=138 | protocol=17 | dir=in | app=system |
"{A32CA317-8906-4DE5-BE69-6661532FC24A}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3A7CEEA-B357-456A-ADFF-474848218879}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A58E7306-2B16-433F-B710-E19B85524A0A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{BA6DF6ED-66E8-4241-8E9E-991536B4990C}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{C5E3C9ED-BB47-432C-9821-0D3D264CF425}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CA3E3652-B45B-4453-854C-8560416431CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CDBF9BF4-5DDF-4BF6-BEE2-B3C10E962A28}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D079CC97-7EBC-4682-BDCC-DBBD6CC91137}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCDD9E27-38ED-4AE6-8670-2BF8CD8028D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FB214E-A676-45D2-A52C-D252D1B68CC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E911A6B-5294-4656-BE0C-A093325153E7}" = protocol=6 | dir=out | app=system |
"{0F044163-88C9-42AD-B9AB-440E96FB8EF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17BE85A3-9498-4B4C-8FCB-4FFF34F83FC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22149411-75F8-43FD-A3A1-20712E6D28A1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{268F2103-2988-4FE2-88D9-E527E0FE3A4F}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\temp\7zs4b4d\hppiw.exe |
"{2BC51486-ED1E-413F-8822-DD80EF63F797}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2D93CE0A-6245-4229-8F34-DD70D0DE7D0E}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\temp\7zs4b4d\hppiw.exe |
"{337CE33B-8747-4258-8B8E-90205E159BC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5AD4978A-5BAB-43D9-98BD-DBCD55243A74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FDF49E7-9AD6-490C-BDFE-C59E1A8DA81F}" = dir=in | app=c:\users\alex\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9A82B5D7-DFA6-49B8-97A2-F7F14B0857DA}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{9BCE74BC-7C65-4B8D-AD13-FA9D50134561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DF15337-4E25-42D6-AFE8-E4F24E383B81}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A4011DF5-BBF1-4BA1-A537-80C632E99389}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A41FE60E-AEA5-4333-B51C-745F6B850149}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD80F1E9-7584-4DFA-92AA-351990030B5C}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3BDC477-7256-4F7A-9F27-4325A2EF5D36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B8762F92-06AF-4BF4-87C9-8A287B52746E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B956C9E0-566B-4E89-BC76-5742F756C5E1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{BABBE030-0BAE-4590-9A0D-5085FA6B5FC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BAF7435B-578D-471D-BF62-6ECDEE6629E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BFE30EFB-59A6-47B3-B25B-187CB9556E75}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{C8A2936A-440B-4DEA-BFB7-59D09ACDE84B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{D00B51A4-7DC1-498A-99C6-45F0B52F9E15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D460CAF4-1680-4A69-BD5C-B8DA3B6A9746}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DAC7A411-2ED7-432D-B774-70CD7F880A6C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{DB38721A-D1D9-4BB0-A948-4C1DD4CA4619}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0AAE069-DF71-4953-AC2B-221DFD5C4DD8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{BBEDEEDC-4353-4735-B1D3-F05127B2D569}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{BF5E58BC-D589-4EC8-BBF3-D18115FA7734}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect Lite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Eee Docking_is1" = Eee Docking 3.8.3
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.14.1738" = Opera 12.14
"Texmaker" = Texmaker
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.2
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.11.2012 08:08:01 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.11.2012 08:13:21 | Computer Name = Alex-Netbook | Source = Google Update | ID = 20
Description =
Error - 07.01.2013 15:24:48 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 07.01.2013 15:52:06 | Computer Name = Alex-Netbook | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 11.01.2013 05:14:36 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 13.01.2013 14:31:31 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.01.2013 04:27:59 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 15.01.2013 06:14:11 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 15.01.2013 10:19:47 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 24.01.2013 13:30:53 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 06.03.2012 06:39:59 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 06.03.2012 18:01:13 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 07.03.2012 04:26:23 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 07.03.2012 05:48:13 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 07.03.2012 15:18:40 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 07.03.2012 17:08:44 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 07.03.2012 18:49:56 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 07.03.2012 18:53:00 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 08.03.2012 03:49:41 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 08.03.2012 10:27:10 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
26.03.2013, 16:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suche zeigt Spam Ergebnisse Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Google suche zeigt Spam Ergebnisse |
|
26.03.2013, 18:43
| #7 |
| | Google suche zeigt Spam Ergebnisse GMER Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-26 17:14:59
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ESBO 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxdorpod.sys
---- System - GMER 2.1 ----
SSDT 8B648B66 ZwCreateSection
SSDT 8B648B70 ZwRequestWaitReplyPort
SSDT 8B648B6B ZwSetContextThread
SSDT 8B648B75 ZwSetSecurityObject
SSDT 8B648B7A ZwSystemDebugControl
SSDT 8B648B07 ZwTerminateProcess
INT 0x71 ? 925EA058
INT 0x72 ? 925EAA58
INT 0x81 ? 925EA2D8
INT 0xA2 ? 925EA7D8
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8207B9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820B51C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 820BC30C 4 Bytes [66, 8B, 64, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 820BC668 4 Bytes [70, 8B, 64, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 820BC6AC 4 Bytes [6B, 8B, 64, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 820BC728 4 Bytes [75, 8B, 64, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 820BC77C 4 Bytes [7A, 8B, 64, 8B]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da17155
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da17155 (not active ControlSet)
---- EOF - GMER 2.1 ----
MBAR 1 Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.26.11
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-NETBOOK [administrator]
26.03.2013 18:00:18
mbar-log-2013-03-26 (18-00-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27813
Time elapsed: 32 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 17
HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{DB1F5554-582C-4F53-82CC-458D2C04A2F1} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\INPROCSERVER32 (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
Registry Values Detected: 2
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.26.12
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-NETBOOK [administrator]
26.03.2013 18:40:24
mbar-log-2013-03-26 (18-40-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27796
Time elapsed: 33 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
26.03.2013, 22:40
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suche zeigt Spam Ergebnisse aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2013, 04:23
| #9 |
| | Google suche zeigt Spam Ergebnisse aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-27 03:29:20
-----------------------------
03:29:20.328 OS Version: Windows 6.1.7601 Service Pack 1
03:29:20.328 Number of processors: 4 586 0x1C0A
03:29:20.344 ComputerName: ALEX-NETBOOK UserName: Alex
03:29:33.635 Initialize success
03:30:12.932 AVAST engine defs: 13032601
03:30:15.755 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:30:15.771 Disk 0 Vendor: Hitachi_ ESBO Size: 238475MB BusType: 3
03:30:16.208 Disk 0 MBR read successfully
03:30:16.208 Disk 0 MBR scan
03:30:16.754 Disk 0 Windows 7 default MBR code
03:30:16.785 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048
03:30:17.331 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 15360 MB offset 209717248
03:30:17.799 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 120697 MB offset 241174528
03:30:20.217 Disk 0 Partition 4 00 EF EFI FAT 16 MB offset 488361984
03:30:20.420 Disk 0 scanning sectors +488394752
03:30:21.278 Disk 0 scanning C:\windows\system32\drivers
03:31:12.118 Service scanning
03:33:35.716 Modules scanning
03:34:21.768 Disk 0 trace - called modules:
03:34:21.815 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
03:34:21.846 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8634e1f8]
03:34:21.861 3 CLASSPNP.SYS[86f7c59e] -> nt!IofCallDriver -> [0x84461950]
03:34:21.893 5 ACPI.sys[8689e3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8445c028]
03:34:31.487 AVAST engine scan C:\windows
03:34:42.126 AVAST engine scan C:\windows\system32
03:47:35.747 AVAST engine scan C:\windows\system32\drivers
03:48:37.024 AVAST engine scan C:\Users\Alex
04:14:26.060 AVAST engine scan C:\ProgramData
04:16:15.572 Scan finished successfully
04:17:32.810 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
04:17:32.841 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"
Code:
ATTFilter 04:18:21.0884 2340 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
04:18:22.0133 2340 ============================================================
04:18:22.0133 2340 Current date / time: 2013/03/27 04:18:22.0133
04:18:22.0133 2340 SystemInfo:
04:18:22.0133 2340
04:18:22.0133 2340 OS Version: 6.1.7601 ServicePack: 1.0
04:18:22.0133 2340 Product type: Workstation
04:18:22.0133 2340 ComputerName: ALEX-NETBOOK
04:18:22.0133 2340 UserName: Alex
04:18:22.0133 2340 Windows directory: C:\windows
04:18:22.0133 2340 System windows directory: C:\windows
04:18:22.0133 2340 Processor architecture: Intel x86
04:18:22.0133 2340 Number of processors: 4
04:18:22.0133 2340 Page size: 0x1000
04:18:22.0133 2340 Boot type: Normal boot
04:18:22.0133 2340 ============================================================
04:18:23.0678 2340 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:18:23.0802 2340 ============================================================
04:18:23.0802 2340 \Device\Harddisk0\DR0:
04:18:23.0818 2340 MBR partitions:
04:18:23.0818 2340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
04:18:23.0818 2340 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBC800
04:18:23.0834 2340 ============================================================
04:18:23.0912 2340 C: <-> \Device\Harddisk0\DR0\Partition1
04:18:23.0958 2340 D: <-> \Device\Harddisk0\DR0\Partition2
04:18:24.0270 2340 ============================================================
04:18:24.0270 2340 Initialize success
04:18:24.0270 2340 ============================================================
04:19:26.0000 1076 ============================================================
04:19:26.0000 1076 Scan started
04:19:26.0000 1076 Mode: Manual; SigCheck; TDLFS;
04:19:26.0000 1076 ============================================================
04:19:27.0404 1076 ================ Scan system memory ========================
04:19:27.0404 1076 System memory - ok
04:19:27.0404 1076 ================ Scan services =============================
04:19:27.0638 1076 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
04:19:28.0106 1076 1394ohci - ok
04:19:28.0153 1076 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
04:19:28.0199 1076 ACPI - ok
04:19:28.0231 1076 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
04:19:28.0418 1076 AcpiPmi - ok
04:19:28.0543 1076 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
04:19:28.0574 1076 AdobeARMservice - ok
04:19:28.0636 1076 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\drivers\adp94xx.sys
04:19:28.0683 1076 adp94xx - ok
04:19:28.0714 1076 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\drivers\adpahci.sys
04:19:28.0745 1076 adpahci - ok
04:19:28.0808 1076 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\drivers\adpu320.sys
04:19:28.0855 1076 adpu320 - ok
04:19:28.0886 1076 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
04:19:29.0182 1076 AeLookupSvc - ok
04:19:29.0229 1076 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
04:19:29.0354 1076 AFD - ok
04:19:29.0385 1076 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
04:19:29.0416 1076 agp440 - ok
