|
Plagegeister aller Art und deren Bekämpfung: Problem mit http://ad.adserverplus.com...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.04.2013, 23:12 | #1 |
| Problem mit http://ad.adserverplus.com... Seit kurzem erscheinen ständig Werbefenster, immer dann wenn man auf einen Link oder ähnliches klickt. habe bereits Malwarebytes Anti-Malware installiert und einen Scan durchgeführt. Der untenstehende Bericht war das Ergebnis. Habe diese Dateien mit diesem Programm gelöscht, das Problem besteht aber weiter. Ich bitte um Unterstützung - Danke Bericht: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.24.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Helmut :: HELMUT-HP [Administrator] Schutz: Aktiviert 25.03.2013 00:22:18 mbam-log-2013-03-25 (00-22-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 210736 Laufzeit: 3 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 65 C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\24babf55cc829f44cc93a9b1f6d91998 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\24babf55cc829f44cc93a9b1f6d91998_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\3aacd91df00fc50d6da77515638b0883 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\3aacd91df00fc50d6da77515638b0883_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\3f90f44244a67581dc89edac116c1eaf (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\3f90f44244a67581dc89edac116c1eaf_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\86c0ad88ecc21918c1ababa536b80de9 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\86c0ad88ecc21918c1ababa536b80de9_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\91ed24cba47f3cabaaaf7bdb0e620066 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\91ed24cba47f3cabaaaf7bdb0e620066_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\9ef5e4c08312c8e6d81dfd42b7176e39 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\9ef5e4c08312c8e6d81dfd42b7176e39_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\babf8a10cd3e960ddab95c961e327198 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\babf8a10cd3e960ddab95c961e327198_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\bc8dad417f8f0fb33406e79ccd806c7f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\bc8dad417f8f0fb33406e79ccd806c7f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\c418e9b9adb1feff03605a15e666653f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\c418e9b9adb1feff03605a15e666653f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\eb04bdda55e3827d8df8b5e1afac83a2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\eb04bdda55e3827d8df8b5e1afac83a2_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Helmut\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
02.04.2013, 23:33 | #2 |
/// Malwareteam / Visitor | Problem mit http://ad.adserverplus.com... Hallo gutlede1 ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen
__________________Ich möchte gerne einige Logfiles von dir empfangen Schritt 1 Bitte lade dir ZOEK auf deinen Desktop und starte es. Falls ihre virenscanner reklamiert kannst du das ignorieren, unsere tools werden öfter falsch angezeigt.
Schritt 2 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
Bitte alles nach Möglichkeit hier in CODE-Tags posten |
03.04.2013, 23:13 | #3 |
| Problem mit http://ad.adserverplus.com... Hallo, danke für die Hilfe!
__________________hier das Ergebnis von zoek: Zoek.exe Version 4.0.0.2 Updated 31-03-2013 Tool run by Helmut on 03.04.2013 at 23:19:51,07. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default user.js not found ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar.aflt", "orgnl"); user_pref("extensions.BabylonToolbar.bbDpng", 15); user_pref("extensions.BabylonToolbar.cntry", "AT"); user_pref("extensions.BabylonToolbar.firstRun", false); user_pref("extensions.BabylonToolbar.hdrMd5", "CB5E194546FF64DAC97C67E49906F86A"); user_pref("extensions.BabylonToolbar.lastActv", "1"); user_pref("extensions.BabylonToolbar.lastDP", 15); user_pref("extensions.BabylonToolbar.lastVrsn", "1.1.5"); user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0"); user_pref("extensions.BabylonToolbar.newTab", true); user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); user_pref("extensions.BabylonToolbar.propectorlck", 62465139); user_pref("extensions.BabylonToolbar.ptch_0717", true); user_pref("extensions.BabylonToolbar.smplGrp", "free"); ---- Lines BabylonToolbar modified from prefs.js ---- ---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from prefs.js ---- ---- Lines EEE6C361-6118-11DC-9C72-001320C79847 modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\N360_6.2.1.5\\\\IPSFFPlgn\",\"mtime\":1364972981239},\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\N360_6.2.1.5\\\\coFFPlgn\",\"mtime\":1364941158398}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1363036946593}}},{\"name\":\"app-profile\",\"addons\":{\"bbrs_002@blabbers.com\":{\"descriptor\":\"C:\\\\Users\\\\Helmut\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\933 vz17i.default\\\\extensions\\\\bbrs_002@blabbers.com\",\"mtime\":1365016917597},\"ffxtlbr@babylon.com\":{\"descriptor\":\"C:\\\\Users\\\\Helmut\\\\App Data\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\933vz17i.default\\\\extensions\\\\ffxtlbr@babylon.com\",\"mtime\":1314863468903},\"{ab91efd4-6975-4081-8552-1b3922ed79e2}\":{\"descriptor\":\"C:\\\\Users\\\\Helmut\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\933vz17i.default\\\\extensions\\\\{ ab91efd4-6975-4081-8552-1b3922ed79e2}\",\"mtime\":1358009506932},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\Helmut\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\933vz17i.default\\\\extensions\\\\{ EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1357504305968}}}]"); ---- Lines blabbers.com removed from prefs.js ---- ---- Lines blabbers.com modified from prefs.js ---- user_pref("extensions.enabledAddons", "%7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2,bbrs_002%40blabbers.com:1.0.5,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\N360_6.2.1.5\\\\IPSFFPlgn\",\"mtime\":1364972981239},\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\N360_6.2.1.5\\\\coFFPlgn\",\"mtime\":1364941158398}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1363036946593}}},{\"name\":\"app-profile\",\"addons\":{\"bbrs_002@blabbers.com\":{\"descriptor\":\"C:\\\\Users\\\\Helmut\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\933 vz17i.default\\\\extensions\\\\bbrs_002@blabbers.com\",\"mtime\":1365016917597},\"ffxtlbr@babylon.com\":{\"descriptor\":\"C:\\\\Users\\\\Helmut\\\\App Data\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\933vz17i.default\\\\extensions\\\\ffxtlbr@babylon.com\",\"mtime\":1314863468903},\"{ab91efd4-6975-4081-8552-1b3922ed79e2}\":{\"descriptor\":\"C:\\\\Users\\\\Helmut\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\933vz17i.default\\\\extensions\\\\{ ab91efd4-6975-4081-8552-1b3922ed79e2}\",\"mtime\":1358009506932},\"{disabled}\":{\"descriptor\":\"C:\\\\Users\\\\Helmut\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profile s\\\\933vz17i.default\\\\extensions\\\\{disabled}.xpi\",\"mtime\":1357504305968}}}]"); ---- FireFox user.js and prefs.js backups ---- prefs__2323_.backup ==== Deleting Files \ Folders ====================== "C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi" deleted "C:\ProgramData\FAB7408815.sys" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" deleted "C:\Program Files (x86)\BabylonToolbar" deleted "C:\Program Files (x86)\SweetIM" not deleted "C:\Users\Helmut\AppData\Roaming\BrowserCompanion" deleted "C:\ProgramData\SweetIM" deleted "C:\Users\Helmut\AppData\LocalLow\BabylonToolbar" deleted "C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default\extensions\ffxtlbr@babylon.com" deleted "C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default\extensions\bbrs_002@blabbers.com" deleted "C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default\extensions\bbrs_002@blabbers.com" deleted "C:\Program Files (x86)\SweetIM\Messenger" not deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default - HP Detect - %ProfilePath%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default 47299371607DC2FB234444EEACB1639E - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash B6A800D881A0176C544988870861E798 - C:\windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bodddioamolcibagionmmobehnbhiakf - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[] dhkplhfnhceodhffomolpfigojocbpcb - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx[02.02.2013 00:18] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.at/" "Search Page"="hxxp://search.aon.at" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="hxxp://search.babylon.com/?babsrc=NT_ss&mntrId=88681927000000000000cc52af0bc203&tlver=1.4.19.19&ss=1&affID=17395" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="hxxp://search.babylon.com/?babsrc=NT_ss&mntrId=88681927000000000000cc52af0bc203&tlver=1.4.19.19&ss=1&affID=17395" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="hxxp://www.google.at/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {372E3302-7EBA-42FD-93CF-35D0DFC0B781} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Helmut\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Helmut\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Helmut\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Helmut\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Helmut\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Helmut\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files (x86)\SweetIM" not found OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.04.2013 23:40:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helmut\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 51,34% Memory free 7,72 Gb Paging File | 5,15 Gb Available in Paging File | 66,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 151,11 Gb Total Space | 83,68 Gb Free Space | 55,38% Space Free | Partition Type: NTFS Drive D: | 129,69 Gb Total Space | 41,18 Gb Free Space | 31,75% Space Free | Partition Type: NTFS Drive F: | 1,99 Gb Total Space | 1,48 Gb Free Space | 74,54% Space Free | Partition Type: FAT32 Computer Name: HELMUT-HP | User Name: Helmut | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.03 23:38:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe PRC - [2013.03.11 23:22:26 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.08.10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe PRC - [2012.04.17 16:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012.03.23 15:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.06.09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.10.01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2010.06.09 09:55:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.05.10 08:42:40 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe PRC - [2010.03.04 06:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 06:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.12.04 14:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\system\uArcCapture.exe PRC - [2009.11.04 23:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.04 23:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2003.03.21 11:54:44 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files (x86)\Palm\HOTSYNC.EXE PRC - [1999.09.30 22:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe ========== Modules (No Company Name) ========== MOD - [2013.03.11 23:22:26 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.02.15 14:38:13 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.11 10:32:42 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll MOD - [2013.01.11 10:30:28 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 10:30:26 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013.01.11 10:30:02 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.11 10:29:49 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.11 10:29:45 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.11 10:29:42 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.11 10:29:41 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.11 10:29:36 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.04.17 16:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012.04.17 16:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012.04.17 16:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012.04.17 16:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012.04.17 16:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll MOD - [2012.04.17 16:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012.04.17 16:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012.04.17 16:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012.04.17 16:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2010.12.06 01:46:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.06.17 21:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2009.06.17 21:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009.06.17 21:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2003.03.21 11:55:34 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Palm\HSLANG.DLL ========== Services (SafeList) ========== SRV:64bit: - [2012.04.17 10:35:21 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011.08.23 22:43:13 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2011.08.23 22:43:13 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011.03.16 02:54:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.07.21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010.06.19 02:25:12 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2010.06.09 09:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010.05.10 08:42:40 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2009.12.14 21:15:58 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.08 23:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV - [2013.03.13 14:58:09 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.11 23:22:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.08.10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360) SRV - [2012.04.17 10:35:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.03.23 15:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.10.01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2010.03.18 21:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 06:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.12.14 20:47:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2009.12.04 14:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\system\uArcCapture.exe -- (uArcCapture) SRV - [2009.11.04 23:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.04 23:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.12.14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.06.28 09:53:56 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.03.29 08:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys -- (SymNetS) DRV:64bit: - [2012.03.29 08:28:34 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2012.03.29 08:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys -- (SymDS) DRV:64bit: - [2012.03.29 08:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.23 22:43:13 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.03.16 03:14:36 | 006,862,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.03.16 02:20:10 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.02 04:07:20 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.14 04:43:54 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.06.10 03:24:24 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.10 03:23:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.10 03:23:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.10 03:23:32 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.10 03:23:32 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.05.06 02:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.16 22:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010.02.10 13:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.13 00:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.04 12:48:18 | 000,032,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:64bit: - [2009.11.11 11:11:00 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.08 23:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009.07.08 23:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2009.03.02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp) DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2013.03.22 03:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.01.19 15:38:49 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130403.003\ex64.sys -- (NAVEX15) DRV - [2013.01.19 15:38:49 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130403.003\eng64.sys -- (NAVENG) DRV - [2012.10.25 07:44:56 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.09.11 15:56:28 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130402.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.09 05:12:13 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2011.08.08 11:13:25 | 000,055,624 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\PC Tools Security\pcttFixTool64.sys -- (PCToolsFixToolInjDrv) DRV - [2009.07.29 02:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2004.05.17 15:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{372E3302-7EBA-42FD-93CF-35D0DFC0B781}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{372E3302-7EBA-42FD-93CF-35D0DFC0B781}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3727353590-3610835362-800840756-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-3727353590-3610835362-800840756-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3727353590-3610835362-800840756-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3727353590-3610835362-800840756-1002\..\SearchScopes\{372E3302-7EBA-42FD-93CF-35D0DFC0B781}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3727353590-3610835362-800840756-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_deAT445 IE - HKU\S-1-5-21-3727353590-3610835362-800840756-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at" FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.06.28 19:21:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.04.03 23:29:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 23:22:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 08:29:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.04.25 13:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions [2011.04.25 13:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.04.03 23:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\933vz17i.default\extensions [2013.01.12 18:51:46 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\933vz17i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012.01.10 01:07:11 | 000,003,915 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\933vz17i.default\searchplugins\sweetim.xml [2013.03.11 23:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.11 23:22:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.19 08:16:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.19 11:56:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 08:16:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 08:16:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 08:16:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 08:16:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation) O3:64bit: - HKU\S-1-5-21-3727353590-3610835362-800840756-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED File not found O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3727353590-3610835362-800840756-1002..\Run: [Google Update] "C:\Users\Helmut\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found O4 - HKU\S-1-5-21-3727353590-3610835362-800840756-1002..