04:19:29.0447 1076 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\drivers\djsvs.sys
04:19:29.0494 1076 aic78xx - ok
04:19:29.0541 1076 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
04:19:29.0619 1076 ALG - ok
04:19:29.0697 1076 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
04:19:29.0728 1076 aliide - ok
04:19:29.0759 1076 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
04:19:29.0791 1076 amdagp - ok
04:19:29.0806 1076 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
04:19:29.0837 1076 amdide - ok
04:19:29.0853 1076 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
04:19:29.0962 1076 AmdK8 - ok
04:19:30.0009 1076 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
04:19:30.0071 1076 AmdPPM - ok
04:19:30.0118 1076 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
04:19:30.0165 1076 amdsata - ok
04:19:30.0181 1076 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\drivers\amdsbs.sys
04:19:30.0227 1076 amdsbs - ok
04:19:30.0259 1076 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
04:19:30.0290 1076 amdxata - ok
04:19:30.0415 1076 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
04:19:30.0461 1076 AntiVirSchedulerService - ok
04:19:30.0524 1076 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
04:19:30.0555 1076 AntiVirService - ok
04:19:30.0586 1076 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
04:19:30.0711 1076 AppID - ok
04:19:30.0758 1076 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
04:19:30.0836 1076 AppIDSvc - ok
04:19:30.0867 1076 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
04:19:30.0976 1076 Appinfo - ok
04:19:31.0007 1076 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\drivers\arc.sys
04:19:31.0054 1076 arc - ok
04:19:31.0070 1076 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\drivers\arcsas.sys
04:19:31.0101 1076 arcsas - ok
04:19:31.0148 1076 [ 956C7177DBDA0F02436868AD644CCF31 ] AsIO C:\windows\system32\drivers\AsIO.sys
04:19:31.0195 1076 AsIO - ok
04:19:31.0257 1076 [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
04:19:31.0288 1076 ASLDRService - ok
04:19:31.0319 1076 [ B9FDFA552EBA5B4BF377F7CCEC9B8BC7 ] ASMMAP C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys
04:19:31.0351 1076 ASMMAP - ok
04:19:31.0382 1076 [ A9A565C669786C402752F609AFDD0DD5 ] AsUpIO C:\windows\system32\drivers\AsUpIO.sys
04:19:31.0413 1076 AsUpIO - ok
04:19:31.0444 1076 [ BDF2196D34BB224E5B11C2B0FC3A55CB ] AsusService C:\windows\system32\AsusService.exe
04:19:31.0475 1076 AsusService - ok
04:19:31.0491 1076 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
04:19:31.0709 1076 AsyncMac - ok
04:19:31.0756 1076 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
04:19:31.0787 1076 atapi - ok
04:19:31.0865 1076 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\windows\system32\DRIVERS\athr.sys
04:19:32.0006 1076 athr - ok
04:19:32.0037 1076 [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
04:19:32.0068 1076 ATKGFNEXSrv - ok
04:19:32.0131 1076 [ 01B174E8702972D65904DEB78FB756D1 ] ATKWMIACPIIO C:\Program Files\ASUS\ATK Package\ATK WMIACPI\epcwmiacpi.sys
04:19:32.0146 1076 ATKWMIACPIIO - ok
04:19:32.0209 1076 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
04:19:32.0318 1076 AudioEndpointBuilder - ok
04:19:32.0349 1076 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
04:19:32.0427 1076 Audiosrv - ok
04:19:32.0458 1076 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
04:19:32.0489 1076 avgntflt - ok
04:19:32.0536 1076 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
04:19:32.0567 1076 avipbb - ok
04:19:32.0583 1076 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
04:19:32.0614 1076 avkmgr - ok
04:19:32.0661 1076 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
04:19:32.0770 1076 AxInstSV - ok
04:19:32.0817 1076 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\drivers\bxvbdx.sys
04:19:32.0957 1076 b06bdrv - ok
04:19:33.0004 1076 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
04:19:33.0113 1076 b57nd60x - ok
04:19:33.0238 1076 [ 2BE0F23D494C301641C42EAD2FDCD4F2 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
04:19:33.0379 1076 BCM43XX - ok
04:19:33.0410 1076 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
04:19:33.0519 1076 BDESVC - ok
04:19:33.0566 1076 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
04:19:33.0706 1076 Beep - ok
04:19:33.0862 1076 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
04:19:33.0987 1076 BFE - ok
04:19:34.0096 1076 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
04:19:34.0346 1076 BITS - ok
04:19:34.0455 1076 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
04:19:34.0533 1076 blbdrive - ok
04:19:34.0611 1076 [ A6D35FF84E024D6D3F12AAF6C9814314 ] BMLoad C:\windows\system32\drivers\BMLoad.sys
04:19:34.0673 1076 BMLoad ( UnsignedFile.Multi.Generic ) - warning
04:19:34.0673 1076 BMLoad - detected UnsignedFile.Multi.Generic (1)
04:19:34.0751 1076 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
04:19:34.0923 1076 bowser - ok
04:19:34.0985 1076 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
04:19:35.0157 1076 BrFiltLo - ok
04:19:35.0188 1076 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
04:19:35.0251 1076 BrFiltUp - ok
04:19:35.0297 1076 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
04:19:35.0407 1076 Browser - ok
04:19:35.0469 1076 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
04:19:35.0625 1076 Brserid - ok
04:19:35.0641 1076 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
04:19:35.0719 1076 BrSerWdm - ok
04:19:35.0734 1076 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
04:19:35.0797 1076 BrUsbMdm - ok
04:19:35.0812 1076 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
04:19:35.0859 1076 BrUsbSer - ok
04:19:35.0921 1076 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
04:19:36.0062 1076 BthEnum - ok
04:19:36.0093 1076 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
04:19:36.0155 1076 BTHMODEM - ok
04:19:36.0187 1076 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
04:19:36.0233 1076 BthPan - ok
04:19:36.0280 1076 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
04:19:36.0358 1076 BTHPORT - ok
04:19:36.0421 1076 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
04:19:36.0514 1076 bthserv - ok
04:19:36.0561 1076 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
04:19:36.0608 1076 BTHUSB - ok
04:19:36.0623 1076 btwampfl - ok
04:19:36.0639 1076 btwaudio - ok
04:19:36.0655 1076 btwavdt - ok
04:19:36.0670 1076 btwl2cap - ok
04:19:36.0686 1076 btwrchid - ok
04:19:36.0701 1076 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
04:19:36.0795 1076 cdfs - ok
04:19:36.0857 1076 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
04:19:36.0920 1076 cdrom - ok
04:19:36.0951 1076 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
04:19:37.0029 1076 CertPropSvc - ok
04:19:37.0060 1076 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\drivers\circlass.sys
04:19:37.0123 1076 circlass - ok
04:19:37.0154 1076 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
04:19:37.0201 1076 CLFS - ok
04:19:37.0294 1076 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:19:37.0325 1076 clr_optimization_v2.0.50727_32 - ok
04:19:37.0403 1076 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:19:37.0497 1076 clr_optimization_v4.0.30319_32 - ok
04:19:37.0528 1076 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
04:19:37.0653 1076 CmBatt - ok
04:19:37.0684 1076 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
04:19:37.0731 1076 cmdide - ok
04:19:37.0762 1076 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
04:19:37.0887 1076 CNG - ok
04:19:37.0949 1076 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\drivers\compbatt.sys
04:19:38.0012 1076 Compbatt - ok
04:19:38.0043 1076 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
04:19:38.0105 1076 CompositeBus - ok
04:19:38.0121 1076 COMSysApp - ok
04:19:38.0168 1076 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
04:19:38.0199 1076 crcdisk - ok
04:19:38.0261 1076 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
04:19:38.0371 1076 CryptSvc - ok
04:19:38.0511 1076 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
04:19:38.0573 1076 cvhsvc - ok
04:19:38.0620 1076 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
04:19:38.0729 1076 DcomLaunch - ok
04:19:38.0776 1076 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
04:19:38.0870 1076 defragsvc - ok
04:19:38.0901 1076 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
04:19:38.0979 1076 DfsC - ok
04:19:39.0026 1076 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
04:19:39.0104 1076 Dhcp - ok
04:19:39.0119 1076 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
04:19:39.0197 1076 discache - ok
04:19:39.0244 1076 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\drivers\disk.sys
04:19:39.0275 1076 Disk - ok
04:19:39.0307 1076 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
04:19:39.0431 1076 Dnscache - ok
04:19:39.0463 1076 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
04:19:39.0556 1076 dot3svc - ok
04:19:39.0587 1076 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
04:19:39.0681 1076 DPS - ok
04:19:39.0728 1076 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
04:19:39.0775 1076 drmkaud - ok
04:19:39.0821 1076 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
04:19:39.0884 1076 DXGKrnl - ok
04:19:39.0931 1076 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
04:19:40.0009 1076 EapHost - ok
04:19:40.0149 1076 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\drivers\evbdx.sys
04:19:40.0352 1076 ebdrv - ok
04:19:40.0383 1076 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
04:19:40.0523 1076 EFS - ok
04:19:40.0586 1076 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\drivers\elxstor.sys
04:19:40.0633 1076 elxstor - ok
04:19:40.0664 1076 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
04:19:40.0711 1076 ErrDev - ok
04:19:40.0757 1076 [ 7C87DF14552A5E0270DBD906BAFF85FB ] ETD C:\windows\system32\DRIVERS\ETD.sys
04:19:40.0773 1076 ETD - ok
04:19:40.0835 1076 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
04:19:40.0929 1076 EventSystem - ok
04:19:40.0991 1076 [ 1FC8C55255D197AA3A423624786D090C ] ewusbnet C:\windows\system32\DRIVERS\ewusbnet.sys
04:19:41.0085 1076 ewusbnet - ok
04:19:41.0116 1076 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
04:19:41.0194 1076 exfat - ok
04:19:41.0241 1076 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
04:19:41.0335 1076 fastfat - ok
04:19:41.0397 1076 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
04:19:41.0506 1076 Fax - ok
04:19:41.0522 1076 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\drivers\fdc.sys
04:19:41.0569 1076 fdc - ok
04:19:41.0600 1076 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
04:19:41.0678 1076 fdPHost - ok
04:19:41.0709 1076 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
04:19:41.0803 1076 FDResPub - ok
04:19:41.0849 1076 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
04:19:41.0881 1076 FileInfo - ok
04:19:41.0896 1076 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
04:19:41.0990 1076 Filetrace - ok
04:19:42.0005 1076 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\drivers\flpydisk.sys
04:19:42.0052 1076 flpydisk - ok
04:19:42.0099 1076 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
04:19:42.0146 1076 FltMgr - ok
04:19:42.0208 1076 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\windows\system32\FntCache.dll
04:19:42.0364 1076 FontCache - ok
04:19:42.0520 1076 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
04:19:42.0567 1076 FontCache3.0.0.0 - ok
04:19:42.0598 1076 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
04:19:42.0629 1076 FsDepends - ok
04:19:42.0661 1076 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
04:19:42.0692 1076 fssfltr - ok
04:19:42.0801 1076 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
04:19:42.0910 1076 fsssvc - ok
04:19:42.0957 1076 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
04:19:42.0988 1076 Fs_Rec - ok
04:19:43.0035 1076 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
04:19:43.0097 1076 fvevol - ok
04:19:43.0129 1076 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
04:19:43.0175 1076 gagp30kx - ok
04:19:43.0222 1076 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
04:19:43.0331 1076 gpsvc - ok
04:19:43.0363 1076 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
04:19:43.0441 1076 hcw85cir - ok
04:19:43.0503 1076 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
04:19:43.0565 1076 HdAudAddService - ok
04:19:43.0597 1076 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
04:19:43.0659 1076 HDAudBus - ok
04:19:43.0706 1076 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\drivers\HidBatt.sys
04:19:43.0784 1076 HidBatt - ok
04:19:43.0799 1076 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\drivers\hidbth.sys
04:19:43.0862 1076 HidBth - ok
04:19:43.0909 1076 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\drivers\hidir.sys
04:19:43.0971 1076 HidIr - ok
04:19:44.0002 1076 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