\Run: [HP Officejet 4620 series (NET)] C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files (x86)\Palm\HOTSYNC.EXE (Palm, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D69D234-10A9-4C73-96BF-C15C9F64352D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8C9EE62-620B-44B9-8286-843938B0C1CE}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2691848-305C-4764-B63A-8A38AAC83893}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.03 23:38:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe [2013.04.03 23:27:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.03 23:25:50 | 000,000,000 | ---D | C] -- C:\windows\Temp [2013.04.03 23:25:50 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Temp [2013.03.26 11:54:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023x.sys [2013.03.26 11:54:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys [2013.03.25 01:20:51 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Malwarebytes [2013.03.25 01:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.25 01:20:46 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.03.25 01:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.25 01:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.22 16:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.20 08:12:27 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Finale-Dateien [2013.03.20 08:12:26 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\MakeMusic [2013.03.20 08:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2012 [2013.03.20 08:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garritan Instruments for Finale [2013.03.20 08:02:39 | 000,000,000 | ---D | C] -- C:\vstplugins [2013.03.20 08:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garritan ARIA Player [2013.03.20 07:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MakeMusic [2013.03.20 07:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Finale 2012 [2013.03.14 04:03:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2013.03.14 04:03:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2013.03.14 04:02:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2013.03.14 04:02:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.03.14 04:02:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2013.03.14 04:02:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2013.03.14 04:02:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.03.14 04:02:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2013.03.14 04:02:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2013.03.14 04:02:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.03.14 04:02:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2013.03.14 04:02:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.03.14 04:02:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.03.14 04:02:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.03.14 04:02:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2013.03.14 04:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 04:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 04:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.13 08:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.11 23:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Users\Helmut\Desktop\*.tmp files -> C:\Users\Helmut\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.03 23:38:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe [2013.04.03 23:34:54 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 23:34:54 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 23:33:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.03 23:32:00 | 002,061,466 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.03 23:32:00 | 001,041,422 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.03 23:32:00 | 000,584,702 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.03 23:32:00 | 000,513,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.03 23:32:00 | 000,005,398 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.03 23:27:24 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.03 23:27:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.03 23:26:56 | 4143,374,336 | -HS- | M] () -- C:\hiberfil.sys [2013.04.03 23:23:33 | 001,266,704 | ---- | M] () -- C:\Users\Helmut\Desktop\zoek.exe [2013.04.03 23:19:42 | 000,024,064 | ---- | M] () -- C:\windows\zoek-delete.exe [2013.04.03 23:14:19 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.04.02 09:10:29 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForHelmut.job [2013.03.25 01:20:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.24 19:22:12 | 003,139,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.03.22 16:36:51 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.20 08:02:40 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player x64.lnk [2013.03.20 08:02:40 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player.lnk [2013.03.20 07:58:42 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2012.lnk [2013.03.13 14:58:08 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.03.13 14:58:08 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.07 22:12:55 | 335,078,636 | ---- | M] () -- C:\windows\MEMORY.DMP [1 C:\Users\Helmut\Desktop\*.tmp files -> C:\Users\Helmut\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.03 23:25:50 | 000,024,064 | ---- | C] () -- C:\windows\zoek-delete.exe [2013.04.03 23:23:32 | 001,266,704 | ---- | C] () -- C:\Users\Helmut\Desktop\zoek.exe [2013.03.25 01:20:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.22 16:36:51 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.20 08:02:40 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\ARIA Player x64.lnk [2013.03.20 08:02:40 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\ARIA Player.lnk [2013.03.20 07:58:41 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Finale 2012.lnk [2013.03.07 22:12:55 | 335,078,636 | ---- | C] () -- C:\windows\MEMORY.DMP [2012.09.26 22:46:14 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.09.23 16:05:23 | 000,159,836 | ---- | C] () -- C:\windows\_isusr32.dll [2012.09.23 16:05:23 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\_isusr2k.dll [2012.09.14 18:02:58 | 001,531,656 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.03.01 10:03:44 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2 [2011.11.21 10:52:58 | 000,038,421 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011.11.21 10:18:28 | 000,038,420 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2011.10.12 09:52:39 | 000,112,688 | ---- | C] () -- C:\windows\SysWow64\shw32.dll [2011.10.12 09:52:39 | 000,039,095 | ---- | C] () -- C:\windows\iccsigs.dat [2011.07.15 10:47:19 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe [2011.06.25 21:12:06 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll0950.old [2011.05.07 08:05:37 | 000,007,603 | ---- | C] () -- C:\Users\Helmut\AppData\Local\Resmon.ResmonCfg [2011.05.06 11:24:17 | 000,000,091 | ---- | C] () -- C:\windows\SSB.ini [2011.05.04 23:30:31 | 000,184,707 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\mdbu.bin [2011.04.29 11:36:26 | 000,000,051 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe.cfg [2011.04.29 11:36:24 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe [2011.04.23 08:26:21 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > |
03.04.2013, 23:27 | #4 |
| Problem mit http://ad.adserverplus.com... OTL und OTL extras schicke ich als Zip Datei im Anhang, sie waren zu groß. hoffe das passt so. Viele Grüße und danke |
03.04.2013, 23:34 | #5 |
/// Malwareteam / Visitor | Problem mit http://ad.adserverplus.com... Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld: Code:
ATTFilter babylon;ff [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r "SweetIM"=-;r C:\Users\Helmut\Desktop\*.tmp;f Poste mir das Logfile. Wir machen einfach weiter mit der Systembereinigung AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Scan mit Combofix
Probleme bestehen immer noch, oder ist es jetzt vorbei? |
03.04.2013, 23:46 | #6 |
| Problem mit http://ad.adserverplus.com... hallo, hier das logfile: Zoek.exe Version 4.0.0.2 Updated 31-03-2013 Tool run by Helmut on 04.04.2013 at 0:44:13,55. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== FireFox Fix ====================== ProfilePath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default user.js not found ---- Lines babylon removed from prefs.js ---- user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=toolbar2&q="); ---- Lines babylon modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs__0045_.backup prefs__2323_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SweetIM"=- ==== Deleting Files \ Folders ====================== "C:\Users\Helmut\Desktop\~WRL0338.tmp" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default - HP Detect - %ProfilePath%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default 47299371607DC2FB234444EEACB1639E - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash B6A800D881A0176C544988870861E798 - C:\windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director Hier der Bericht von AdwCleaner[Sx].txt:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 04/04/2013 um 00:56:39 erstellt # Aktualisiert am 02/04/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Helmut - HELMUT-HP # Bootmodus : Normal # Ausgeführt unter : D:\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default\searchplugins\SweetIm.xml ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\BabylonChromeExtension Schlüssel Gelöscht : HKCU\Software\BabylonToolbar Schlüssel Gelöscht : HKCU\Software\Blabbers Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\BabylonToolbar Schlüssel Gelöscht : HKLM\Software\BrowserCompanion Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0.2 (de) Datei : C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [10061 octets] - [04/04/2013 00:56:39] ########## EOF - C:\AdwCleaner[S1].txt - [10122 octets] ########## |
04.04.2013, 11:14 | #7 |
/// Malwareteam / Visitor | Problem mit http://ad.adserverplus.com... Es läuft alles prima Scan mit Combofix
Probleme bestehen immer noch, oder ist jetzt alles vorbei? |
05.04.2013, 15:33 | #8 |
| Problem mit http://ad.adserverplus.com... hallo, hatte zuletzt keine Zeit mehr den Bericht von ComboFix zu posten, hatte aber folgendes Problem: nach dem Suchlauf von ComboFix habe ich den PC in den Energiesparmodus "abgeschaltet" danach ließ er sich nicht mehr richtig hochfahren, nur in den abgesicherten Modus. Vom abgesicherten Modus aus ließ er sich dann aber doch wieder normal starten. Nach einem weiteren Herunterfahren - wieder dasselbe - der PC lässt sich nicht fertig starten - Windows Symbol kommt schon noch, aber danach bleibt er nach Anzeige des Desktophintergrundbildes hängen. Er lässt sich dann aber doch wieder vom Abgesicherten Modus aus neu starten und fährt normal hoch. Woran kann das liegen? Die Probleme mit den Werbefenstern sind aber offensichtlich weg. hier noch das letzte Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-04-02.01 - Helmut 04.04.2013 7:49.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.3951.2167 [GMT 2:00] ausgeführt von:: c:\users\Helmut\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Thumbs.db c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-03-04 bis 2013-04-04 )))))))))))))))))))))))))))))) . . 2013-04-04 05:55 . 2013-04-04 05:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-03 22:20 . 2013-04-03 22:20 -------- d-----w- c:\program files (x86)\7-Zip 2013-04-03 21:25 . 2013-04-04 05:55 -------- d-----w- c:\users\Helmut\AppData\Local\Temp 2013-03-26 09:54 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-03-26 09:54 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-24 23:20 . 2013-03-24 23:20 -------- d-----w- c:\users\Helmut\AppData\Roaming\Malwarebytes 2013-03-24 23:20 . 2013-03-24 23:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-24 23:20 . 2013-03-24 23:20 -------- d-----w- c:\programdata\Malwarebytes 2013-03-24 23:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-20 06:12 . 2013-03-20 06:12 -------- d-----w- c:\users\Helmut\AppData\Roaming\MakeMusic 2013-03-20 06:02 . 2013-03-20 06:02 -------- d-----w- C:\vstplugins 2013-03-20 05:58 . 2013-03-20 05:58 -------- d-----w- c:\programdata\MakeMusic 2013-03-20 05:58 . 2013-03-20 05:58 -------- d-----w- c:\program files (x86)\Finale 2012 2013-03-14 02:03 . 2013-02-02 06:38 96768 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-14 02:03 . 2013-02-02 06:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-03-14 02:03 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-03-14 02:03 . 2013-02-02 07:37 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-03-14 02:03 . 2013-02-02 06:44 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2013-03-14 02:03 . 2013-02-02 04:19 149552 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll 2013-03-14 02:03 . 2013-02-02 03:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-14 02:01 . 2013-03-14 02:01 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-14 02:01 . 2013-03-14 02:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-03-13 06:29 . 2013-04-03 22:47 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-14 02:05 . 2011-05-06 08:46 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 12:58 . 2012-05-05 19:02 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 12:58 . 2011-05-22 20:26 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-12 05:45 . 2013-03-13 08:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 08:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 08:52 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 08:52 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 08:52 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 08:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-11 21:49 . 2011-04-23 06:26 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2013-01-13 21:17 . 2013-02-28 09:10 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17 . 2013-02-28 09:10 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16 . 2013-02-28 09:10 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12 . 2013-02-28 09:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11 . 2013-02-28 09:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 09:10 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 09:10 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11 . 2013-02-28 09:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 09:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 09:10 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 09:10 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 09:10 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32 . 2013-02-28 09:10 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31 . 2013-02-28 09:10 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 09:10 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 09:10 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31 . 2013-02-28 09:10 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 09:10 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 09:10 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-01-13 20:22 . 2013-02-28 09:10 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20 . 2013-02-28 09:10 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-01-13 20:09 . 2013-02-28 09:10 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08 . 2013-02-28 09:10 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08 . 2013-02-28 09:10 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-01-13 19:59 . 2013-02-28 09:10 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-01-13 19:58 . 2013-02-28 09:10 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-01-13 19:54 . 2013-02-28 09:10 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53 . 2013-02-28 09:10 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53 . 2013-02-28 09:10 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51 . 2013-02-28 09:10 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-01-13 19:49 . 2013-02-28 09:10 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-01-13 19:48 . 2013-02-28 09:10 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46 . 2013-02-28 09:10 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-01-13 19:43 . 2013-02-28 09:10 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38 . 2013-02-28 09:10 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-01-13 19:38 . 2013-02-28 09:10 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-01-13 19:38 . 2013-02-28 09:10 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-01-13 19:37 . 2013-02-28 09:10 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-01-13 19:25 . 2013-02-28 09:10 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-01-13 19:24 . 2013-02-28 09:10 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-01-13 19:24 . 2013-02-28 09:10 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-01-13 19:20 . 2013-02-28 09:10 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-01-13 19:20 . 2013-02-28 09:10 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-01-13 19:15 . 2013-02-28 09:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-01-13 19:10 . 2013-02-28 09:10 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-01-13 19:02 . 2013-02-28 09:10 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34 . 2013-02-28 09:10 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32 . 2013-02-28 09:10 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-01-13 18:09 . 2013-02-28 09:10 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-01-13 17:26 . 2013-02-28 09:10 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-01-13 17:05 . 2013-02-28 09:10 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-01-05 05:53 . 2013-02-13 07:32 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-13 07:32 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-13 07:32 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 06:11 . 2013-02-28 09:10 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-01-04 06:11 . 2013-02-28 09:10 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-17 39408] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] "HP Officejet 4620 series (NET)"="c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-18 2548072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176] "DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-16 98304] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264] "PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000] . c:\users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files (x86)\Palm\HOTSYNC.EXE [2003-3-21 299008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224] Printkey2000.lnk - c:\program files (x86)\PrintKey2000\Printkey2000.exe [2013-2-9 869376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLUA"= 0 (0x0) . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-17 1038088] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 232480] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-25 1255736] R4 PCToolsFixToolInjDrv;PCToolsFixToolInjDrv;c:\program files (x86)\PC Tools Security\pcttFixTool64.sys [2011-08-08 55624] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS [2012-03-29 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [2012-05-22 1129120] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [2012-06-07 167072] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130402.001\IDSvia64.sys [2012-09-11 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [2012-03-29 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [2012-03-29 405624] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-08-23 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-16 203264] S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536] S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-01 280120] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [2012-06-16 138272] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 2019120] S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-10 342056] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-10 39464] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-25 138912] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2013-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 12:58] . 2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 14:41] . 2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 14:41] . 2013-04-02 c:\windows\Tasks\HPCeeScheduleForHelmut.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-08-23 489472] "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-06-19 1691192] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.at/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\933vz17i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.at . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-NortonOnlineBackupReminder - c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe Wow6432Node-HKLM-Run-File Sanitizer - c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe AddRemove-PocketMirror - c:\windows\IsUn0407.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-04-04 07:59:15 ComboFix-quarantined-files.txt 2013-04-04 05:59 . Vor Suchlauf: 22 Verzeichnis(se), 89.485.561.856 Bytes frei Nach Suchlauf: 29 Verzeichnis(se), 89.093.349.376 Bytes frei . - - End Of File - - 8FE617AC9C521008A549C3F93CEDF57C |
05.04.2013, 15:52 | #9 |
/// Malwareteam / Visitor | Problem mit http://ad.adserverplus.com... Downloade dir TDSSKStarter Rechtsklick auf TDSSKStarter.exe -> Als Administrator ausführen. Warte bis das Fenster sich schließt. Wenn TDSSKStarter fertig ist, wird es ein Logfile erstellen. Bitte poste mir die Logfile in deiner nächsten Antwort (möglichst in CODE-Tags) |
05.04.2013, 22:52 | #10 |