04:19:44.0111 1076 hidserv - ok
04:19:44.0158 1076 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
04:19:44.0205 1076 HidUsb - ok
04:19:44.0236 1076 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
04:19:44.0299 1076 hkmsvc - ok
04:19:44.0345 1076 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
04:19:44.0501 1076 HomeGroupListener - ok
04:19:44.0548 1076 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
04:19:44.0611 1076 HomeGroupProvider - ok
04:19:44.0642 1076 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
04:19:44.0689 1076 HpSAMD - ok
04:19:44.0907 1076 [ C3B71A7EE3ADA9E9D1A30133B9D2FC74 ] HPSLPSVC C:\Users\Alex\AppData\Local\Temp\7zS4B4D\hpslpsvc32.dll
04:19:44.0985 1076 HPSLPSVC - ok
04:19:45.0032 1076 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
04:19:45.0141 1076 HTTP - ok
04:19:45.0188 1076 [ 0515065A3C7E8869DD01253E987C5BD1 ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
04:19:45.0266 1076 hwdatacard - ok
04:19:45.0281 1076 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
04:19:45.0313 1076 hwpolicy - ok
04:19:45.0359 1076 [ A259D3619AA23D4562581067F85E2006 ] hwusbfake C:\windows\system32\DRIVERS\ewusbfake.sys
04:19:45.0437 1076 hwusbfake - ok
04:19:45.0484 1076 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
04:19:45.0531 1076 i8042prt - ok
04:19:45.0578 1076 [ D80AA0907748D7CC8EFAB3773F32629B ] iaStor C:\windows\system32\drivers\iaStor.sys
04:19:45.0625 1076 iaStor - ok
04:19:45.0656 1076 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
04:19:45.0703 1076 iaStorV - ok
04:19:45.0781 1076 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:19:45.0843 1076 idsvc - ok
04:19:46.0015 1076 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
04:19:46.0342 1076 igfx - ok
04:19:46.0436 1076 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\drivers\iirsp.sys
04:19:46.0483 1076 iirsp - ok
04:19:46.0592 1076 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
04:19:46.0701 1076 IKEEXT - ok
04:19:46.0826 1076 [ E8B6F7896DB2EE6A7AF7A177A9BBC526 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
04:19:47.0029 1076 IntcAzAudAddService - ok
04:19:47.0060 1076 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
04:19:47.0091 1076 intelide - ok
04:19:47.0122 1076 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
04:19:47.0200 1076 intelppm - ok
04:19:47.0231 1076 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
04:19:47.0341 1076 IPBusEnum - ok
04:19:47.0356 1076 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
04:19:47.0434 1076 IpFilterDriver - ok
04:19:47.0497 1076 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
04:19:47.0575 1076 iphlpsvc - ok
04:19:47.0606 1076 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
04:19:47.0668 1076 IPMIDRV - ok
04:19:47.0684 1076 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
04:19:47.0793 1076 IPNAT - ok
04:19:47.0840 1076 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
04:19:47.0933 1076 IRENUM - ok
04:19:47.0965 1076 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
04:19:47.0996 1076 isapnp - ok
04:19:48.0027 1076 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
04:19:48.0074 1076 iScsiPrt - ok
04:19:48.0136 1076 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
04:19:48.0183 1076 kbdclass - ok
04:19:48.0199 1076 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
04:19:48.0261 1076 kbdhid - ok
04:19:48.0323 1076 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\windows\system32\DRIVERS\kbfiltr.sys
04:19:48.0339 1076 kbfiltr - ok
04:19:48.0370 1076 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
04:19:48.0401 1076 KeyIso - ok
04:19:48.0433 1076 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
04:19:48.0479 1076 KSecDD - ok
04:19:48.0511 1076 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
04:19:48.0542 1076 KSecPkg - ok
04:19:48.0589 1076 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
04:19:48.0682 1076 KtmRm - ok
04:19:48.0729 1076 [ C8FA09049E640B0A27E4B4446D958FE5 ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
04:19:48.0760 1076 L1C - ok
04:19:48.0791 1076 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
04:19:48.0901 1076 LanmanServer - ok
04:19:48.0947 1076 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
04:19:49.0057 1076 LanmanWorkstation - ok
04:19:49.0103 1076 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
04:19:49.0181 1076 lltdio - ok
04:19:49.0213 1076 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
04:19:49.0291 1076 lltdsvc - ok
04:19:49.0322 1076 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
04:19:49.0384 1076 lmhosts - ok
04:19:49.0431 1076 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
04:19:49.0478 1076 LSI_FC - ok
04:19:49.0493 1076 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
04:19:49.0525 1076 LSI_SAS - ok
04:19:49.0556 1076 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
04:19:49.0587 1076 LSI_SAS2 - ok
04:19:49.0603 1076 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
04:19:49.0649 1076 LSI_SCSI - ok
04:19:49.0681 1076 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
04:19:49.0759 1076 luafv - ok
04:19:49.0805 1076 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\drivers\megasas.sys
04:19:49.0837 1076 megasas - ok
04:19:49.0883 1076 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
04:19:49.0930 1076 MegaSR - ok
04:19:49.0946 1076 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
04:19:50.0039 1076 MMCSS - ok
04:19:50.0071 1076 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
04:19:50.0149 1076 Modem - ok
04:19:50.0211 1076 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
04:19:50.0258 1076 monitor - ok
04:19:50.0289 1076 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
04:19:50.0320 1076 mouclass - ok
04:19:50.0336 1076 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
04:19:50.0398 1076 mouhid - ok
04:19:50.0414 1076 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
04:19:50.0445 1076 mountmgr - ok
04:19:50.0539 1076 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
04:19:50.0570 1076 MozillaMaintenance - ok
04:19:50.0617 1076 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
04:19:50.0648 1076 mpio - ok
04:19:50.0679 1076 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
04:19:50.0757 1076 mpsdrv - ok
04:19:50.0804 1076 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
04:19:50.0897 1076 MpsSvc - ok
04:19:50.0944 1076 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
04:19:50.0991 1076 MRxDAV - ok
04:19:51.0022 1076 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
04:19:51.0100 1076 mrxsmb - ok
04:19:51.0131 1076 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
04:19:51.0209 1076 mrxsmb10 - ok
04:19:51.0241 1076 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
04:19:51.0287 1076 mrxsmb20 - ok
04:19:51.0319 1076 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
04:19:51.0350 1076 msahci - ok
04:19:51.0381 1076 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
04:19:51.0412 1076 msdsm - ok
04:19:51.0443 1076 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
04:19:51.0490 1076 MSDTC - ok
04:19:51.0537 1076 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
04:19:51.0615 1076 Msfs - ok
04:19:51.0631 1076 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
04:19:51.0709 1076 mshidkmdf - ok
04:19:51.0740 1076 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
04:19:51.0771 1076 msisadrv - ok
04:19:51.0818 1076 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
04:19:51.0911 1076 MSiSCSI - ok
04:19:51.0911 1076 msiserver - ok
04:19:51.0943 1076 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
04:19:52.0005 1076 MSKSSRV - ok
04:19:52.0036 1076 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
04:19:52.0130 1076 MSPCLOCK - ok
04:19:52.0145 1076 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
04:19:52.0223 1076 MSPQM - ok
04:19:52.0239 1076 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
04:19:52.0286 1076 MsRPC - ok
04:19:52.0317 1076 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
04:19:52.0348 1076 mssmbios - ok
04:19:52.0379 1076 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
04:19:52.0457 1076 MSTEE - ok
04:19:52.0489 1076 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\drivers\MTConfig.sys
04:19:52.0535 1076 MTConfig - ok
04:19:52.0567 1076 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
04:19:52.0598 1076 Mup - ok
04:19:52.0645 1076 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
04:19:52.0738 1076 napagent - ok
04:19:52.0769 1076 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
04:19:52.0832 1076 NativeWifiP - ok
04:19:52.0894 1076 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
04:19:52.0957 1076 NDIS - ok
04:19:53.0019 1076 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
04:19:53.0097 1076 NdisCap - ok
04:19:53.0144 1076 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
04:19:53.0222 1076 NdisTapi - ok
04:19:53.0253 1076 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
04:19:53.0347 1076 Ndisuio - ok
04:19:53.0362 1076 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
04:19:53.0456 1076 NdisWan - ok
04:19:53.0503 1076 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
04:19:53.0581 1076 NDProxy - ok
04:19:53.0612 1076 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
04:19:53.0705 1076 NetBIOS - ok
04:19:53.0737 1076 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
04:19:53.0830 1076 NetBT - ok
04:19:53.0861 1076 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
04:19:53.0893 1076 Netlogon - ok
04:19:53.0971 1076 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
04:19:54.0064 1076 Netman - ok
04:19:54.0095 1076 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
04:19:54.0205 1076 netprofm - ok
04:19:54.0236 1076 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:19:54.0267 1076 NetTcpPortSharing - ok
04:19:54.0298 1076 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
04:19:54.0345 1076 nfrd960 - ok
04:19:54.0361 1076 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
04:19:54.0423 1076 NlaSvc - ok
04:19:54.0439 1076 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
04:19:54.0517 1076 Npfs - ok
04:19:54.0532 1076 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
04:19:54.0626 1076 nsi - ok
04:19:54.0641 1076 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
04:19:54.0735 1076 nsiproxy - ok
04:19:54.0797 1076 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
04:19:54.0891 1076 Ntfs - ok
04:19:54.0907 1076 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
04:19:55.0000 1076 Null - ok
04:19:55.0031 1076 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
04:19:55.0078 1076 nvraid - ok
04:19:55.0094 1076 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
04:19:55.0141 1076 nvstor - ok
04:19:55.0156 1076 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
04:19:55.0187 1076 nv_agp - ok
04:19:55.0219 1076 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
04:19:55.0281 1076 ohci1394 - ok
04:19:55.0328 1076 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:19:55.0359 1076 ose - ok
04:19:55.0515 1076 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
04:19:55.0811 1076 osppsvc - ok
04:19:55.0858 1076 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
04:19:55.0936 1076 p2pimsvc - ok
04:19:55.0999 1076 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
04:19:56.0045 1076 p2psvc - ok
04:19:56.0077 1076 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\drivers\parport.sys
04:19:56.0123 1076 Parport - ok
04:19:56.0155 1076 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
04:19:56.0186 1076 partmgr - ok
04:19:56.0217 1076 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\drivers\parvdm.sys
04:19:56.0264 1076 Parvdm - ok
04:19:56.0295 1076 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
04:19:56.0342 1076 PcaSvc - ok
04:19:56.0404 1076 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
04:19:56.0451 1076 pci - ok
04:19:56.0467 1076 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
04:19:56.0498 1076 pciide - ok
04:19:56.0529 1076 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
04:19:56.0576 1076 pcmcia - ok
04:19:56.0591 1076 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
04:19:56.0638 1076 pcw - ok
04:19:56.0669 1076 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
04:19:56.0779 1076 PEAUTH - ok
04:19:56.0888 1076 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
04:19:57.0013 1076 pla - ok
04:19:57.0059 1076 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
04:19:57.0137 1076 PlugPlay - ok
04:19:57.0184 1076 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
04:19:57.0231 1076 PNRPAutoReg - ok
04:19:57.0262 1076 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
04:19:57.0309 1076 PNRPsvc - ok
04:19:57.0356 1076 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
04:19:57.0449 1076 PolicyAgent - ok
04:19:57.0481 1076 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
04:19:57.0574 1076 Power - ok