| Problem mit http://ad.adserverplus.com... meine Virensoftware löscht mir TDSSKStarter sofort nach dem Download, es wir als nicht sicher eingestuft, kann ich dieser Software vertrauen und was macht sie? bin mir nicht mehr ganz sicher ob ich den PC lieber gleich neu aufsetzen soll... ok, hab die Virussoftware deativiert und das Programm ausgeführt hier das Logfile: 23:58:12.0236 6648 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 23:58:12.0236 6648 ============================================================ 23:58:12.0236 6648 Current date / time: 2013/04/05 23:58:12.0236 23:58:12.0236 6648 SystemInfo: 23:58:12.0236 6648 23:58:12.0236 6648 OS Version: 6.1.7601 ServicePack: 1.0 23:58:12.0236 6648 Product type: Workstation 23:58:12.0236 6648 ComputerName: HELMUT-HP 23:58:12.0236 6648 UserName: Helmut 23:58:12.0236 6648 Windows directory: C:\windows 23:58:12.0236 6648 System windows directory: C:\windows 23:58:12.0236 6648 Running under WOW64 23:58:12.0236 6648 Processor architecture: Intel x64 23:58:12.0236 6648 Number of processors: 4 23:58:12.0236 6648 Page size: 0x1000 23:58:12.0236 6648 Boot type: Normal boot 23:58:12.0236 6648 ============================================================ 23:58:15.0418 6648 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:58:15.0434 6648 ============================================================ 23:58:15.0434 6648 \Device\Harddisk0\DR0: 23:58:15.0434 6648 MBR partitions: 23:58:15.0434 6648 Initialize success 23:58:15.0434 6648 ============================================================ 23:58:15.0496 5844 ============================================================ 23:58:15.0496 5844 Scan started 23:58:15.0496 5844 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent; 23:58:15.0496 5844 ============================================================ 23:58:16.0136 5844 ================ Scan system memory ======================== 23:58:16.0136 5844 ================ Scan services ============================= 23:58:20.0644 5844 ================ Scan global =============================== 23:58:20.0644 5844 ================ Scan MBR ================================== 23:58:20.0675 5844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 23:58:21.0487 5844 ================ Scan VBR ================================== 23:58:21.0487 5844 ================ Scan UEFI extensions ====================== 23:58:21.0487 5844 ================ Scan active images ======================== 23:58:21.0487 5844 ============================================================ 23:58:21.0487 5844 Scan finished 23:58:21.0487 5844 ============================================================ 23:58:22.0048 7120 Deinitialize success . ============================================== System Restore Point Check: . TDSSKiller Starter Restore Point Created Succesfully ============================================== Registry Export . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ============================================== EOF |
05.04.2013, 23:07 | #11 |
/// Malwareteam / Visitor | Problem mit http://ad.adserverplus.com... Es ist eine tool der eine Rootkit-Scan dreht. Sie ist zu vertrauen, unsere Tools werden öfter falsch angezeigt. Kannst du dein Virensoftware TDSSKStarter ignorieren lassen? |
05.04.2013, 23:26 | #12 |
| Problem mit http://ad.adserverplus.com... ok, hab die Virussoftware deativiert und das Programm ausgeführt hier das Logfile: 23:58:12.0236 6648 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 23:58:12.0236 6648 ============================================================ 23:58:12.0236 6648 Current date / time: 2013/04/05 23:58:12.0236 23:58:12.0236 6648 SystemInfo: 23:58:12.0236 6648 23:58:12.0236 6648 OS Version: 6.1.7601 ServicePack: 1.0 23:58:12.0236 6648 Product type: Workstation 23:58:12.0236 6648 ComputerName: HELMUT-HP 23:58:12.0236 6648 UserName: Helmut 23:58:12.0236 6648 Windows directory: C:\windows 23:58:12.0236 6648 System windows directory: C:\windows 23:58:12.0236 6648 Running under WOW64 23:58:12.0236 6648 Processor architecture: Intel x64 23:58:12.0236 6648 Number of processors: 4 23:58:12.0236 6648 Page size: 0x1000 23:58:12.0236 6648 Boot type: Normal boot 23:58:12.0236 6648 ============================================================ 23:58:15.0418 6648 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:58:15.0434 6648 ============================================================ 23:58:15.0434 6648 \Device\Harddisk0\DR0: 23:58:15.0434 6648 MBR partitions: 23:58:15.0434 6648 Initialize success 23:58:15.0434 6648 ============================================================ 23:58:15.0496 5844 ============================================================ 23:58:15.0496 5844 Scan started 23:58:15.0496 5844 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent; 23:58:15.0496 5844 ============================================================ 23:58:16.0136 5844 ================ Scan system memory ======================== 23:58:16.0136 5844 ================ Scan services ============================= 23:58:20.0644 5844 ================ Scan global =============================== 23:58:20.0644 5844 ================ Scan MBR ================================== 23:58:20.0675 5844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 23:58:21.0487 5844 ================ Scan VBR ================================== 23:58:21.0487 5844 ================ Scan UEFI extensions ====================== 23:58:21.0487 5844 ================ Scan active images ======================== 23:58:21.0487 5844 ============================================================ 23:58:21.0487 5844 Scan finished 23:58:21.0487 5844 ============================================================ 23:58:22.0048 7120 Deinitialize success . ============================================== System Restore Point Check: . TDSSKiller Starter Restore Point Created Succesfully ============================================== Registry Export . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ============================================== EOF |
05.04.2013, 23:37 | #13 |
/// Malwareteam / Visitor | Problem mit http://ad.adserverplus.com... Ich habe die idee das da irgendetwas nicht funktioniert hat Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
07.04.2013, 20:10 | #14 |
| Problem mit http://ad.adserverplus.com... Hallo, hier bin ich wieder, hab den TDSSKiller ausgeführt, es wurden keine Funde angezeit, hier der Report: 21:05:10.0825 20720 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 21:05:11.0573 20720 ============================================================ 21:05:11.0573 20720 Current date / time: 2013/04/07 21:05:11.0573 21:05:11.0573 20720 SystemInfo: 21:05:11.0573 20720 21:05:11.0573 20720 OS Version: 6.1.7601 ServicePack: 1.0 21:05:11.0573 20720 Product type: Workstation 21:05:11.0573 20720 ComputerName: HELMUT-HP 21:05:11.0574 20720 UserName: Helmut 21:05:11.0574 20720 Windows directory: C:\windows 21:05:11.0574 20720 System windows directory: C:\windows 21:05:11.0574 20720 Running under WOW64 21:05:11.0574 20720 Processor architecture: Intel x64 21:05:11.0574 20720 Number of processors: 4 21:05:11.0574 20720 Page size: 0x1000 21:05:11.0574 20720 Boot type: Normal boot 21:05:11.0574 20720 ============================================================ 21:05:12.0342 20720 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:05:12.0350 20720 ============================================================ 21:05:12.0350 20720 \Device\Harddisk0\DR0: 21:05:12.0350 20720 MBR partitions: 21:05:12.0350 20720 Initialize success 21:05:12.0350 20720 ============================================================ 21:06:09.0421 23028 ============================================================ 21:06:09.0421 23028 Scan started 21:06:09.0421 23028 Mode: Manual; SigCheck; TDLFS; 21:06:09.0421 23028 ============================================================ 21:06:09.0443 23028 ================ Scan system memory ======================== 21:06:09.0443 23028 System memory - ok 21:06:09.0443 23028 ================ Scan services ============================= 21:06:09.0480 23028 1394ohci - ok 21:06:09.0488 23028 Accelerometer - ok 21:06:09.0495 23028 ACDaemon - ok 21:06:09.0500 23028 ACPI - ok 21:06:09.0508 23028 AcpiPmi - ok 21:06:09.0533 23028 adfs - ok 21:06:09.0550 23028 AdobeARMservice - ok 21:06:09.0572 23028 AdobeFlashPlayerUpdateSvc - ok 21:06:09.0577 23028 adp94xx - ok 21:06:09.0582 23028 adpahci - ok 21:06:09.0586 23028 adpu320 - ok 21:06:09.0594 23028 AeLookupSvc - ok 21:06:09.0599 23028 AESTFilters - ok 21:06:09.0604 23028 Afc - ok 21:06:09.0617 23028 AFD - ok 21:06:09.0627 23028 AgereSoftModem - ok 21:06:09.0632 23028 agp440 - ok 21:06:09.0634 23028 ALG - ok 21:06:09.0638 23028 aliide - ok 21:06:09.0641 23028 AMD External Events Utility - ok 21:06:09.0645 23028 amdide - ok 21:06:09.0648 23028 AmdK8 - ok 21:06:09.0652 23028 amdkmdag - ok 21:06:09.0656 23028 amdkmdap - ok 21:06:09.0661 23028 AmdPPM - ok 21:06:09.0672 23028 amdsata - ok 21:06:09.0678 23028 amdsbs - ok 21:06:09.0680 23028 amdxata - ok 21:06:09.0691 23028 AppID - ok 21:06:09.0694 23028 AppIDSvc - ok 21:06:09.0698 23028 Appinfo - ok 21:06:09.0701 23028 AppMgmt - ok 21:06:09.0705 23028 arc - ok 21:06:09.0708 23028 arcsas - ok 21:06:09.0718 23028 ARCVCAM - ok 21:06:09.0723 23028 AsyncMac - ok 21:06:09.0726 23028 atapi - ok 21:06:09.0732 23028 AtiHdmiService - ok 21:06:09.0736 23028 AudioEndpointBuilder - ok 21:06:09.0740 23028 AudioSrv - ok 21:06:09.0745 23028 AxInstSV - ok 21:06:09.0764 23028 b06bdrv - ok 21:06:09.0768 23028 b57nd60a - ok 21:06:09.0787 23028 BBSvc - ok 21:06:09.0791 23028 BCM43XX - ok 21:06:09.0796 23028 BDESVC - ok 21:06:09.0804 23028 Beep - ok 21:06:09.0827 23028 BFE - ok 21:06:09.0856 23028 BHDrvx64 - ok 21:06:09.0864 23028 BITS - ok 21:06:09.0874 23028 blbdrive - ok 21:06:09.0880 23028 bowser - ok 21:06:09.0892 23028 BrFiltLo - ok 21:06:09.0896 23028 BrFiltUp - ok 21:06:09.0900 23028 BridgeMP - ok 21:06:09.0905 23028 Browser - ok 21:06:09.0909 23028 Brserid - ok 21:06:09.0913 23028 BrSerWdm - ok 21:06:09.0918 23028 BrUsbMdm - ok 21:06:09.0922 23028 BrUsbSer - ok 21:06:09.0928 23028 BthEnum - ok 21:06:09.0933 23028 BTHMODEM - ok 21:06:09.0936 23028 BthPan - ok 21:06:09.0940 23028 BTHPORT - ok 21:06:09.0944 23028 bthserv - ok 21:06:09.0947 23028 BTHUSB - ok 21:06:09.0959 23028 btwampfl - ok 21:06:09.0962 23028 btwaudio - ok 21:06:09.0966 23028 btwavdt - ok 21:06:09.0981 23028 btwdins - ok 21:06:09.0993 23028 btwl2cap - ok 21:06:10.0003 23028 btwrchid - ok 21:06:10.0020 23028 catchme - ok 21:06:10.0064 23028 ccSet_N360 - ok 21:06:10.0073 23028 cdfs - ok 21:06:10.0088 23028 cdrom - ok 21:06:10.0098 23028 CertPropSvc - ok 21:06:10.0108 23028 circlass - ok 21:06:10.0112 23028 CLFS - ok 21:06:10.0116 23028 clr_optimization_v2.0.50727_32 - ok 21:06:10.0121 23028 clr_optimization_v2.0.50727_64 - ok 21:06:10.0142 23028 clr_optimization_v4.0.30319_32 - ok 21:06:10.0146 23028 clr_optimization_v4.0.30319_64 - ok 21:06:10.0150 23028 CmBatt - ok 21:06:10.0153 23028 cmdide - ok 21:06:10.0157 23028 CNG - ok 21:06:10.0161 23028 Compbatt - ok 21:06:10.0168 23028 CompositeBus - ok 21:06:10.0172 23028 COMSysApp - ok 21:06:10.0176 23028 crcdisk - ok 21:06:10.0181 23028 CryptSvc - ok 21:06:10.0185 23028 CSC - ok 21:06:10.0189 23028 CscService - ok 21:06:10.0193 23028 DcomLaunch - ok 21:06:10.0197 23028 defragsvc - ok 21:06:10.0200 23028 DfsC - ok 21:06:10.0214 23028 DgiVecp - ok 21:06:10.0217 23028 Dhcp - ok 21:06:10.0220 23028 discache - ok 21:06:10.0224 23028 Disk - ok 21:06:10.0228 23028 