04:19:57.0621 1076 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
04:19:57.0699 1076 PptpMiniport - ok
04:19:57.0730 1076 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\drivers\processr.sys
04:19:57.0761 1076 Processor - ok
04:19:57.0824 1076 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
04:19:57.0902 1076 ProfSvc - ok
04:19:57.0917 1076 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
04:19:57.0964 1076 ProtectedStorage - ok
04:19:57.0995 1076 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
04:19:58.0073 1076 Psched - ok
04:19:58.0136 1076 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\drivers\ql2300.sys
04:19:58.0229 1076 ql2300 - ok
04:19:58.0261 1076 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
04:19:58.0292 1076 ql40xx - ok
04:19:58.0339 1076 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
04:19:58.0417 1076 QWAVE - ok
04:19:58.0448 1076 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
04:19:58.0495 1076 QWAVEdrv - ok
04:19:58.0526 1076 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
04:19:58.0604 1076 RasAcd - ok
04:19:58.0635 1076 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
04:19:58.0713 1076 RasAgileVpn - ok
04:19:58.0744 1076 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
04:19:58.0822 1076 RasAuto - ok
04:19:58.0853 1076 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
04:19:58.0947 1076 Rasl2tp - ok
04:19:59.0009 1076 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
04:19:59.0103 1076 RasMan - ok
04:19:59.0134 1076 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
04:19:59.0212 1076 RasPppoe - ok
04:19:59.0228 1076 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
04:19:59.0290 1076 RasSstp - ok
04:19:59.0321 1076 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
04:19:59.0415 1076 rdbss - ok
04:19:59.0462 1076 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\drivers\rdpbus.sys
04:19:59.0509 1076 rdpbus - ok
04:19:59.0540 1076 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
04:19:59.0618 1076 RDPCDD - ok
04:19:59.0649 1076 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
04:19:59.0727 1076 RDPENCDD - ok
04:19:59.0758 1076 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
04:19:59.0836 1076 RDPREFMP - ok
04:19:59.0883 1076 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
04:19:59.0961 1076 RDPWD - ok
04:20:00.0008 1076 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
04:20:00.0039 1076 rdyboost - ok
04:20:00.0086 1076 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
04:20:00.0164 1076 RemoteAccess - ok
04:20:00.0211 1076 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
04:20:00.0289 1076 RemoteRegistry - ok
04:20:00.0320 1076 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
04:20:00.0367 1076 RFCOMM - ok
04:20:00.0398 1076 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
04:20:00.0491 1076 RpcEptMapper - ok
04:20:00.0523 1076 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
04:20:00.0569 1076 RpcLocator - ok
04:20:00.0601 1076 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
04:20:00.0679 1076 RpcSs - ok
04:20:00.0725 1076 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
04:20:00.0819 1076 rspndr - ok
04:20:00.0835 1076 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
04:20:00.0866 1076 SamSs - ok
04:20:00.0897 1076 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
04:20:00.0928 1076 sbp2port - ok
04:20:00.0975 1076 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
04:20:01.0069 1076 SCardSvr - ok
04:20:01.0100 1076 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
04:20:01.0178 1076 scfilter - ok
04:20:01.0240 1076 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
04:20:01.0349 1076 Schedule - ok
04:20:01.0381 1076 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
04:20:01.0443 1076 SCPolicySvc - ok
04:20:01.0505 1076 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
04:20:01.0583 1076 SDRSVC - ok
04:20:01.0615 1076 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
04:20:01.0708 1076 secdrv - ok
04:20:01.0739 1076 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
04:20:01.0817 1076 seclogon - ok
04:20:01.0849 1076 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
04:20:01.0927 1076 SENS - ok
04:20:01.0942 1076 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\drivers\serenum.sys
04:20:01.0989 1076 Serenum - ok
04:20:02.0051 1076 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\drivers\serial.sys
04:20:02.0098 1076 Serial - ok
04:20:02.0114 1076 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\drivers\sermouse.sys
04:20:02.0161 1076 sermouse - ok
04:20:02.0223 1076 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
04:20:02.0317 1076 SessionEnv - ok
04:20:02.0348 1076 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
04:20:02.0410 1076 sffdisk - ok
04:20:02.0426 1076 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
04:20:02.0473 1076 sffp_mmc - ok
04:20:02.0504 1076 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
04:20:02.0551 1076 sffp_sd - ok
04:20:02.0566 1076 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
04:20:02.0613 1076 sfloppy - ok
04:20:02.0691 1076 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
04:20:02.0738 1076 Sftfs - ok
04:20:02.0785 1076 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
04:20:02.0831 1076 sftlist - ok
04:20:02.0847 1076 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
04:20:02.0878 1076 Sftplay - ok
04:20:02.0925 1076 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
04:20:02.0941 1076 Sftredir - ok
04:20:02.0972 1076 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
04:20:03.0003 1076 Sftvol - ok
04:20:03.0019 1076 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
04:20:03.0050 1076 sftvsa - ok
04:20:03.0097 1076 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
04:20:03.0175 1076 SharedAccess - ok
04:20:03.0221 1076 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
04:20:03.0315 1076 ShellHWDetection - ok
04:20:03.0362 1076 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
04:20:03.0393 1076 sisagp - ok
04:20:03.0409 1076 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
04:20:03.0455 1076 SiSRaid2 - ok
04:20:03.0471 1076 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
04:20:03.0502 1076 SiSRaid4 - ok
04:20:03.0580 1076 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
04:20:03.0611 1076 SkypeUpdate - ok
04:20:03.0643 1076 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
04:20:03.0736 1076 Smb - ok
04:20:03.0799 1076 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
04:20:03.0830 1076 SNMPTRAP - ok
04:20:03.0877 1076 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
04:20:03.0908 1076 spldr - ok
04:20:03.0939 1076 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
04:20:04.0033 1076 Spooler - ok
04:20:04.0142 1076 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
04:20:04.0376 1076 sppsvc - ok
04:20:04.0407 1076 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
04:20:04.0485 1076 sppuinotify - ok
04:20:04.0532 1076 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
04:20:04.0594 1076 srv - ok
04:20:04.0625 1076 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
04:20:04.0688 1076 srv2 - ok
04:20:04.0719 1076 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
04:20:04.0781 1076 srvnet - ok
04:20:04.0813 1076 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
04:20:04.0906 1076 SSDPSRV - ok
04:20:04.0937 1076 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
04:20:04.0969 1076 ssmdrv - ok
04:20:05.0000 1076 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
04:20:05.0093 1076 SstpSvc - ok
04:20:05.0125 1076 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\drivers\stexstor.sys
04:20:05.0156 1076 stexstor - ok
04:20:05.0218 1076 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
04:20:05.0312 1076 StiSvc - ok
04:20:05.0327 1076 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
04:20:05.0374 1076 swenum - ok
04:20:05.0405 1076 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
04:20:05.0483 1076 swprv - ok
04:20:05.0530 1076 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
04:20:05.0624 1076 SysMain - ok
04:20:05.0655 1076 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
04:20:05.0717 1076 TabletInputService - ok
04:20:05.0749 1076 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
04:20:05.0827 1076 TapiSrv - ok
04:20:05.0858 1076 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
04:20:05.0951 1076 TBS - ok
04:20:06.0029 1076 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\windows\system32\drivers\tcpip.sys
04:20:06.0123 1076 Tcpip - ok
04:20:06.0154 1076 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
04:20:06.0232 1076 TCPIP6 - ok
04:20:06.0295 1076 [ FBF08035B75E52D99D81EA8EDDBA5F9C ] tcpipBM C:\windows\system32\drivers\tcpipBM.sys
04:20:06.0326 1076 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
04:20:06.0326 1076 tcpipBM - detected UnsignedFile.Multi.Generic (1)
04:20:06.0341 1076 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
04:20:06.0404 1076 tcpipreg - ok
04:20:06.0435 1076 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
04:20:06.0497 1076 TDPIPE - ok
04:20:06.0529 1076 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
04:20:06.0560 1076 TDTCP - ok
04:20:06.0591 1076 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
04:20:06.0669 1076 tdx - ok
04:20:06.0700 1076 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
04:20:06.0747 1076 TermDD - ok
04:20:06.0778 1076 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
04:20:06.0887 1076 TermService - ok
04:20:06.0903 1076 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
04:20:06.0965 1076 Themes - ok
04:20:06.0981 1076 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
04:20:07.0059 1076 THREADORDER - ok
04:20:07.0106 1076 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
04:20:07.0199 1076 TrkWks - ok
04:20:07.0262 1076 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
04:20:07.0324 1076 TrustedInstaller - ok
04:20:07.0355 1076 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
04:20:07.0433 1076 tssecsrv - ok
04:20:07.0465 1076 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
04:20:07.0558 1076 TsUsbFlt - ok
04:20:07.0574 1076 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
04:20:07.0605 1076 TsUsbGD - ok
04:20:07.0636 1076 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
04:20:07.0714 1076 tunnel - ok
04:20:07.0761 1076 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\drivers\uagp35.sys
04:20:07.0792 1076 uagp35 - ok
04:20:07.0823 1076 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
04:20:07.0901 1076 udfs - ok
04:20:07.0948 1076 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
04:20:08.0011 1076 UI0Detect - ok
04:20:08.0057 1076 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
04:20:08.0089 1076 uliagpkx - ok
04:20:08.0135 1076 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\DRIVERS\umbus.sys
04:20:08.0182 1076 umbus - ok
04:20:08.0198 1076 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\drivers\umpass.sys
04:20:08.0245 1076 UmPass - ok
04:20:08.0291 1076 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
04:20:08.0385 1076 upnphost - ok
04:20:08.0416 1076 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
04:20:08.0494 1076 usbccgp - ok
04:20:08.0541 1076 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
04:20:08.0588 1076 usbcir - ok
04:20:08.0619 1076 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\drivers\usbehci.sys
04:20:08.0666 1076 usbehci - ok
04:20:08.0697 1076 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
04:20:08.0744 1076 usbhub - ok
04:20:08.0775 1076 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
04:20:08.0822 1076 usbohci - ok
04:20:08.0869 1076 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
04:20:08.0931 1076 usbprint - ok
04:20:08.0962 1076 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
04:20:09.0009 1076 usbscan - ok
04:20:09.0056 1076 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
04:20:09.0149 1076 USBSTOR - ok
04:20:09.0165 1076 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
04:20:09.0212 1076 usbuhci - ok
04:20:09.0259 1076 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
04:20:09.0321 1076 usbvideo - ok
04:20:09.0368 1076 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
04:20:09.0430 1076 UxSms - ok
04:20:09.0461 1076 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
04:20:09.0493 1076 VaultSvc - ok
04:20:09.0539 1076 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
04:20:09.0571 1076 vdrvroot - ok
04:20:09.0602 1076 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
04:20:09.0711 1076 vds - ok
04:20:09.0742 1076 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
04:20:09.0789 1076 vga - ok
04:20:09.0820 1076 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
04:20:09.0883 1076 VgaSave - ok
04:20:09.0914 1076 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
04:20:09.0961 1076 vhdmp - ok
04:20:09.0992 1076 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
04:20:10.0023 1076 viaagp - ok
04:20:10.0039 1076 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\drivers\viac7.sys
04:20:10.0101 1076 ViaC7 - ok
04:20:10.0117 1076 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
04:20:10.0148 1076 viaide - ok
04:20:10.0210 1076 [ C37CE43FB54066FFB540729C6E6E194E ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
04:20:10.0241 1076 VideAceWindowsService - ok
04:20:10.0319 1076 [ 8719BCFBAA239CCDAA3054973661F3E6 ] VMCService C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
04:20:10.0335 1076 VMCService ( UnsignedFile.Multi.Generic ) - warning
04:20:10.0335 1076 VMCService - detected UnsignedFile.Multi.Generic (1)
04:20:10.0366 1076 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
04:20:10.0413 1076 volmgr - ok
04:20:10.0429 1076 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
04:20:10.0475 1076 volmgrx - ok
04:20:10.0507 1076 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
04:20:10.0553 1076 volsnap - ok
04:20:10.0600 1076 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
04:20:10.0647 1076 vsmraid - ok
04:20:10.0694 1076 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
04:20:10.0819 1076 VSS - ok
04:20:10.0834 1076 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
04:20:10.0897 1076 vwifibus - ok
04:20:10.0912 1076 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
04:20:10.0975 1076 vwififlt - ok
04:20:11.0006 1076 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
04:20:11.0115 1076 W32Time - ok
04:20:11.0146 1076 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\drivers\wacompen.sys
04:20:11.0193 1076 WacomPen - ok
04:20:11.0224 1076 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
04:20:11.0302 1076 WANARP - ok
04:20:11.0318 1076 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
04:20:11.0380 1076 Wanarpv6 - ok
04:20:11.0443 1076 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
04:20:11.0583 1076 wbengine - ok
04:20:11.0614 1076 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
04:20:11.0677 1076 WbioSrvc - ok
04:20:11.0723 1076 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
04:20:11.0770 1076 wcncsvc - ok
04:20:11.0801 1076 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
04:20:11.0895 1076 WcsPlugInService - ok
04:20:11.0926 1076 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\drivers\wd.sys
04:20:11.0957 1076 Wd - ok
04:20:11.0989 1076 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
04:20:12.0051 1076 Wdf01000 - ok
04:20:12.0082 1076 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
04:20:12.0191 1076 WdiServiceHost - ok
04:20:12.0207 1076 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
04:20:12.0254 1076 WdiSystemHost - ok
04:20:12.0285 1076 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
04:20:12.0347 1076 WebClient - ok
04:20:12.0363 1076 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
04:20:12.0457 1076 Wecsvc - ok
04:20:12.0488 1076 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
04:20:12.0581 1076 wercplsupport - ok
04:20:12.0628 1076 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
04:20:12.0722 1076 WerSvc - ok
04:20:12.0753 1076 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
04:20:12.0831 1076 WfpLwf - ok
04:20:12.0878 1076 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
04:20:12.0909 1076 WIMMount - ok
04:20:12.0971 1076 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
04:20:13.0049 1076 WinDefend - ok
04:20:13.0065 1076 WinHttpAutoProxySvc - ok
04:20:13.0127 1076 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
04:20:13.0205 1076 Winmgmt - ok
04:20:13.0252 1076 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
04:20:13.0377 1076 WinRM - ok
04:20:13.0455 1076 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
04:20:13.0502 1076 WinUsb - ok
04:20:13.0549 1076 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
04:20:13.0642 1076 Wlansvc - ok
04:20:13.0689 1076 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
04:20:13.0720 1076 wlcrasvc - ok
04:20:13.0876 1076 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:20:14.0001 1076 wlidsvc - ok
04:20:14.0017 1076 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
04:20:14.0063 1076 WmiAcpi - ok
04:20:14.0095 1076 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
04:20:14.0157 1076 wmiApSrv - ok
04:20:14.0251 1076 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
04:20:14.0360 1076 WMPNetworkSvc - ok
04:20:14.0391 1076 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
04:20:14.0469 1076 WPCSvc - ok
04:20:14.0516 1076 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
04:20:14.0703 1076 WPDBusEnum - ok
04:20:14.0734 1076 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
04:20:14.0828 1076 ws2ifsl - ok
04:20:14.0859 1076 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
04:20:14.0937 1076 wscsvc - ok
04:20:14.0953 1076 WSearch - ok
04:20:15.0015 1076 [ BAEDC491374DEFD5E76336901D6D397D ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
04:20:15.0031 1076 wsvd - ok
04:20:15.0124 1076 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
04:20:15.0249 1076 wuauserv - ok
04:20:15.0296 1076 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
04:20:15.0358 1076 WudfPf - ok
04:20:15.0405 1076 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
04:20:15.0467 1076 WUDFRd - ok
04:20:15.0499 1076 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
04:20:15.0545 1076 wudfsvc - ok
04:20:15.0592 1076 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
04:20:15.0655 1076 WwanSvc - ok
04:20:15.0701 1076 ================ Scan global ===============================
04:20:15.0717 1076 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
04:20:15.0764 1076 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
04:20:15.0779 1076 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
04:20:15.0811 1076 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
04:20:15.0842 1076 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
04:20:15.0857 1076 [Global] - ok
04:20:15.0857 1076 ================ Scan MBR ==================================
04:20:15.0873 1076 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:20:16.0419 1076 \Device\Harddisk0\DR0 - ok
04:20:16.0419 1076 ================ Scan VBR ==================================
04:20:16.0450 1076 [ 6C53A5FF69F1F73D0EF64A6629AF2A5E ] \Device\Harddisk0\DR0\Partition1
04:20:16.0466 1076 \Device\Harddisk0\DR0\Partition1 - ok
04:20:16.0497 1076 [ 310CA924D62548BB4A7B606C0F7C16A8 ] \Device\Harddisk0\DR0\Partition2
04:20:16.0497 1076 \Device\Harddisk0\DR0\Partition2 - ok
04:20:16.0497 1076 ============================================================
04:20:16.0497 1076 Scan finished
04:20:16.0497 1076 ============================================================
04:20:16.0528 5280 Detected object count: 3
04:20:16.0528 5280 Actual detected object count: 3
04:20:44.0483 5280 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
04:20:44.0483 5280 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:20:44.0499 5280 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
04:20:44.0499 5280 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:20:44.0499 5280 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
04:20:44.0499 5280 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.03.2013, 12:53
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suche zeigt Spam Ergebnisse Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2013, 15:37
| #11 |
| | Google suche zeigt Spam ErgebnisseCode:
ATTFilter ComboFix 13-03-27.01 - Alex 27.03.2013 15:03:27.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.285 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Alex\AppData\Local\Temp\7zS4B4D\HPSLPSVC32.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-27 bis 2013-03-27 ))))))))))))))))))))))))))))))
.
.
2030-01-02 01:50 . 2030-01-02 01:50 -------- d-----w- C:\Boot
2013-03-27 14:16 . 2013-03-27 14:22 -------- d-----w- c:\users\Alex\AppData\Local\temp
2013-03-27 14:16 . 2013-03-27 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-27 02:08 . 2013-03-27 02:08 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-26 09:17 . 2013-03-26 09:17 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2013-03-26 09:16 . 2013-03-26 09:16 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 09:16 . 2013-03-26 09:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-26 09:16 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 09:16 . 2013-03-26 09:16 -------- d-----w- c:\users\Alex\AppData\Local\Programs
2013-03-26 08:44 . 2013-03-26 08:44 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C777A574-E426-4337-9B28-2FB40DA5CBB5}\offreg.dll
2013-03-26 08:20 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C777A574-E426-4337-9B28-2FB40DA5CBB5}\mpengine.dll
2013-03-26 08:19 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-25 18:12 . 2013-02-25 18:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 08:35 . 2012-03-31 08:13 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-26 08:35 . 2011-11-05 14:01 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-25 18:12 . 2012-09-20 09:44 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-25 18:12 . 2011-11-19 15:20 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2011-11-03 17:33 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-14 07:32 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 07:32 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-14 07:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-14 07:32 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-14 07:32 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-14 07:32 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-28 22:14 . 2013-02-28 22:14 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Facebook Update"="c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-18 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
backup=c:\windows\pss\AsusVibeLauncher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSPRP]
2011-04-21 01:37 2018032 ----a-w- c:\program files\Asus\APRP\aprp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
2011-02-23 09:49 731472 ----a-w- c:\program files\Asus\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2011-10-24 15:20 174720 ----a-w- c:\program files\Asus\ATK Package\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2012-02-16 09:37 322176 ----a-w- c:\program files\Asus\ATK Package\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapsHook]
2011-03-11 01:06 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2011-01-06 22:16 414384 ----a-w- c:\program files\Asus\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-18 20:05 138096 ----atw- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyMon]
2011-03-11 01:06 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyService]
2011-03-11 01:06 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2011-03-11 01:06 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2010-03-25 01:32 2499584 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-08-24 10:13 9722472 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]
2011-03-11 01:06 34728 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables]
2010-07-19 19:26 370480 ----a-w- c:\program files\syncables\syncables desktop\syncables.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAWinAgent]
2011-03-23 19:33 45448 ----a-w- c:\expressgateutil\VAWinAgent.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\ASUS\ATK Package\ATK WMIACPI\epcwmiacpi.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPService REG_MULTI_SZ HPSLPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1660716950-1217732575-2718607636-1000Core.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-20 20:05]
.
2013-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1660716950-1217732575-2718607636-1000UA.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-20 20:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=101641&babsrc=HP_ss&mntrId=2c9c114800000000000014dae9c4dc51
TCP: DhcpNameServer = 141.30.66.135 141.30.66.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8us933ho.default\
FF - prefs.js: browser.startup.homepage - www.t-online.de
FF - prefs.js: network.proxy.http - 69.65.46.61
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 2c9c114800000000000014dae9c4dc51
FF - user.js: extensions.BabylonToolbar_i.hardId - 2c9c114800000000000014dae9c4dc51
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15440
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:36
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1920)
c:\progra~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL
c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\InstantOn\InsOnWMI.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-27 15:29:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-27 14:29
.
Vor Suchlauf: 7 Verzeichnis(se), 29.017.915.392 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 29.183.807.488 Bytes frei
.