Dnscache - ok 21:06:10.0232 23028 dot3svc - ok 21:06:10.0235 23028 DPS - ok 21:06:10.0239 23028 drmkaud - ok 21:06:10.0242 23028 DXGKrnl - ok 21:06:10.0250 23028 EapHost - ok 21:06:10.0254 23028 ebdrv - ok 21:06:10.0277 23028 eeCtrl - ok 21:06:10.0281 23028 EFS - ok 21:06:10.0284 23028 ehRecvr - ok 21:06:10.0287 23028 ehSched - ok 21:06:10.0291 23028 elxstor - ok 21:06:10.0323 23028 EraserUtilRebootDrv - ok 21:06:10.0328 23028 ErrDev - ok 21:06:10.0335 23028 EventSystem - ok 21:06:10.0343 23028 exfat - ok 21:06:10.0346 23028 fastfat - ok 21:06:10.0355 23028 Fax - ok 21:06:10.0360 23028 fdc - ok 21:06:10.0364 23028 fdPHost - ok 21:06:10.0368 23028 FDResPub - ok 21:06:10.0373 23028 FileInfo - ok 21:06:10.0376 23028 Filetrace - ok 21:06:10.0397 23028 FLEXnet Licensing Service - ok 21:06:10.0418 23028 FLEXnet Licensing Service 64 - ok 21:06:10.0422 23028 flpydisk - ok 21:06:10.0426 23028 FltMgr - ok 21:06:10.0430 23028 FontCache - ok 21:06:10.0436 23028 FontCache3.0.0.0 - ok 21:06:10.0440 23028 FsDepends - ok 21:06:10.0445 23028 Fs_Rec - ok 21:06:10.0448 23028 fvevol - ok 21:06:10.0452 23028 gagp30kx - ok 21:06:10.0456 23028 gpsvc - ok 21:06:10.0466 23028 gupdate - ok 21:06:10.0477 23028 gupdatem - ok 21:06:10.0486 23028 gusvc - ok 21:06:10.0490 23028 hcw85cir - ok 21:06:10.0493 23028 HdAudAddService - ok 21:06:10.0497 23028 HDAudBus - ok 21:06:10.0500 23028 HECIx64 - ok 21:06:10.0504 23028 HidBatt - ok 21:06:10.0510 23028 HidBth - ok 21:06:10.0512 23028 HidIr - ok 21:06:10.0515 23028 hidserv - ok 21:06:10.0528 23028 HidUsb - ok 21:06:10.0531 23028 hkmsvc - ok 21:06:10.0534 23028 HomeGroupListener - ok 21:06:10.0538 23028 HomeGroupProvider - ok 21:06:10.0547 23028 HP Power Assistant Service - ok 21:06:10.0570 23028 HP Support Assistant Service - ok 21:06:10.0574 23028 HP Wireless Assistant Service - ok 21:06:10.0587 23028 HPDayStarterService - ok 21:06:10.0616 23028 HPDrvMntSvc.exe - ok 21:06:10.0621 23028 hpdskflt - ok 21:06:10.0632 23028 hpHotkeyMonitor - ok 21:06:10.0637 23028 HpqKbFiltr - ok 21:06:10.0642 23028 hpqwmiex - ok 21:06:10.0646 23028 HpSAMD - ok 21:06:10.0649 23028 hpsrv - ok 21:06:10.0661 23028 HTCAND64 - ok 21:06:10.0672 23028 htcnprot - ok 21:06:10.0677 23028 HTTP - ok 21:06:10.0680 23028 hwpolicy - ok 21:06:10.0688 23028 i8042prt - ok 21:06:10.0693 23028 iaStor - ok 21:06:10.0706 23028 IAStorDataMgrSvc - ok 21:06:10.0714 23028 iaStorV - ok 21:06:10.0718 23028 idsvc - ok 21:06:10.0722 23028 IDSVia64 - ok 21:06:10.0727 23028 iirsp - ok 21:06:10.0730 23028 IKEEXT - ok 21:06:10.0733 23028 Impcd - ok 21:06:10.0739 23028 intelide - ok 21:06:10.0744 23028 intelppm - ok 21:06:10.0747 23028 IPBusEnum - ok 21:06:10.0750 23028 IpFilterDriver - ok 21:06:10.0754 23028 iphlpsvc - ok 21:06:10.0757 23028 IPMIDRV - ok 21:06:10.0761 23028 IPNAT - ok 21:06:10.0771 23028 IRENUM - ok 21:06:10.0775 23028 isapnp - ok 21:06:10.0778 23028 iScsiPrt - ok 21:06:10.0786 23028 kbdclass - ok 21:06:10.0790 23028 kbdhid - ok 21:06:10.0800 23028 KeyIso - ok 21:06:10.0804 23028 KSecDD - ok 21:06:10.0807 23028 KSecPkg - ok 21:06:10.0811 23028 ksthunk - ok 21:06:10.0815 23028 KtmRm - ok 21:06:10.0818 23028 LanmanServer - ok 21:06:10.0822 23028 LanmanWorkstation - ok 21:06:10.0827 23028 LightScribeService - ok 21:06:10.0839 23028 lltdio - ok 21:06:10.0842 23028 lltdsvc - ok 21:06:10.0846 23028 lmhosts - ok 21:06:10.0858 23028 LMS - ok 21:06:10.0864 23028 LSI_FC - ok 21:06:10.0867 23028 LSI_SAS - ok 21:06:10.0871 23028 LSI_SAS2 - ok 21:06:10.0874 23028 LSI_SCSI - ok 21:06:10.0878 23028 luafv - ok 21:06:10.0882 23028 MBAMProtector - ok 21:06:10.0893 23028 MBAMScheduler - ok 21:06:10.0898 23028 MBAMService - ok 21:06:10.0902 23028 Mcx2Svc - ok 21:06:10.0906 23028 megasas - ok 21:06:10.0909 23028 MegaSR - ok 21:06:10.0912 23028 MMCSS - ok 21:06:10.0915 23028 Modem - ok 21:06:10.0918 23028 monitor - ok 21:06:10.0922 23028 mouclass - ok 21:06:10.0928 23028 mouhid - ok 21:06:10.0932 23028 mountmgr - ok 21:06:10.0947 23028 MozillaMaintenance - ok 21:06:10.0950 23028 mpio - ok 21:06:10.0954 23028 mpsdrv - ok 21:06:10.0958 23028 MpsSvc - ok 21:06:10.0961 23028 MRxDAV - ok 21:06:10.0964 23028 mrxsmb - ok 21:06:10.0967 23028 mrxsmb10 - ok 21:06:10.0970 23028 mrxsmb20 - ok 21:06:10.0974 23028 msahci - ok 21:06:10.0977 23028 msdsm - ok 21:06:10.0981 23028 MSDTC - ok 21:06:10.0992 23028 Msfs - ok 21:06:10.0995 23028 mshidkmdf - ok 21:06:10.0998 23028 msisadrv - ok 21:06:11.0002 23028 MSiSCSI - ok 21:06:11.0005 23028 msiserver - ok 21:06:11.0008 23028 MSKSSRV - ok 21:06:11.0012 23028 MSPCLOCK - ok 21:06:11.0015 23028 MSPQM - ok 21:06:11.0018 23028 MsRPC - ok 21:06:11.0023 23028 mssmbios - ok 21:06:11.0026 23028 MSTEE - ok 21:06:11.0029 23028 MTConfig - ok 21:06:11.0033 23028 Mup - ok 21:06:11.0036 23028 N360 - ok 21:06:11.0040 23028 napagent - ok 21:06:11.0048 23028 NativeWifiP - ok 21:06:11.0059 23028 NAVENG - ok 21:06:11.0063 23028 NAVEX15 - ok 21:06:11.0074 23028 NDIS - ok 21:06:11.0078 23028 NdisCap - ok 21:06:11.0081 23028 NdisTapi - ok 21:06:11.0090 23028 Ndisuio - ok 21:06:11.0094 23028 NdisWan - ok 21:06:11.0097 23028 NDProxy - ok 21:06:11.0100 23028 NetBIOS - ok 21:06:11.0105 23028 NetBT - ok 21:06:11.0108 23028 Netlogon - ok 21:06:11.0112 23028 Netman - ok 21:06:11.0115 23028 netprofm - ok 21:06:11.0119 23028 NetTcpPortSharing - ok 21:06:11.0122 23028 nfrd960 - ok 21:06:11.0129 23028 NlaSvc - ok 21:06:11.0132 23028 Npfs - ok 21:06:11.0138 23028 nsi - ok 21:06:11.0143 23028 nsiproxy - ok 21:06:11.0150 23028 Ntfs - ok 21:06:11.0158 23028 Null - ok 21:06:11.0171 23028 nvraid - ok 21:06:11.0176 23028 nvstor - ok 21:06:11.0184 23028 nv_agp - ok 21:06:11.0188 23028 ohci1394 - ok 21:06:11.0191 23028 ose - ok 21:06:11.0195 23028 osppsvc - ok 21:06:11.0201 23028 p2pimsvc - ok 21:06:11.0205 23028 p2psvc - ok 21:06:11.0212 23028 Parport - ok 21:06:11.0217 23028 partmgr - ok 21:06:11.0220 23028 PassThru Service - ok 21:06:11.0223 23028 PcaSvc - ok 21:06:11.0227 23028 pci - ok 21:06:11.0230 23028 pciide - ok 21:06:11.0234 23028 pcmcia - ok 21:06:11.0243 23028 PCToolsFixToolInjDrv - ok 21:06:11.0246 23028 pcw - ok 21:06:11.0250 23028 PEAUTH - ok 21:06:11.0253 23028 PeerDistSvc - ok 21:06:11.0258 23028 PerfHost - ok 21:06:11.0266 23028 pla - ok 21:06:11.0278 23028 PlugPlay - ok 21:06:11.0281 23028 PNRPAutoReg - ok 21:06:11.0285 23028 PNRPsvc - ok 21:06:11.0288 23028 PolicyAgent - ok 21:06:11.0293 23028 Power - ok 21:06:11.0301 23028 PptpMiniport - ok 21:06:11.0305 23028 Processor - ok 21:06:11.0308 23028 ProfSvc - ok 21:06:11.0312 23028 ProtectedStorage - ok 21:06:11.0323 23028 Psched - ok 21:06:11.0331 23028 PSI_SVC_2 - ok 21:06:11.0335 23028 ql2300 - ok 21:06:11.0338 23028 ql40xx - ok 21:06:11.0341 23028 QWAVE - ok 21:06:11.0345 23028 QWAVEdrv - ok 21:06:11.0353 23028 RapiMgr - ok 21:06:11.0357 23028 RasAcd - ok 21:06:11.0368 23028 RasAgileVpn - ok 21:06:11.0372 23028 RasAuto - ok 21:06:11.0375 23028 Rasl2tp - ok 21:06:11.0379 23028 RasMan - ok 21:06:11.0382 23028 RasPppoe - ok 21:06:11.0386 23028 RasSstp - ok 21:06:11.0390 23028 rdbss - ok 21:06:11.0393 23028 rdpbus - ok 21:06:11.0397 23028 RDPCDD - ok 21:06:11.0402 23028 RDPDR - ok 21:06:11.0412 23028 RDPENCDD - ok 21:06:11.0418 23028 RDPREFMP - ok 21:06:11.0421 23028 RDPWD - ok 21:06:11.0425 23028 rdyboost - ok 21:06:11.0428 23028 RemoteAccess - ok 21:06:11.0432 23028 RemoteRegistry - ok 21:06:11.0443 23028 RFCOMM - ok 21:06:11.0446 23028 RpcEptMapper - ok 21:06:11.0450 23028 RpcLocator - ok 21:06:11.0454 23028 RpcSs - ok 21:06:11.0458 23028 rspndr - ok 21:06:11.0461 23028 RSUSBSTOR - ok 21:06:11.0471 23028 RTL8167 - ok 21:06:11.0475 23028 s3cap - ok 21:06:11.0478 23028 SamSs - ok 21:06:11.0482 23028 sbp2port - ok 21:06:11.0485 23028 SCardSvr - ok 21:06:11.0489 23028 scfilter - ok 21:06:11.0492 23028 Schedule - ok 21:06:11.0495 23028 SCPolicySvc - ok 21:06:11.0498 23028 sdbus - ok 21:06:11.0502 23028 SDRSVC - ok 21:06:11.0506 23028 SeaPort - ok 21:06:11.0514 23028 secdrv - ok 21:06:11.0518 23028 seclogon - ok 21:06:11.0522 23028 SENS - ok 21:06:11.0526 23028 SensrSvc - ok 21:06:11.0529 23028 Serenum - ok 21:06:11.0532 23028 Serial - ok 21:06:11.0536 23028 sermouse - ok 21:06:11.0544 23028 SessionEnv - ok 21:06:11.0547 23028 sffdisk - ok 21:06:11.0550 23028 sffp_mmc - ok 21:06:11.0554 23028 sffp_sd - ok 21:06:11.0557 23028 sfloppy - ok 21:06:11.0561 23028 SharedAccess - ok 21:06:11.0564 23028 ShellHWDetection - ok 21:06:11.0567 23028 SiSRaid2 - ok 21:06:11.0572 23028 SiSRaid4 - ok 21:06:11.0576 23028 SkypeUpdate - ok 21:06:11.0581 23028 Smb - ok 21:06:11.0603 23028 SNMPTRAP - ok 21:06:11.0618 23028 SNP2UVC - ok 21:06:11.0621 23028 spldr - ok 21:06:11.0625 23028 Spooler - ok 21:06:11.0628 23028 sppsvc - ok 21:06:11.0631 23028 sppuinotify - ok 21:06:11.0635 23028 SRTSP - ok 21:06:11.0638 23028 SRTSPX - ok 21:06:11.0643 23028 srv - ok 21:06:11.0646 23028 srv2 - ok 21:06:11.0649 23028 srvnet - ok 21:06:11.0664 23028 SSDPSRV - ok 21:06:11.0667 23028 SSPORT - ok 21:06:11.0670 23028 SstpSvc - ok 21:06:11.0674 23028 STacSV - ok 21:06:11.0677 23028 stexstor - ok 21:06:11.0682 23028 STHDA - ok 21:06:11.0691 23028 StillCam - ok 21:06:11.0704 23028 stisvc - ok 21:06:11.0707 23028 storflt - ok 21:06:11.0711 23028 StorSvc - ok 21:06:11.0714 23028 storvsc - ok 21:06:11.0717 23028 swenum - ok 21:06:11.0720 23028 swprv - ok 21:06:11.0744 23028 SymDS - ok 21:06:11.0751 23028 SymEFA - ok 21:06:11.0763 23028 SymEvent - ok 21:06:11.0781 23028 SymIM - ok 21:06:11.0784 23028 SymIRON - ok 21:06:11.0789 23028 SymNetS - ok 21:06:11.0795 23028 SysMain - ok 21:06:11.0798 23028 TabletInputService - ok 21:06:11.0802 23028 TapiSrv - ok 21:06:11.0807 23028 TBS - ok 21:06:11.0810 23028 Tcpip - ok 21:06:11.0813 23028 TCPIP6 - ok 21:06:11.0818 23028 tcpipreg - ok 21:06:11.0823 23028 TDPIPE - ok 21:06:11.0827 23028 TDTCP - ok 21:06:11.0830 23028 tdx - ok 21:06:11.0844 23028 TeamViewer8 - ok 21:06:11.0848 23028 TermDD - ok 21:06:11.0852 23028 TermService - ok 21:06:11.0855 23028 TfFsMon - ok 21:06:11.0858 23028 TfNetMon - ok 21:06:11.0869 23028 TFSysMon - ok 21:06:11.0873 23028 Themes - ok 21:06:11.0876 23028 THREADORDER - ok 21:06:11.0879 23028 TPM - ok 21:06:11.0884 23028 TrkWks - ok 21:06:11.0886 23028 TrustedInstaller - ok 21:06:11.0892 23028 tssecsrv - ok 21:06:11.0901 23028 TsUsbFlt - ok 21:06:11.0907 23028 tunnel - ok 21:06:11.0910 23028 uagp35 - ok 21:06:11.0914 23028 uArcCapture - ok 21:06:11.0918 23028 udfs - ok 21:06:11.0924 23028 UI0Detect - ok 21:06:11.0935 23028 uliagpkx - ok 21:06:11.0943 23028 umbus - ok 21:06:11.0946 23028 UmPass - ok 21:06:11.0951 23028 UmRdpService - ok 21:06:11.0958 23028 UNS - ok 21:06:11.0962 23028 upnphost - ok 21:06:11.0965 23028 usbccgp - ok 21:06:11.0968 