- - End Of File - - DF1D4B4A666581B1BAFB64F3668D1800
|
|
27.03.2013, 16:31
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suche zeigt Spam Ergebnisse JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2013, 20:29
| #13 |
| | Google suche zeigt Spam Ergebnisse JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Starter x86
Ran by Alex on 27.03.2013 at 18:07:46,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1660716950-1217732575-2718607636-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1660716950-1217732575-2718607636-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc
Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_current_user\software\startsearch
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\b
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\babylon.dskbnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Alex\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Alex\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Alex\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Program Files\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files\vshare.tv plugin"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\user.js
Successfully deleted the following from C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\prefs.js
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101641");
user_pref("extensions.BabylonToolbar_i.hardId", "2c9c114800000000000014dae9c4dc51");
user_pref("extensions.BabylonToolbar_i.id", "2c9c114800000000000014dae9c4dc51");
user_pref("extensions.BabylonToolbar_i.instlDay", "15440");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:36:42");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*di
Emptied folder: C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\minidumps [38 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.03.2013 at 18:14:51,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 27/03/2013 um 18:37:28 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Alex - ALEX-NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8us933ho.default\prefs.js
Gelöscht : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]
-\\ Opera v12.14.1738.0
Datei : C:\Users\Alex\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [5142 octets] - [27/03/2013 18:32:54]
AdwCleaner[S1].txt - [5075 octets] - [27/03/2013 18:37:28]
########## EOF - C:\AdwCleaner[S1].txt - [5135 octets] ##########
Code:
ATTFilter OTL logfile created on: 27.03.2013 18:54:13 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,12 Mb Total Physical Memory | 203,13 Mb Available Physical Memory | 20,03% Memory free 1,99 Gb Paging File | 1,02 Gb Available in Paging File | 51,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 27,19 Gb Free Space | 27,19% Space Free | Partition Type: NTFS Drive D: | 117,87 Gb Total Space | 81,11 Gb Free Space | 68,82% Space Free | Partition Type: NTFS Computer Name: ALEX-NETBOOK | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InstantOn\InsOnWMI.exe (ASUS) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\ExpressGateUtil\VAWinService.exe () PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronic Corp.) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files\Asus\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (VideAceWindowsService) -- C:\ExpressGateUtil\VAWinService.exe () SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Alex\AppData\Local\Temp\catchme.sys File not found DRV - (btwrchid) -- C:\windows\system32\drivers\btwrchid.sys File not found DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found DRV - (btwavdt) -- C:\windows\system32\drivers\btwavdt.sys File not found DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found DRV - (btwampfl) -- system32\drivers\btwampfl.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files\ASUS\ATK Package\ATK WMIACPI\epcwmiacpi.sys (ASUS) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (ASMMAP) -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.t-online.de" FF - prefs.js..extensions.enabledAddons: SkipScreen%40SkipScreen:0.7.0 FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2 FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..network.proxy.http: "69.65.46.61" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.11.02 22:25:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 23:14:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.27 18:37:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.16 08:35:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 23:14:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.27 18:37:40 | 000,000,000 | ---D | M] [2011.11.05 15:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2013.03.05 08:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8us933ho.default\extensions [2012.09.14 21:21:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8us933ho.default\extensions\ich@maltegoetz.de [2012.07.07 12:15:18 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.10.22 08:31:45 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\SkipScreen@SkipScreen.xpi [2011.11.07 12:06:51 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013.03.05 08:08:13 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.03.05 08:08:13 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.01.13 16:08:28 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013.02.14 08:36:28 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.28 23:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.02.28 23:14:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.03 02:04:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.18 17:24:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.03 02:04:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.03 02:04:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.03 02:04:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.03 02:04:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.27 15:18:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000..\Run: [Facebook Update] C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64615E91-9EDE-43E4-9829-096C7DC9CEF1}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A107864B-506B-4CA3-A641-03129A8F052F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCF8A0C1-5E98-4EA2-87FE-2523361ED5FC}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2030.01.02 02:50:34 | 000,000,000 | ---D | C] -- C:\Boot [2013.03.27 18:07:34 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.03.27 18:07:27 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.27 18:05:58 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Alex\Desktop\JRT.exe [2013.03.27 15:29:56 | 000,000,000 | ---D | C] -- C:\windows\temp [2013.03.27 15:21:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.27 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\temp [2013.03.27 14:59:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.03.27 14:59:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.03.27 14:59:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.03.27 14:59:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.27 14:58:18 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.03.27 14:56:59 | 005,044,307 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe [2013.03.27 03:35:43 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe [2013.03.27 03:35:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll [2013.03.27 03:35:41 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll [2013.03.27 03:35:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013.03.27 03:35:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013.03.27 03:35:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2013.03.27 03:35:39 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe [2013.03.27 03:35:39 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll [2013.03.27 03:35:38 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013.03.27 03:35:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe [2013.03.27 03:35:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013.03.27 03:35:35 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2013.03.27 03:35:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013.03.27 03:35:34 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2013.03.27 03:35:34 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll [2013.03.27 03:35:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013.03.27 03:35:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe [2013.03.27 03:35:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll [2013.03.27 03:35:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll [2013.03.27 03:35:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2013.03.27 03:35:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll [2013.03.27 03:35:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2013.03.27 03:35:33 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013.03.27 03:35:31 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013.03.27 03:35:31 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat [2013.03.27 03:35:31 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll [2013.03.27 03:35:31 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll [2013.03.27 03:35:31 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec [2013.03.27 03:35:31 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll [2013.03.27 03:35:31 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2013.03.27 03:35:31 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013.03.27 03:35:31 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll [2013.03.27 03:35:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013.03.27 03:35:31 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013.03.27 03:35:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013.03.27 03:35:31 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2013.03.27 03:08:36 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.27 03:08:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.27 03:08:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.27 03:08:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.27 03:08:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.27 03:08:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.27 03:08:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.27 03:08:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.27 03:08:36 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.27 03:08:35 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll [2013.03.27 03:08:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2013.03.27 03:08:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2013.03.27 03:08:35 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2013.03.27 03:08:34 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013.03.27 03:08:33 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2013.03.27 03:08:33 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll [2013.03.27 03:08:33 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2013.03.27 03:08:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll [2013.03.27 03:08:33 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll [2013.03.27 03:08:33 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2013.03.27 03:08:32 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll [2013.03.27 03:08:32 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2013.03.27 03:08:32 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2013.03.27 03:08:32 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2013.03.27 03:08:31 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll [2013.03.27 03:03:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe [2013.03.27 03:01:44 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe [2013.03.26 17:18:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\mbar-1.01.0.1021 [2013.03.26 15:32:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2013.03.26 10:17:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes [2013.03.26 10:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.26 10:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.26 10:16:52 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013.03.26 10:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.26 10:16:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Programs [2013.03.26 10:15:52 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.26 09:19:58 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usb8023.sys [2013.02.28 23:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.25 19:13:48 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.02.25 19:12:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.02.25 19:12:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe [2013.02.25 19:12:59 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [8 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.27 18:50:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.27 18:50:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.27 18:42:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.03.27 18:42:30 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys [2013.03.27 18:06:07 | 000,609,993 | ---- | M] () -- C:\Users\Alex\Desktop\adwcleaner.exe [2013.03.27 18:05:59 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Alex\Desktop\JRT.exe [2013.03.27 15:18:52 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2013.03.27 14:57:03 | 005,044,307 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe [2013.03.27 04:17:32 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat [2013.03.27 04:10:09 | 000,001,134 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1660716950-1217732575-2718607636-1000UA.job [2013.03.27 03:35:43 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe [2013.03.27 03:35:43 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll [2013.03.27 03:35:41 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll [2013.03.27 03:35:41 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013.03.27 03:35:40 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013.03.27 03:35:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2013.03.27 03:35:39 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe [2013.03.27 03:35:39 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe [2013.03.27 03:35:39 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll [2013.03.27 03:35:38 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013.03.27 03:35:35 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013.03.27 03:35:35 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2013.03.27 03:35:34 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013.03.27 03:35:34 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2013.03.27 03:35:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll [2013.03.27 03:35:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013.03.27 03:35:34 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe [2013.03.27 03:35:34 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll [2013.03.27 03:35:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll [2013.03.27 03:35:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2013.03.27 03:35:34 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll [2013.03.27 03:35:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2013.03.27 03:35:33 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013.03.27 03:35:31 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013.03.27 03:35:31 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat [2013.03.27 03:35:31 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll [2013.03.27 03:35:31 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll [2013.03.27 03:35:31 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec [2013.03.27 03:35:31 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll [2013.03.27 03:35:31 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2013.03.27 03:35:31 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013.03.27 03:35:31 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll [2013.03.27 03:35:31 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013.03.27 03:35:31 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013.03.27 03:35:31 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013.03.27 03:35:31 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf [2013.03.27 03:35:31 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2013.03.27 03:08:36 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.27 03:08:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.27 03:08:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.27 03:08:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.27 03:08:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.27 03:08:36 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.27 03:08:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.27 03:08:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.27 03:08:36 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.27 03:08:35 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll [2013.03.27 03:08:35 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2013.03.27 03:08:35 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2013.03.27 03:08:35 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2013.03.27 03:08:34 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2013.03.27 03:08:34 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013.03.27 03:08:33 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll [2013.03.27 03:08:33 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2013.03.27 03:08:33 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll [2013.03.27 03:08:33 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll [2013.03.27 03:08:33 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2013.03.27 03:08:32 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll [2013.03.27 03:08:32 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2013.03.27 03:08:32 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2013.03.27 03:08:32 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2013.03.27 03:08:31 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll [2013.03.27 03:03:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe [2013.03.27 03:02:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe [2013.03.26 17:56:00 | 000,666,022 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.03.26 17:56:00 | 000,627,864 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.03.26 17:56:00 | 000,133,944 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.03.26 17:56:00 | 000,110,326 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.03.26 17:17:37 | 013,786,977 | ---- | M] () -- C:\Users\Alex\Desktop\mbar-1.01.0.1021.zip [2013.03.26 16:26:34 | 000,377,856 | ---- | M] () -- C:\Users\Alex\Desktop\gmer_2.1.19155.exe [2013.03.26 15:32:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2013.03.26 10:16:56 