23028 usbcir - ok 21:06:11.0972 23028 usbehci - ok 21:06:11.0975 23028 usbhub - ok 21:06:11.0979 23028 usbohci - ok 21:06:11.0982 23028 usbprint - ok 21:06:11.0985 23028 usbscan - ok 21:06:11.0989 23028 USBSTOR - ok 21:06:11.0992 23028 usbuhci - ok 21:06:11.0996 23028 usbvideo - ok 21:06:12.0003 23028 usb_rndisx - ok 21:06:12.0007 23028 UxSms - ok 21:06:12.0010 23028 VaultSvc - ok 21:06:12.0026 23028 vcsFPService - ok 21:06:12.0030 23028 vdrvroot - ok 21:06:12.0034 23028 vds - ok 21:06:12.0037 23028 vga - ok 21:06:12.0041 23028 VgaSave - ok 21:06:12.0045 23028 vhdmp - ok 21:06:12.0048 23028 viaide - ok 21:06:12.0051 23028 vmbus - ok 21:06:12.0056 23028 VMBusHID - ok 21:06:12.0059 23028 volmgr - ok 21:06:12.0064 23028 volmgrx - ok 21:06:12.0069 23028 volsnap - ok 21:06:12.0085 23028 vpcbus - ok 21:06:12.0088 23028 vpcnfltr - ok 21:06:12.0092 23028 vpcusb - ok 21:06:12.0095 23028 vpcvmm - ok 21:06:12.0099 23028 vsmraid - ok 21:06:12.0102 23028 VSS - ok 21:06:12.0106 23028 vwifibus - ok 21:06:12.0109 23028 vwififlt - ok 21:06:12.0123 23028 vwifimp - ok 21:06:12.0134 23028 W32Time - ok 21:06:12.0139 23028 WacomPen - ok 21:06:12.0143 23028 WANARP - ok 21:06:12.0147 23028 Wanarpv6 - ok 21:06:12.0150 23028 WatAdminSvc - ok 21:06:12.0153 23028 wbengine - ok 21:06:12.0157 23028 WbioSrvc - ok 21:06:12.0169 23028 WcesComm - ok 21:06:12.0173 23028 wcncsvc - ok 21:06:12.0176 23028 WcsPlugInService - ok 21:06:12.0179 23028 Wd - ok 21:06:12.0183 23028 Wdf01000 - ok 21:06:12.0186 23028 WdiServiceHost - ok 21:06:12.0190 23028 WdiSystemHost - ok 21:06:12.0193 23028 WebClient - ok 21:06:12.0197 23028 Wecsvc - ok 21:06:12.0200 23028 wercplsupport - ok 21:06:12.0203 23028 WerSvc - ok 21:06:12.0207 23028 WfpLwf - ok 21:06:12.0211 23028 WIMMount - ok 21:06:12.0214 23028 WinDefend - ok 21:06:12.0219 23028 WinHttpAutoProxySvc - ok 21:06:12.0223 23028 Winmgmt - ok 21:06:12.0226 23028 WinRM - ok 21:06:12.0233 23028 WinUSB - ok 21:06:12.0236 23028 Wlansvc - ok 21:06:12.0240 23028 wlidsvc - ok 21:06:12.0244 23028 WmiAcpi - ok 21:06:12.0249 23028 wmiApSrv - ok 21:06:12.0253 23028 WMPNetworkSvc - ok 21:06:12.0257 23028 WPCSvc - ok 21:06:12.0260 23028 WPDBusEnum - ok 21:06:12.0264 23028 ws2ifsl - ok 21:06:12.0267 23028 wscsvc - ok 21:06:12.0270 23028 WSearch - ok 21:06:12.0275 23028 wuauserv - ok 21:06:12.0279 23028 WudfPf - ok 21:06:12.0298 23028 WUDFRd - ok 21:06:12.0301 23028 wudfsvc - ok 21:06:12.0305 23028 WwanSvc - ok 21:06:12.0329 23028 ================ Scan global =============================== 21:06:12.0330 23028 [Global] - ok 21:06:12.0331 23028 ================ Scan MBR ================================== 21:06:12.0338 23028 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:06:12.0746 23028 \Device\Harddisk0\DR0 - ok 21:06:12.0747 23028 ================ Scan VBR ================================== 21:06:12.0747 23028 ============================================================ 21:06:12.0747 23028 Scan finished 21:06:12.0747 23028 ============================================================ 21:06:12.0762 21128 Detected object count: 0 21:06:12.0762 21128 Actual detected object count: 0 21:07:18.0510 22264 ============================================================ 21:07:18.0510 22264 Scan started 21:07:18.0510 22264 Mode: Manual; SigCheck; TDLFS; 21:07:18.0510 22264 ============================================================ 21:07:18.0512 22264 ================ Scan system memory ======================== 21:07:18.0512 22264 System memory - ok 21:07:18.0512 22264 ================ Scan services ============================= 21:07:18.0527 22264 1394ohci - ok 21:07:18.0531 22264 Accelerometer - ok 21:07:18.0535 22264 ACDaemon - ok 21:07:18.0540 22264 ACPI - ok 21:07:18.0544 22264 AcpiPmi - ok 21:07:18.0549 22264 adfs - ok 21:07:18.0552 22264 AdobeARMservice - ok 21:07:18.0557 22264 AdobeFlashPlayerUpdateSvc - ok 21:07:18.0561 22264 adp94xx - ok 21:07:18.0565 22264 adpahci - ok 21:07:18.0568 22264 adpu320 - ok 21:07:18.0574 22264 AeLookupSvc - ok 21:07:18.0577 22264 AESTFilters - ok 21:07:18.0580 22264 Afc - ok 21:07:18.0583 22264 AFD - ok 21:07:18.0587 22264 AgereSoftModem - ok 21:07:18.0590 22264 agp440 - ok 21:07:18.0594 22264 ALG - ok 21:07:18.0597 22264 aliide - ok 21:07:18.0600 22264 AMD External Events Utility - ok 21:07:18.0604 22264 amdide - ok 21:07:18.0608 22264 AmdK8 - ok 21:07:18.0612 22264 amdkmdag - ok 21:07:18.0615 22264 amdkmdap - ok 21:07:18.0618 22264 AmdPPM - ok 21:07:18.0622 22264 amdsata - ok 21:07:18.0625 22264 amdsbs - ok 21:07:18.0628 22264 amdxata - ok 21:07:18.0632 22264 AppID - ok 21:07:18.0635 22264 AppIDSvc - ok 21:07:18.0638 22264 Appinfo - ok 21:07:18.0642 22264 AppMgmt - ok 21:07:18.0645 22264 arc - ok 21:07:18.0649 22264 arcsas - ok 21:07:18.0652 22264 ARCVCAM - ok 21:07:18.0656 22264 AsyncMac - ok 21:07:18.0659 22264 atapi - ok 21:07:18.0664 22264 AtiHdmiService - ok 21:07:18.0667 22264 AudioEndpointBuilder - ok 21:07:18.0670 22264 AudioSrv - ok 21:07:18.0674 22264 AxInstSV - ok 21:07:18.0677 22264 b06bdrv - ok 21:07:18.0680 22264 b57nd60a - ok 21:07:18.0685 22264 BBSvc - ok 21:07:18.0689 22264 BCM43XX - ok 21:07:18.0692 22264 BDESVC - ok 21:07:18.0695 22264 Beep - ok 21:07:18.0699 22264 BFE - ok 21:07:18.0702 22264 BHDrvx64 - ok 21:07:18.0706 22264 BITS - ok 21:07:18.0709 22264 blbdrive - ok 21:07:18.0713 22264 bowser - ok 21:07:18.0716 22264 BrFiltLo - ok 21:07:18.0720 22264 BrFiltUp - ok 21:07:18.0723 22264 BridgeMP - ok 21:07:18.0727 22264 Browser - ok 21:07:18.0730 22264 Brserid - ok 21:07:18.0733 22264 BrSerWdm - ok 21:07:18.0736 22264 BrUsbMdm - ok 21:07:18.0740 22264 BrUsbSer - ok 21:07:18.0743 22264 BthEnum - ok 21:07:18.0747 22264 BTHMODEM - ok 21:07:18.0750 22264 BthPan - ok 21:07:18.0753 22264 BTHPORT - ok 21:07:18.0757 22264 bthserv - ok 21:07:18.0760 22264 BTHUSB - ok 21:07:18.0764 22264 btwampfl - ok 21:07:18.0767 22264 btwaudio - ok 21:07:18.0770 22264 btwavdt - ok 21:07:18.0774 22264 btwdins - ok 21:07:18.0777 22264 btwl2cap - ok 21:07:18.0781 22264 btwrchid - ok 21:07:18.0784 22264 catchme - ok 21:07:18.0787 22264 ccSet_N360 - ok 21:07:18.0791 22264 cdfs - ok 21:07:18.0794 22264 cdrom - ok 21:07:18.0798 22264 CertPropSvc - ok 21:07:18.0801 22264 circlass - ok 21:07:18.0804 22264 CLFS - ok 21:07:18.0808 22264 clr_optimization_v2.0.50727_32 - ok 21:07:18.0811 22264 clr_optimization_v2.0.50727_64 - ok 21:07:18.0815 22264 clr_optimization_v4.0.30319_32 - ok 21:07:18.0818 22264 clr_optimization_v4.0.30319_64 - ok 21:07:18.0822 22264 CmBatt - ok 21:07:18.0825 22264 cmdide - ok 21:07:18.0829 22264 CNG - ok 21:07:18.0833 22264 Compbatt - ok 21:07:18.0836 22264 CompositeBus - ok 21:07:18.0840 22264 COMSysApp - ok 21:07:18.0843 22264 crcdisk - ok 21:07:18.0848 22264 CryptSvc - ok 21:07:18.0851 22264 CSC - ok 21:07:18.0854 22264 CscService - ok 21:07:18.0859 22264 DcomLaunch - ok 21:07:18.0862 22264 defragsvc - ok 21:07:18.0866 22264 DfsC - ok 21:07:18.0869 22264 DgiVecp - ok 21:07:18.0872 22264 Dhcp - ok 21:07:18.0876 22264 discache - ok 21:07:18.0879 22264 Disk - ok 21:07:18.0882 22264 Dnscache - ok 21:07:18.0886 22264 dot3svc - ok 21:07:18.0889 22264 DPS - ok 21:07:18.0893 22264 drmkaud - ok 21:07:18.0896 22264 DXGKrnl - ok 21:07:18.0899 22264 EapHost - ok 21:07:18.0903 22264 ebdrv - ok 21:07:18.0906 22264 eeCtrl - ok 21:07:18.0910 22264 EFS - ok 21:07:18.0913 22264 ehRecvr - ok 21:07:18.0916 22264 ehSched - ok 21:07:18.0919 22264 elxstor - ok 21:07:18.0922 22264 EraserUtilRebootDrv - ok 21:07:18.0926 22264 ErrDev - ok 21:07:18.0934 22264 EventSystem - ok 21:07:18.0937 22264 exfat - ok 21:07:18.0940 22264 fastfat - ok 21:07:18.0944 22264 Fax - ok 21:07:18.0947 22264 fdc - ok 21:07:18.0950 22264 fdPHost - ok 21:07:18.0953 22264 FDResPub - ok 21:07:18.0957 22264 FileInfo - ok 21:07:18.0960 22264 Filetrace - ok 21:07:18.0963 22264 FLEXnet Licensing Service - ok 21:07:18.0967 22264 FLEXnet Licensing Service 64 - ok 21:07:18.0971 22264 flpydisk - ok 21:07:18.0974 22264 FltMgr - ok 21:07:18.0978 22264 FontCache - ok 21:07:18.0981 22264 FontCache3.0.0.0 - ok 21:07:18.0985 22264 FsDepends - ok 21:07:18.0988 22264 Fs_Rec - ok 21:07:18.0991 22264 fvevol - ok 21:07:18.0995 22264 gagp30kx - ok 21:07:18.0998 22264 gpsvc - ok 21:07:19.0001 22264 gupdate - ok 21:07:19.0005 22264 gupdatem - ok 21:07:19.0008 22264 gusvc - ok 21:07:19.0012 22264 hcw85cir - ok 21:07:19.0015 22264 HdAudAddService - ok 21:07:19.0019 22264 HDAudBus - ok 21:07:19.0022 22264 HECIx64 - ok 21:07:19.0026 22264 HidBatt - ok 21:07:19.0029 22264 HidBth - ok 21:07:19.0032 22264 HidIr - ok 21:07:19.0035 22264 hidserv - ok 21:07:19.0039 22264 HidUsb - ok 21:07:19.0043 22264 hkmsvc - ok 21:07:19.0046 22264 HomeGroupListener - ok 21:07:19.0049 22264 HomeGroupProvider - ok 21:07:19.0053 22264 HP Power Assistant Service - ok 21:07:19.0057 22264 HP Support Assistant Service - ok 21:07:19.0061 22264 HP Wireless Assistant Service - ok 21:07:19.0064 22264 HPDayStarterService - ok 21:07:19.0068 22264 HPDrvMntSvc.exe - ok 21:07:19.0071 22264 hpdskflt - ok 21:07:19.0075 22264 hpHotkeyMonitor - ok 21:07:19.0079 22264 HpqKbFiltr - ok 21:07:19.0082 22264 hpqwmiex - ok 21:07:19.0086 22264 HpSAMD - ok 21:07:19.0089 22264 hpsrv - ok 21:07:19.0092 22264 HTCAND64 - ok 21:07:19.0096 22264 htcnprot - ok 21:07:19.0099 22264 HTTP - ok 21:07:19.0102 22264 hwpolicy - ok 21:07:19.0106 22264 i8042prt - ok 21:07:19.0109 22264 iaStor - ok 21:07:19.0121 22264 IAStorDataMgrSvc - ok 21:07:19.0125 22264 iaStorV - ok 21:07:19.0129 22264 idsvc - ok 21:07:19.0132 22264 IDSVia64 - ok 21:07:19.0136 22264 iirsp - ok 21:07:19.0140 22264 IKEEXT - ok 21:07:19.0143 22264 Impcd - ok 21:07:19.0148 22264 intelide - ok 21:07:19.0151 22264 intelppm - ok 21:07:19.0155 22264 IPBusEnum - ok 21:07:19.0159 22264 IpFilterDriver - ok 21:07:19.0163 22264 iphlpsvc - ok 21:07:19.0166 22264 IPMIDRV - ok 21:07:19.0169 22264 IPNAT - ok 21:07:19.0172 22264 IRENUM - ok 21:07:19.0176 22264 isapnp - ok 21:07:19.0179 22264 iScsiPrt - ok 21:07:19.0182 22264 kbdclass - ok 21:07:19.0186 22264 kbdhid - ok 21:07:19.0189 22264 KeyIso - ok 21:07:19.0192 22264 KSecDD - ok 21:07:19.0196 22264 KSecPkg - ok 21:07:19.0199 22264 ksthunk - ok 21:07:19.0202 22264 KtmRm - ok 21:07:19.0205 22264 LanmanServer - ok 21:07:19.0209 22264 LanmanWorkstation - ok 21:07:19.0214 22264 LightScribeService - ok 21:07:19.0217 22264 lltdio - ok 21:07:19.0221 22264 lltdsvc - ok 21:07:19.0224 22264 lmhosts - ok 21:07:19.0228 22264 LMS - ok 21:07:19.0233 22264 LSI_FC - ok 21:07:19.0236 22264 LSI_SAS - ok 21:07:19.0240 22264 LSI_SAS2 - ok 21:07:19.0243 22264 LSI_SCSI - ok 21:07:19.0246 22264 luafv - ok 21:07:19.0249 22264 MBAMProtector - ok 21:07:19.0253 22264 MBAMScheduler - ok 21:07:19.0256 22264 MBAMService - ok 21:07:19.0261 22264 Mcx2Svc - ok 21:07:19.0264 22264 megasas - ok 21:07:19.0267 22264 MegaSR - ok 21:07:19.0271 22264 MMCSS - ok 21:07:19.0274 22264 Modem - ok 21:07:19.0277 22264 monitor - ok 21:07:19.0281 22264 mouclass - ok 21:07:19.0284 22264 mouhid - ok 21:07:19.0287 22264 mountmgr - ok 21:07:19.0291 22264 MozillaMaintenance - ok 21:07:19.0295 22264 mpio - ok 21:07:19.0298 22264 mpsdrv - ok 21:07:19.0301 22264 MpsSvc - ok 21:07:19.0305 22264 MRxDAV - ok 21:07:19.0308 22264 mrxsmb - ok 21:07:19.0311 22264 mrxsmb10 - ok 21:07:19.0315 22264 mrxsmb20 - ok 21:07:19.0318 22264 msahci - ok 21:07:19.0321 22264 msdsm - ok 21:07:19.0325 22264 MSDTC - ok 21:07:19.0331 22264 Msfs - ok 21:07:19.0334 22264 mshidkmdf - ok 21:07:19.0338 22264 msisadrv - ok 21:07:19.0341 22264 MSiSCSI - ok 21:07:19.0345 22264 msiserver - ok 21:07:19.0348 22264 MSKSSRV - ok 21:07:19.0351 22264 MSPCLOCK - ok 21:07:19.0354 22264 MSPQM - ok 21:07:19.0358 22264 MsRPC - ok 21:07:19.0363 22264 mssmbios - ok 21:07:19.0366 22264 MSTEE - ok 21:07:19.0369 22264 MTConfig - ok 21:07:19.0373 22264 Mup - ok 21:07:19.0376 22264 N360 - ok 21:07:19.0380 22264 napagent - ok 21:07:19.0383 22264 NativeWifiP - ok 21:07:19.0387 22264 NAVENG - ok 21:07:19.0390 22264 NAVEX15 - ok 21:07:19.0394 22264 NDIS - ok 21:07:19.0397 22264 NdisCap - ok 21:07:19.0401 22264 NdisTapi - ok 21:07:19.0404 22264 Ndisuio - ok 21:07:19.0408 22264 NdisWan - ok 21:07:19.0411 22264 NDProxy - ok 21:07:19.0414 22264 NetBIOS - ok 21:07:19.0418 22264 NetBT - ok 21:07:19.0421 22264 Netlogon - ok 21:07:19.0424 22264 Netman - ok 21:07:19.0428 22264 netprofm - ok 21:07:19.0431 22264 NetTcpPortSharing - ok 21:07:19.0435 22264 nfrd960 - ok 21:07:19.0438 22264 NlaSvc - ok 21:07:19.0441 22264 Npfs - ok 21:07:19.0445 22264 nsi - ok 21:07:19.0448 22264 nsiproxy - ok 21:07:19.0452 22264 Ntfs - ok 21:07:19.0456 22264 Null - ok 21:07:19.0459 22264 nvraid - ok 21:07:19.0463 22264 nvstor - ok 21:07:19.0466 22264 nv_agp - ok 21:07:19.0469 22264 ohci1394 - ok 21:07:19.0472 22264 ose - ok 21:07:19.0476 22264 osppsvc - ok 21:07:19.0482 22264 p2pimsvc - ok 21:07:19.0485 22264 p2psvc - ok 21:07:19.0488 22264 Parport - ok 21:07:19.0492 22264 partmgr - ok 21:07:19.0496 22264 PassThru Service - ok 21:07:19.0500 22264 PcaSvc - ok 21:07:19.0503 22264 pci - ok 21:07:19.0507 22264 pciide - ok 21:07:19.0510 22264 pcmcia - ok 21:07:19.0513 22264 PCToolsFixToolInjDrv - ok 21:07:19.0517 22264 pcw - ok 21:07:19.0520 22264 PEAUTH - ok 21:07:19.0524 22264 PeerDistSvc - ok 21:07:19.0529 22264 PerfHost - ok 21:07:19.0536 22264 pla - ok 21:07:19.0539 22264 PlugPlay - ok 21:07:19.0543 22264 PNRPAutoReg - ok 21:07:19.0546 22264 PNRPsvc - ok 21:07:19.0550 22264 PolicyAgent - ok 21:07:19.0555 22264 Power - ok 21:07:19.0558 22264 PptpMiniport - ok 21:07:19.0561 22264 Processor - ok 21:07:19.0565 22264 ProfSvc - ok 21:07:19.0568 22264 ProtectedStorage - ok 21:07:19.0571 22264 Psched - ok 21:07:19.0575 22264 PSI_SVC_2 - ok 21:07:19.0579 22264 ql2300 - ok 21:07:19.0582 22264 ql40xx - ok 21:07:19.0585 22264 QWAVE - ok 21:07:19.0589 22264 QWAVEdrv - ok 21:07:19.0593 22264 RapiMgr - ok 21:07:19.0596 22264 RasAcd - ok 21:07:19.0600 22264 RasAgileVpn - ok 21:07:19.0604 22264 RasAuto - ok 21:07:19.0607 22264 Rasl2tp - ok 21:07:19.0610 22264 RasMan - ok 21:07:19.0614 22264 RasPppoe - ok 21:07:19.0617 22264 RasSstp - ok 21:07:19.0621 22264 rdbss - ok 21:07:19.0625 22264 rdpbus - ok 21:07:19.0628 22264 RDPCDD - ok 21:07:19.0633 22264 RDPDR - ok 21:07:19.0636 22264 RDPENCDD - ok 21:07:19.0642 22264 RDPREFMP - ok 21:07:19.0645 22264 RDPWD - ok 21:07:19.0648 22264 rdyboost - ok 21:07:19.0652 22264 RemoteAccess - ok 21:07:19.0655 22264 RemoteRegistry - ok 21:07:19.0658 22264 RFCOMM - ok 21:07:19.0661 22264 RpcEptMapper - ok 21:07:19.0665 22264 RpcLocator - ok 21:07:19.0668 22264 RpcSs - ok 21:07:19.0671 22264 rspndr - ok 21:07:19.0675 22264 RSUSBSTOR - ok 21:07:19.0678 22264 RTL8167 - ok 21:07:19.0681 22264 s3cap - ok 21:07:19.0685 22264 SamSs - ok 21:07:19.0688 22264 sbp2port - ok 21:07:19.0692 22264 SCardSvr - ok 21:07:19.0696 22264 scfilter - ok 21:07:19.0699 22264 Schedule - ok 21:07:19.0702 22264 SCPolicySvc - ok 21:07:19.0706 22264 sdbus - ok 21:07:19.0709 22264 SDRSVC - ok 21:07:19.0712 22264 SeaPort - ok 21:07:19.0716 22264 secdrv - ok 21:07:19.0719 22264 seclogon - ok 21:07:19.0723 22264 SENS - ok 21:07:19.0726 22264 SensrSvc - ok 21:07:19.0729 22264 Serenum - ok 21:07:19.0733 22264 Serial - ok 21:07:19.0736 22264 sermouse - ok 21:07:19.0744 22264 SessionEnv - ok 21:07:19.0747 22264 sffdisk - ok 21:07:19.0751 22264 sffp_mmc - ok 21:07:19.0754 22264 sffp_sd - ok 21:07:19.0758 22264 sfloppy - ok 21:07:19.0762 22264 SharedAccess - ok 21:07:19.0765 22264 ShellHWDetection - ok 21:07:19.0768 22264 SiSRaid2 - ok 21:07:19.0771 22264 SiSRaid4 - ok 21:07:19.0775 22264 SkypeUpdate - ok 21:07:19.0779 22264 Smb - ok 21:07:19.0785 22264 SNMPTRAP - ok 21:07:19.0788 22264 SNP2UVC - ok 21:07:19.0792 22264 spldr - ok 21:07:19.0795 22264 Spooler - ok 21:07:19.0798 22264 sppsvc - ok 21:07:19.0804 22264 sppuinotify - ok 21:07:19.0808 22264 SRTSP - ok 21:07:19.0812 22264 SRTSPX - ok 21:07:19.0815 22264 srv - ok 21:07:19.0818 22264 srv2 - ok 21:07:19.0822 22264 srvnet - ok 21:07:19.0825 22264 SSDPSRV - ok 21:07:19.0829 22264 SSPORT - ok 21:07:19.0832 22264 SstpSvc - ok 21:07:19.0836 22264 STacSV - ok 21:07:19.0839 22264 stexstor - ok 21:07:19.0843 22264 STHDA - ok 21:07:19.0846 22264 StillCam - ok 21:07:19.0849 22264 stisvc - ok 21:07:19.0853 22264 storflt - ok 21:07:19.0856 22264 StorSvc - ok 21:07:19.0860 22264 storvsc - ok 21:07:19.0863 22264 swenum - ok 21:07:19.0866 22264 swprv - ok 21:07:19.0869 22264 SymDS - ok 21:07:19.0874 22264 SymEFA - ok 21:07:19.0877 22264 SymEvent - ok 21:07:19.0881 22264 SymIM - ok 21:07:19.0884 22264 SymIRON - ok 21:07:19.0887 22264 SymNetS - ok 21:07:19.0893 22264 SysMain - ok 21:07:19.0896 22264 TabletInputService - ok 21:07:19.0899 22264 TapiSrv - ok 21:07:19.0902 22264 TBS - ok 21:07:19.0906 22264 Tcpip - ok 21:07:19.0909 22264 TCPIP6 - ok 21:07:19.0914 22264 tcpipreg - ok 21:07:19.0919 22264 TDPIPE - ok 21:07:19.0922 22264 TDTCP - ok 21:07:19.0926 22264 tdx - ok 21:07:19.0929 22264 TeamViewer8 - ok 21:07:19.0933 22264 TermDD - ok 21:07:19.0936 22264 TermService - ok 21:07:19.0939 22264 TfFsMon - ok 21:07:19.0943 22264 TfNetMon - ok 21:07:19.0946 22264 TFSysMon - ok 21:07:19.0949 22264 Themes - ok 21:07:19.0953 22264 THREADORDER - ok 21:07:19.0956 22264 TPM - ok 21:07:19.0959 22264 TrkWks - ok 21:07:19.0962 22264 TrustedInstaller - ok 21:07:19.0967 22264 tssecsrv - ok 21:07:19.0970 22264 TsUsbFlt - ok 21:07:19.0974 22264 tunnel - ok 21:07:19.0977 22264 uagp35 - ok 21:07:19.0981 22264 uArcCapture - ok 21:07:19.0984 22264 udfs - ok 21:07:19.0991 22264 UI0Detect - ok 21:07:19.0995 22264 uliagpkx - ok 21:07:19.0998 22264 umbus - ok 21:07:20.0001 22264 UmPass - ok 21:07:20.0005 22264 UmRdpService - ok 21:07:20.0008 22264 UNS - ok 21:07:20.0012 22264 upnphost - ok 21:07:20.0015 22264 usbccgp - ok 21:07:20.0019 22264 usbcir - ok 21:07:20.0022 22264 usbehci - ok 21:07:20.0026 22264 usbhub - ok 21:07:20.0029 22264 usbohci - ok 21:07:20.0032 22264 usbprint - ok 21:07:20.0036 22264 usbscan - ok 21:07:20.0039 22264 USBSTOR - ok 21:07:20.0042 22264 usbuhci - ok 21:07:20.0046 22264 usbvideo - ok 21:07:20.0049 22264 usb_rndisx - ok 21:07:20.0053 22264 UxSms - ok 21:07:20.0056 22264 VaultSvc - ok 21:07:20.0060 22264 vcsFPService - ok 21:07:20.0063 22264 vdrvroot - ok 21:07:20.0066 22264 vds - ok 21:07:20.0069 22264 vga - ok 21:07:20.0072 22264 VgaSave - ok 21:07:20.0076 22264 vhdmp - ok 21:07:20.0079 22264 viaide - ok 21:07:20.0083 22264 vmbus - ok 21:07:20.0086 22264 VMBusHID - ok 21:07:20.0089 22264 volmgr - ok 21:07:20.0094 22264 volmgrx - ok 21:07:20.0097 22264 volsnap - ok 21:07:20.0100 22264 vpcbus - ok 21:07:20.0104 22264 vpcnfltr - ok 21:07:20.0108 22264 vpcusb - ok 21:07:20.0111 22264 vpcvmm - ok 21:07:20.0114 22264 vsmraid - ok 21:07:20.0117 22264 VSS - ok 21:07:20.0121 22264 vwifibus - ok 21:07:20.0124 22264 vwififlt - ok 21:07:20.0128 22264 vwifimp - ok 21:07:20.0132 22264 W32Time - ok 21:07:20.0137 22264 WacomPen - ok 21:07:20.0141 22264 WANARP - ok 21:07:20.0144 22264 Wanarpv6 - ok 21:07:20.0147 22264 WatAdminSvc - ok 21:07:20.0151 22264 wbengine - ok 21:07:20.0154 22264 WbioSrvc - ok 21:07:20.0158 22264 WcesComm - ok 21:07:20.0161 22264 wcncsvc - ok 21:07:20.0164 22264 WcsPlugInService - ok 21:07:20.0168 22264 Wd - ok 21:07:20.0171 22264 Wdf01000 - ok 21:07:20.0174 22264 WdiServiceHost - ok 21:07:20.0178 22264 WdiSystemHost - ok 21:07:20.0181 22264 WebClient - ok 21:07:20.0184 22264 Wecsvc - ok 21:07:20.0187 22264 wercplsupport - ok 21:07:20.0191 22264 WerSvc - ok 21:07:20.0195 22264 WfpLwf - ok 21:07:20.0198 22264 WIMMount - ok 21:07:20.0202 22264 WinDefend - ok 21:07:20.0208 22264 WinHttpAutoProxySvc - ok 21:07:20.0211 22264 Winmgmt - ok 21:07:20.0214 22264 WinRM - ok 21:07:20.0220 22264 WinUSB - ok 21:07:20.0224 22264 Wlansvc - ok 21:07:20.0227 22264 wlidsvc - ok 21:07:20.0231 22264 WmiAcpi - ok 21:07:20.0236 22264 wmiApSrv - ok 21:07:20.0239 22264 WMPNetworkSvc - ok 21:07:20.0243 22264 WPCSvc - ok 21:07:20.0246 22264 WPDBusEnum - ok 21:07:20.0250 22264 ws2ifsl - ok 21:07:20.0253 22264 wscsvc - ok 21:07:20.0256 22264 WSearch - ok 21:07:20.0262 22264 wuauserv - ok 21:07:20.0265 22264 WudfPf - ok 21:07:20.0268 22264 WUDFRd - ok 21:07:20.0271 22264 wudfsvc - ok 21:07:20.0275 22264 WwanSvc - ok 21:07:20.0287 22264 ================ Scan global =============================== 21:07:20.0289 22264 [Global] - ok 21:07:20.0291 22264 ================ Scan MBR ================================== 21:07:20.0327 22264 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:07:20.0768 22264 \Device\Harddisk0\DR0 - ok 21:07:20.0769 22264 ================ Scan VBR ================================== 21:07:20.0769 22264 ============================================================ 21:07:20.0769 22264 Scan finished 21:07:20.0769 22264 ============================================================ 21:07:20.0779 24372 Detected object count: 0 21:07:20.0779 24372 Actual detected object count: 0 |
07.04.2013, 21:47 | #15 |
/// Malwareteam / Visitor | Problem mit http://ad.adserverplus.com... Tdsskiller zeigt keine Probleme an. Ich nehme an da hat sich nichts geaendert in die situation? |
Themen zu Problem mit http://ad.adserverplus.com... |
administrator, anti-malware, appdata, autostart, bericht, browser, cache, dateien, explorer, fix, gelöscht, gen, helper, install.exe, jquery, klick, link, malwarebytes, microsoft, problem, programm, scan, software, speicher, test, uninstall.exe, werbefenster |