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.26 10:16:03 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.26 09:35:20 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.03.26 09:35:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.03.02 22:10:03 | 000,001,112 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1660716950-1217732575-2718607636-1000Core.job [2013.02.25 19:12:42 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.02.25 19:12:41 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2013.02.25 19:12:41 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2013.02.25 19:12:41 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.02.25 19:12:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.02.25 19:12:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe [8 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2030.01.02 02:50:35 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2013.03.27 18:06:07 | 000,609,993 | ---- | C] () -- C:\Users\Alex\Desktop\adwcleaner.exe [2013.03.27 14:59:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.03.27 14:59:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.03.27 14:59:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.03.27 14:59:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.03.27 14:59:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.03.27 04:17:32 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat [2013.03.27 03:35:31 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf [2013.03.26 17:17:33 | 013,786,977 | ---- | C] () -- C:\Users\Alex\Desktop\mbar-1.01.0.1021.zip [2013.03.26 16:26:34 | 000,377,856 | ---- | C] () -- C:\Users\Alex\Desktop\gmer_2.1.19155.exe [2013.03.26 10:16:56 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.19 16:42:16 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat [2013.01.15 13:19:22 | 008,936,800 | ---- | C] () -- C:\Users\Alex\SonderproblemeLB2-Suesse-Adam-Skript_2012.pdf [2012.04.17 16:21:19 | 000,000,043 | ---- | C] () -- C:\Users\Alex\gsview32.ini [2011.11.02 23:37:58 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2011.11.02 23:35:31 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.04.21 02:19:31 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe [2011.04.21 02:19:31 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2011.04.21 01:54:52 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2011.04.21 01:54:50 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys [2011.04.21 01:54:26 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini [2011.04.21 01:46:52 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2011.04.21 01:43:40 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2011.04.21 01:43:40 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2010.03.15 20:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2011.11.02 23:38:24 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ɔ [2011.11.02 23:38:24 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ɔ < End of report > Extras Code:
ATTFilter OTL Extras logfile created on: 27.03.2013 18:54:13 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,12 Mb Total Physical Memory | 203,13 Mb Available Physical Memory | 20,03% Memory free
1,99 Gb Paging File | 1,02 Gb Available in Paging File | 51,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 27,19 Gb Free Space | 27,19% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 81,11 Gb Free Space | 68,82% Space Free | Partition Type: NTFS
Computer Name: ALEX-NETBOOK | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11CDF821-4B0D-406A-9A0F-61895E2ED648}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1634A81D-945E-48B1-BE8F-BF38E2682ABA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21274DFB-8932-40E1-B0BF-5D3F4D466475}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21FD37FC-8911-47F1-A9EE-F438E1C8F394}" = lport=137 | protocol=17 | dir=in | app=system |
"{2A101415-5816-42CF-AB52-6785D0D12346}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D697E0E-C0E4-46FE-995E-D433B2D26C6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39456E91-A258-45C3-858C-07C22ECEA6BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{405A632E-D68E-49FA-8B2A-7F4A7BDB045C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4AD07965-D53A-4D9C-8E78-5FF5B0527B0A}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B0DB3B9-D189-4FEC-914A-2DFDB1289BBB}" = rport=138 | protocol=17 | dir=out | app=system |
"{55C7B969-B3C0-4586-8CC8-77C93539C863}" = lport=10243 | protocol=6 | dir=in | app=system |
"{58974CAA-0B1E-48C0-AA60-869AD0DF227A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{642EEBA9-EE62-4A60-A2D5-3E8D38B79B01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{734F2423-289A-408E-9A17-97FA51E7AAD1}" = rport=137 | protocol=17 | dir=out | app=system |
"{96D9C37B-5F36-4B60-83BE-E52BEE2AD35E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A08B9884-D10A-4FAE-993A-C5D48A522CEC}" = lport=138 | protocol=17 | dir=in | app=system |
"{A32CA317-8906-4DE5-BE69-6661532FC24A}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3A7CEEA-B357-456A-ADFF-474848218879}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A58E7306-2B16-433F-B710-E19B85524A0A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{BA6DF6ED-66E8-4241-8E9E-991536B4990C}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{C5E3C9ED-BB47-432C-9821-0D3D264CF425}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CA3E3652-B45B-4453-854C-8560416431CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CDBF9BF4-5DDF-4BF6-BEE2-B3C10E962A28}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D079CC97-7EBC-4682-BDCC-DBBD6CC91137}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCDD9E27-38ED-4AE6-8670-2BF8CD8028D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FB214E-A676-45D2-A52C-D252D1B68CC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E911A6B-5294-4656-BE0C-A093325153E7}" = protocol=6 | dir=out | app=system |
"{0F044163-88C9-42AD-B9AB-440E96FB8EF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17BE85A3-9498-4B4C-8FCB-4FFF34F83FC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22149411-75F8-43FD-A3A1-20712E6D28A1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{268F2103-2988-4FE2-88D9-E527E0FE3A4F}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\temp\7zs4b4d\hppiw.exe |
"{2BC51486-ED1E-413F-8822-DD80EF63F797}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2D93CE0A-6245-4229-8F34-DD70D0DE7D0E}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\temp\7zs4b4d\hppiw.exe |
"{337CE33B-8747-4258-8B8E-90205E159BC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5AD4978A-5BAB-43D9-98BD-DBCD55243A74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FDF49E7-9AD6-490C-BDFE-C59E1A8DA81F}" = dir=in | app=c:\users\alex\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9A82B5D7-DFA6-49B8-97A2-F7F14B0857DA}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{9BCE74BC-7C65-4B8D-AD13-FA9D50134561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DF15337-4E25-42D6-AFE8-E4F24E383B81}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A4011DF5-BBF1-4BA1-A537-80C632E99389}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A41FE60E-AEA5-4333-B51C-745F6B850149}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD80F1E9-7584-4DFA-92AA-351990030B5C}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3BDC477-7256-4F7A-9F27-4325A2EF5D36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B8762F92-06AF-4BF4-87C9-8A287B52746E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B956C9E0-566B-4E89-BC76-5742F756C5E1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{BABBE030-0BAE-4590-9A0D-5085FA6B5FC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BAF7435B-578D-471D-BF62-6ECDEE6629E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BFE30EFB-59A6-47B3-B25B-187CB9556E75}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{C8A2936A-440B-4DEA-BFB7-59D09ACDE84B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{D00B51A4-7DC1-498A-99C6-45F0B52F9E15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D460CAF4-1680-4A69-BD5C-B8DA3B6A9746}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DAC7A411-2ED7-432D-B774-70CD7F880A6C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{DB38721A-D1D9-4BB0-A948-4C1DD4CA4619}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0AAE069-DF71-4953-AC2B-221DFD5C4DD8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{BBEDEEDC-4353-4735-B1D3-F05127B2D569}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{BF5E58BC-D589-4EC8-BBF3-D18115FA7734}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect Lite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"Eee Docking_is1" = Eee Docking 3.8.3
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.14.1738" = Opera 12.14
"Texmaker" = Texmaker
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.2
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2013 13:28:00 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 27.03.2013 13:42:48 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 27.03.2013 13:28:22 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 27.03.2013 13:43:08 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
27.03.2013, 20:30
| #14 |
| | Google suche zeigt Spam Ergebnisse JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Starter x86
Ran by Alex on 27.03.2013 at 18:07:46,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1660716950-1217732575-2718607636-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1660716950-1217732575-2718607636-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc
Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_current_user\software\startsearch
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\b
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\babylon.dskbnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Alex\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Alex\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Alex\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Program Files\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files\vshare.tv plugin"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\user.js
Successfully deleted the following from C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\prefs.js
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101641");
user_pref("extensions.BabylonToolbar_i.hardId", "2c9c114800000000000014dae9c4dc51");
user_pref("extensions.BabylonToolbar_i.id", "2c9c114800000000000014dae9c4dc51");
user_pref("extensions.BabylonToolbar_i.instlDay", "15440");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:36:42");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*di
Emptied folder: C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\minidumps [38 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.03.2013 at 18:14:51,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 27/03/2013 um 18:37:28 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Alex - ALEX-NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8us933ho.default\prefs.js
Gelöscht : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]
-\\ Opera v12.14.1738.0
Datei : C:\Users\Alex\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [5142 octets] - [27/03/2013 18:32:54]
AdwCleaner[S1].txt - [5075 octets] - [27/03/2013 18:37:28]
########## EOF - C:\AdwCleaner[S1].txt - [5135 octets] ##########
Code:
ATTFilter OTL logfile created on: 27.03.2013 18:54:13 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,12 Mb Total Physical Memory | 203,13 Mb Available Physical Memory | 20,03% Memory free 1,99 Gb Paging File | 1,02 Gb Available in Paging File | 51,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 27,19 Gb Free Space | 27,19% Space Free | Partition Type: NTFS Drive D: | 117,87 Gb Total Space | 81,11 Gb Free Space | 68,82% Space Free | Partition Type: NTFS Computer Name: ALEX-NETBOOK | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\InstantOn\InsOnWMI.exe (ASUS) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\ExpressGateUtil\VAWinService.exe () PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronic Corp.) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files\Asus\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (VideAceWindowsService) -- C:\ExpressGateUtil\VAWinService.exe () SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Alex\AppData\Local\Temp\catchme.sys File not found DRV - (btwrchid) -- C:\windows\system32\drivers\btwrchid.sys File not found DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found DRV - (btwavdt) -- C:\windows\system32\drivers\btwavdt.sys File not found DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found DRV - (btwampfl) -- system32\drivers\btwampfl.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (ATKWMIACPIIO) -- C:\Program Files\ASUS\ATK Package\ATK WMIACPI\epcwmiacpi.sys (ASUS) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (ASMMAP) -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.t-online.de" FF - prefs.js..extensions.enabledAddons: SkipScreen%40SkipScreen:0.7.0 FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2 FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..network.proxy.http: "69.65.46.61" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.11.02 22:25:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 23:14:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.27 18:37:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.16 08:35:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 23:14:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.27 18:37:40 | 000,000,000 | ---D | M] [2011.11.05 15:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2013.03.05 08:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8us933ho.default\extensions [2012.09.14 21:21:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8us933ho.default\extensions\ich@maltegoetz.de [2012.07.07 12:15:18 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.10.22 08:31:45 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\SkipScreen@SkipScreen.xpi [2011.11.07 12:06:51 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013.03.05 08:08:13 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.03.05 08:08:13 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.01.13 16:08:28 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013.02.14 08:36:28 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\8us933ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.28 23:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.02.28 23:14:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.03 02:04:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.18 17:24:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.03 02:04:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.03 02:04:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.03 02:04:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.03 02:04:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.27 15:18:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000..\Run: [Facebook Update] C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64615E91-9EDE-43E4-9829-096C7DC9CEF1}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A107864B-506B-4CA3-A641-03129A8F052F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCF8A0C1-5E98-4EA2-87FE-2523361ED5FC}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2030.01.02 02:50:34 | 000,000,000 | ---D | C] -- C:\Boot [2013.03.27 18:07:34 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.03.27 18:07:27 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.27 18:05:58 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Alex\Desktop\JRT.exe [2013.03.27 15:29:56 | 000,000,000 | ---D | C] -- C:\windows\temp [2013.03.27 15:21:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.27 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\temp [2013.03.27 14:59:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.03.27 14:59:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.03.27 14:59:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.03.27 14:59:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.27 14:58:18 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.03.27 14:56:59 | 005,044,307 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe [2013.03.27 03:35:43 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe [2013.03.27 03:35:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll [2013.03.27 03:35:41 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll [2013.03.27 03:35:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013.03.27 03:35:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013.03.27 03:35:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2013.03.27 03:35:39 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe [2013.03.27 03:35:39 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll [2013.03.27 03:35:38 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013.03.27 03:35:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe [2013.03.27 03:35:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013.03.27 03:35:35 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2013.03.27 03:35:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013.03.27 03:35:34 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2013.03.27 03:35:34 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll [2013.03.27 03:35:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013.03.27 03:35:34 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe [2013.03.27 03:35:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll [2013.03.27 03:35:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll [2013.03.27 03:35:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2013.03.27 03:35:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll [2013.03.27 03:35:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2013.03.27 03:35:33 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013.03.27 03:35:31 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013.03.27 03:35:31 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat [2013.03.27 03:35:31 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll [2013.03.27 03:35:31 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll [2013.03.27 03:35:31 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec [2013.03.27 03:35:31 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll [2013.03.27 03:35:31 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2013.03.27 03:35:31 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013.03.27 03:35:31 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll [2013.03.27 03:35:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013.03.27 03:35:31 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013.03.27 03:35:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013.03.27 03:35:31 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2013.03.27 03:08:36 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.27 03:08:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.27 03:08:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.27 03:08:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.27 03:08:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.27 03:08:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.27 03:08:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.27 03:08:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.27 03:08:36 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.27 03:08:35 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll [2013.03.27 03:08:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2013.03.27 03:08:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2013.03.27 03:08:35 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2013.03.27 03:08:34 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013.03.27 03:08:33 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2013.03.27 03:08:33 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll [2013.03.27 03:08:33 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2013.03.27 03:08:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll [2013.03.27 03:08:33 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll [2013.03.27 03:08:33 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2013.03.27 03:08:32 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll [2013.03.27 03:08:32 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2013.03.27 03:08:32 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2013.03.27 03:08:32 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2013.03.27 03:08:31 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll [2013.03.27 03:03:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe [2013.03.27 03:01:44 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe [2013.03.26 17:18:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\mbar-1.01.0.1021 [2013.03.26 15:32:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2013.03.26 10:17:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes [2013.03.26 10:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.26 10:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.26 10:16:52 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013.03.26 10:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.26 10:16:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Programs [2013.03.26 10:15:52 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.26 09:19:58 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usb8023.sys [2013.02.28 23:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.25 19:13:48 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.02.25 19:12:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.02.25 19:12:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe [2013.02.25 19:12:59 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [8 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.27 18:50:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.27 18:50:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.27 18:42:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.03.27 18:42:30 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys [2013.03.27 18:06:07 | 000,609,993 | ---- | M] () -- C:\Users\Alex\Desktop\adwcleaner.exe [2013.03.27 18:05:59 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Alex\Desktop\JRT.exe [2013.03.27 15:18:52 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2013.03.27 14:57:03 | 005,044,307 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe [2013.03.27 04:17:32 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat [2013.03.27 04:10:09 | 000,001,134 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1660716950-1217732575-2718607636-1000UA.job [2013.03.27 03:35:43 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe [2013.03.27 03:35:43 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll [2013.03.27 03:35:41 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll [2013.03.27 03:35:41 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013.03.27 03:35:40 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013.03.27 03:35:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2013.03.27 03:35:39 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe [2013.03.27 03:35:39 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe [2013.03.27 03:35:39 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll [2013.03.27 03:35:38 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013.03.27 03:35:35 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013.03.27 03:35:35 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2013.03.27 03:35:34 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013.03.27 03:35:34 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2013.03.27 03:35:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll [2013.03.27 03:35:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013.03.27 03:35:34 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe [2013.03.27 03:35:34 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll [2013.03.27 03:35:34 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll [2013.03.27 03:35:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2013.03.27 03:35:34 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll [2013.03.27 03:35:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2013.03.27 03:35:33 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013.03.27 03:35:31 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013.03.27 03:35:31 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat [2013.03.27 03:35:31 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll [2013.03.27 03:35:31 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll [2013.03.27 03:35:31 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec [2013.03.27 03:35:31 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll [2013.03.27 03:35:31 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2013.03.27 03:35:31 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013.03.27 03:35:31 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll [2013.03.27 03:35:31 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013.03.27 03:35:31 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013.03.27 03:35:31 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013.03.27 03:35:31 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf [2013.03.27 03:35:31 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2013.03.27 03:08:36 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.27 03:08:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.27 03:08:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.27 03:08:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.27 03:08:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.27 03:08:36 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.27 03:08:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.27 03:08:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.27 03:08:36 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.27 03:08:35 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll [2013.03.27 03:08:35 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2013.03.27 03:08:35 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2013.03.27 03:08:35 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2013.03.27 03:08:34 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2013.03.27 03:08:34 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013.03.27 03:08:33 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll [2013.03.27 03:08:33 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2013.03.27 03:08:33 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll [2013.03.27 03:08:33 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll [2013.03.27 03:08:33 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2013.03.27 03:08:32 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll [2013.03.27 03:08:32 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2013.03.27 03:08:32 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2013.03.27 03:08:32 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2013.03.27 03:08:31 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll [2013.03.27 03:03:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alex\Desktop\tdsskiller.exe [2013.03.27 03:02:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe [2013.03.26 17:56:00 | 000,666,022 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.03.26 17:56:00 | 000,627,864 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.03.26 17:56:00 | 000,133,944 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.03.26 17:56:00 | 000,110,326 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.03.26 17:17:37 | 013,786,977 | ---- | M] () -- C:\Users\Alex\Desktop\mbar-1.01.0.1021.zip [2013.03.26 16:26:34 | 000,377,856 | ---- | M] () -- C:\Users\Alex\Desktop\gmer_2.1.19155.exe [2013.03.26 15:32:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2013.03.26 10:16:56 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.26 10:16:03 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alex\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.26 09:35:20 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013.03.26 09:35:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013.03.02 22:10:03 | 000,001,112 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1660716950-1217732575-2718607636-1000Core.job [2013.02.25 19:12:42 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013.02.25 19:12:41 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2013.02.25 19:12:41 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2013.02.25 19:12:41 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013.02.25 19:12:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013.02.25 19:12:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe [8 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2030.01.02 02:50:35 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2013.03.27 18:06:07 | 000,609,993 | ---- | C] () -- C:\Users\Alex\Desktop\adwcleaner.exe [2013.03.27 14:59:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.03.27 14:59:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.03.27 14:59:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.03.27 14:59:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.03.27 14:59:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.03.27 04:17:32 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat [2013.03.27 03:35:31 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf [2013.03.26 17:17:33 | 013,786,977 | ---- | C] () -- C:\Users\Alex\Desktop\mbar-1.01.0.1021.zip [2013.03.26 16:26:34 | 000,377,856 | ---- | C] () -- C:\Users\Alex\Desktop\gmer_2.1.19155.exe [2013.03.26 10:16:56 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.19 16:42:16 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat [2013.01.15 13:19:22 | 008,936,800 | ---- | C] () -- C:\Users\Alex\SonderproblemeLB2-Suesse-Adam-Skript_2012.pdf [2012.04.17 16:21:19 | 000,000,043 | ---- | C] () -- C:\Users\Alex\gsview32.ini [2011.11.02 23:37:58 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2011.11.02 23:35:31 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.04.21 02:19:31 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe [2011.04.21 02:19:31 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2011.04.21 01:54:52 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2011.04.21 01:54:50 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys [2011.04.21 01:54:26 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini [2011.04.21 01:46:52 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2011.04.21 01:43:40 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2011.04.21 01:43:40 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2010.03.15 20:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2011.11.02 23:38:24 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ɔ [2011.11.02 23:38:24 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ɔ < End of report > Extras Code:
ATTFilter OTL Extras logfile created on: 27.03.2013 18:54:13 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,12 Mb Total Physical Memory | 203,13 Mb Available Physical Memory | 20,03% Memory free
1,99 Gb Paging File | 1,02 Gb Available in Paging File | 51,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 27,19 Gb Free Space | 27,19% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 81,11 Gb Free Space | 68,82% Space Free | Partition Type: NTFS
Computer Name: ALEX-NETBOOK | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11CDF821-4B0D-406A-9A0F-61895E2ED648}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1634A81D-945E-48B1-BE8F-BF38E2682ABA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21274DFB-8932-40E1-B0BF-5D3F4D466475}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21FD37FC-8911-47F1-A9EE-F438E1C8F394}" = lport=137 | protocol=17 | dir=in | app=system |
"{2A101415-5816-42CF-AB52-6785D0D12346}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D697E0E-C0E4-46FE-995E-D433B2D26C6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39456E91-A258-45C3-858C-07C22ECEA6BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{405A632E-D68E-49FA-8B2A-7F4A7BDB045C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4AD07965-D53A-4D9C-8E78-5FF5B0527B0A}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B0DB3B9-D189-4FEC-914A-2DFDB1289BBB}" = rport=138 | protocol=17 | dir=out | app=system |
"{55C7B969-B3C0-4586-8CC8-77C93539C863}" = lport=10243 | protocol=6 | dir=in | app=system |
"{58974CAA-0B1E-48C0-AA60-869AD0DF227A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{642EEBA9-EE62-4A60-A2D5-3E8D38B79B01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{734F2423-289A-408E-9A17-97FA51E7AAD1}" = rport=137 | protocol=17 | dir=out | app=system |
"{96D9C37B-5F36-4B60-83BE-E52BEE2AD35E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A08B9884-D10A-4FAE-993A-C5D48A522CEC}" = lport=138 | protocol=17 | dir=in | app=system |
"{A32CA317-8906-4DE5-BE69-6661532FC24A}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3A7CEEA-B357-456A-ADFF-474848218879}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A58E7306-2B16-433F-B710-E19B85524A0A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{BA6DF6ED-66E8-4241-8E9E-991536B4990C}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{C5E3C9ED-BB47-432C-9821-0D3D264CF425}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CA3E3652-B45B-4453-854C-8560416431CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CDBF9BF4-5DDF-4BF6-BEE2-B3C10E962A28}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D079CC97-7EBC-4682-BDCC-DBBD6CC91137}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCDD9E27-38ED-4AE6-8670-2BF8CD8028D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FB214E-A676-45D2-A52C-D252D1B68CC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E911A6B-5294-4656-BE0C-A093325153E7}" = protocol=6 | dir=out | app=system |
"{0F044163-88C9-42AD-B9AB-440E96FB8EF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17BE85A3-9498-4B4C-8FCB-4FFF34F83FC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22149411-75F8-43FD-A3A1-20712E6D28A1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{268F2103-2988-4FE2-88D9-E527E0FE3A4F}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\temp\7zs4b4d\hppiw.exe |
"{2BC51486-ED1E-413F-8822-DD80EF63F797}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2D93CE0A-6245-4229-8F34-DD70D0DE7D0E}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\temp\7zs4b4d\hppiw.exe |
"{337CE33B-8747-4258-8B8E-90205E159BC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5AD4978A-5BAB-43D9-98BD-DBCD55243A74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FDF49E7-9AD6-490C-BDFE-C59E1A8DA81F}" = dir=in | app=c:\users\alex\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9A82B5D7-DFA6-49B8-97A2-F7F14B0857DA}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{9BCE74BC-7C65-4B8D-AD13-FA9D50134561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DF15337-4E25-42D6-AFE8-E4F24E383B81}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A4011DF5-BBF1-4BA1-A537-80C632E99389}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A41FE60E-AEA5-4333-B51C-745F6B850149}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD80F1E9-7584-4DFA-92AA-351990030B5C}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3BDC477-7256-4F7A-9F27-4325A2EF5D36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B8762F92-06AF-4BF4-87C9-8A287B52746E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B956C9E0-566B-4E89-BC76-5742F756C5E1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{BABBE030-0BAE-4590-9A0D-5085FA6B5FC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BAF7435B-578D-471D-BF62-6ECDEE6629E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BFE30EFB-59A6-47B3-B25B-187CB9556E75}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{C8A2936A-440B-4DEA-BFB7-59D09ACDE84B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{D00B51A4-7DC1-498A-99C6-45F0B52F9E15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D460CAF4-1680-4A69-BD5C-B8DA3B6A9746}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DAC7A411-2ED7-432D-B774-70CD7F880A6C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{DB38721A-D1D9-4BB0-A948-4C1DD4CA4619}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0AAE069-DF71-4953-AC2B-221DFD5C4DD8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{BBEDEEDC-4353-4735-B1D3-F05127B2D569}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{BF5E58BC-D589-4EC8-BBF3-D18115FA7734}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect Lite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"Eee Docking_is1" = Eee Docking 3.8.3
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.14.1738" = Opera 12.14
"Texmaker" = Texmaker
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.2
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1660716950-1217732575-2718607636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2013 13:28:00 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 27.03.2013 13:42:48 | Computer Name = Alex-Netbook | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 27.03.2013 13:28:22 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 27.03.2013 13:43:08 | Computer Name = Alex-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
28.03.2013, 12:41
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google suche zeigt Spam Ergebnisse Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Google suche zeigt Spam Ergebnisse |
| acer, administrator, anti-malware, autostart, browser, code, dateien, explorer, firefox, folge, google, helper, log, malwarebytes, microsoft, opera, problem, software, spam, suche, surfen, trojaner, update, windows |
Linear-Darstellung
