| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus nach Facebook-"Video"?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.04.2013, 14:20
| #1 |
 |  Virus nach Facebook-"Video"? Hallo, ich habe vor einigen Tagen dummerweise auf ein vermeintliches Video bei Facebook geklickt, woraufhin sich ein neuer Tab öffnete wo ich eine Datei hätte herunterladen sollen um das Video zu sehen. Ich habe den Tab dann direkt geschlossen und das Thema erstmal abgehakt. einige Tage später bekam ich eine Nachricht, dass ich 2 Pornovideos "geliked" hätte, was ich definitiv nicht getan habe. Ich konnte aber weder bei mir noch bei der Person die mir das mitgeteilt hat nochmal etwas dazu finden... Auf der Suche nach Hinweisen zu dem Thema habe ich eine Seite gefunden auf der steht, dass es sich um einen "Selbst-replizierenden Wurm" handelt. Da ich selber nicht allzuviel Ahnung von dem Thema habe, bin ich mir unsicher ob mein PC nun mit irgendetwas infiziert ist oder nicht. Ich hoffe hier kann mir jemand helfen. Avira Antivir findet nichts, Malewarebytes Anti-Maleware hat auch nichts beim kompletten Scan gefunden. Ad-Aware (habe ich nur für einen weiteren Scan installiert und außer bei dem Scan immer deaktiviert) hat bei einem Quick-Scan eine Sache gefunden, die ich dummerweise schon gelöscht habe und ich weiß nicht ob bzw. wo ich die log-files finden kann. Spybot hat jede Menge Funde gehabt, alle zwischen Klasse 1 und 5... Bei dem Scan mit GMER kamen folgende Fehlermeldungen: 1. C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird 2. C:\Users\***\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird Hier die log-files von OTL, Extras, gmer und Spybot: Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.04.2013 13:58:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 74,03% Memory free
15,92 Gb Paging File | 13,63 Gb Available in Paging File | 85,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,98 Gb Total Space | 39,87 Gb Free Space | 49,86% Space Free | Partition Type: NTFS
Drive D: | 851,31 Gb Total Space | 609,59 Gb Free Space | 71,61% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053D1ECA-16C4-4D85-9702-7E4C2E6AC167}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B2A680B-C5EC-43CC-85DC-6FF23595E105}" = lport=445 | protocol=6 | dir=in | app=system |
"{1D7AAE3B-3298-49BF-8092-175010B8203F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{25F6075E-6CF0-4348-9FFF-9E79FB183FB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{331E3BAB-03F7-4AB6-8979-A2EC5B4B70F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34E85162-7E62-4291-B6FA-90B40120E1F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{4A724997-D429-4FF2-8150-D1AA2E6C7967}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5174C8AB-CCFC-45F6-8F0C-E2DDE2EE7562}" = lport=137 | protocol=17 | dir=in | app=system |
"{606BA6DA-71B4-49F6-837E-B060D92D4218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60D7EF28-E601-415D-A340-F710C71D8A2B}" = rport=445 | protocol=6 | dir=out | app=system |
"{73CC2E96-B689-4BDC-A352-341AA2B4417C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{790F1CD0-46A2-439E-87BD-D249A60C3F5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79F8A380-5C69-49A5-A512-7D127FEE5093}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7C2BA455-F8D0-42B1-859B-530AEECA65AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99137CD1-AAF8-403F-A9F5-21DE2B1EB3F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A526CDA5-9975-4F2A-8141-E36A101C8369}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A881DEC4-BF96-4AB5-ADCB-1C557FEEF0B7}" = lport=138 | protocol=17 | dir=in | app=system |
"{A8E8E366-058C-42F3-8664-561201440831}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFDB7142-FE27-4E3D-A6DE-EA3B9857F616}" = rport=138 | protocol=17 | dir=out | app=system |
"{B10DC8E5-1E19-4AA9-95FB-F6DC31BC0063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC8B3877-DE17-4030-B75E-4D4F7BA27DBD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CD270723-4037-44D0-BCD6-9E13635DFD95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F254A677-B6C4-493D-BE02-76ECC55791C8}" = rport=137 | protocol=17 | dir=out | app=system |
"{F98495EA-978B-414C-8F39-B39D6AEB1E07}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03543A78-1844-4DB2-884E-E61B63628747}" = protocol=6 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe |
"{042ED58F-8A80-4EFA-897A-765EF33B192A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{05AED89E-ED3B-473A-83C4-2211FBA44AEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0AA1CA60-9CC2-41E7-8015-3B429133BDE5}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe |
"{111CE07C-7E3B-43AC-9229-68B478A481E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{13763ACD-07AB-47DB-AF24-79D7BF32280A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14450B91-2C51-406C-8141-E1C210DE7554}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E3F1706-6F9F-4731-8A84-0D7BEF0333B3}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe |
"{2672A338-5ACF-4DC7-B46C-270CE3AB8193}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2905AFAA-A4C6-4F91-A5AC-55841AE293AE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4007DF4D-F0FE-4952-BE38-34D3C8477368}" = protocol=6 | dir=in | app=d:\games\cod4 mw\iw3mp.exe |
"{468D3BB1-EDE5-4E86-A934-2A617EA82D80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F87F356-EC0B-433A-884C-6D8AF3A33A6F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{58B56E31-97A9-47E1-B592-37C8FC732AF2}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{61DA499B-918F-4AF7-B4AE-B9DE32904BB4}" = protocol=17 | dir=in | app=d:\games\street fighter iv\ssfiv.exe |
"{6A187ED3-A888-439B-B44A-9E4E76A1AF30}" = protocol=17 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe |
"{6E0A4E84-59EC-40E4-92F7-E493795BFF6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E122F83-70B3-4223-949C-0D69B6775166}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{720569FF-D6F1-48FD-9F7F-D3B3B3A6E829}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe |
"{72F56326-E1FE-4A1A-9F22-B9BAD18DF314}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FC0FDCC-3540-4F3B-A328-6E19E40E775F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{88567FB6-CDCA-4D8E-B86A-D5B304552723}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{8A04F809-2DE6-4AF7-B578-E5D55C5AC2F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{996491A3-ABD4-4708-A5B5-394113955E2A}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe |
"{A27A58D8-CEAE-4DC4-BB2D-E8293559D25E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A4699B08-3471-45A7-88BC-590D6DD82F60}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{A57D9C23-0DA1-48FA-90A8-19864BAC64C7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{ADA65890-5F0E-4042-BFFE-5F9B1A6A8878}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{AE7F76DA-369E-4769-851D-EC65DCEFE41D}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{AF2D453E-4190-4940-BB76-60013BF52C01}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B5051A1B-C957-4856-A820-CB1D110EDCF3}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe |
"{B67D4C3B-F8E4-4B17-94F7-B1BC5637E8E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B67FFFE8-EA25-413A-BE2D-F31B7DA9760A}" = protocol=6 | dir=in | app=d:\games\street fighter iv\ssfiv.exe |
"{BB8ADD7A-1DEE-49B7-899B-F255E921561C}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe |
"{BBAC2AFB-70A1-4E5F-9717-A5D015D31535}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1D7B709-7660-48AE-8319-38889D9FB003}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe |
"{C6096757-F656-4E16-A079-7D34A1F6074E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D04F6D4A-B679-4F86-9CAA-FC57B2574E12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7C3465F-A32D-4729-8ED4-ABA7BD3F5507}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{DA2594F0-B444-4749-B476-175EB4BD38D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC4E6DA9-BCA4-4060-AF42-8AE3A00BA27F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe |
"{DC686CAE-FE56-44C5-8262-36F60E761493}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{E59AA3BF-5656-4905-9224-35C975175372}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E78923F0-03F5-49B7-A92E-FA4A02798388}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFD2E393-8ADC-4C1C-945A-36DFF02079A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F49E385A-195F-4ABC-90FB-6394EAAAE309}" = protocol=17 | dir=in | app=d:\games\cod4 mw\iw3mp.exe |
"{F70042D6-99C3-49CD-80CE-0C12531B100C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FB547F36-260D-4F78-8C65-E56257CB545F}" = protocol=6 | dir=out | app=system |
"{FE40AFE4-BEAD-4E73-BADB-7B64A44AE3E8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{FF333F3C-BEC7-4B50-A613-FA0A44CCA871}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{6AE52F37-B7A9-494A-BA51-EF413B05870C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{7A8A84B8-B9A8-4727-AC4A-939DE9AE84B7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BB8B580B-8119-0235-C923-5F1EECE66561}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"{43430FA0-4A2E-404A-B715-951000048101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{43430FA0-4A2E-404A-B715-951000058101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{CA00F224-335F-6A70-DC7A-45D26F61C443}" = HydraVision
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2B086BD-75A9-45D1-A675-151624B259A1}" = Splashtop Connect for IE
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EF25F71D-F3E8-42A3-8B5A-DBF83C4B942F}" = Splashtop Connect for Firefox
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup" = DivX-Setup
"Free Video Converter_is1" = Free Video Converter V 3.1
"FreePDF_XP" = FreePDF (Remove only)
"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"PunkBusterSvc" = PunkBuster Services
"Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"XnView_is1" = XnView 1.99
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.03.2013 05:52:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.03.2013 06:17:11 | Computer Name = ***-PC | Source = VSS | ID = 12310
Description =
Error - 09.03.2013 06:17:11 | Computer Name = ***-PC | Source = VSS | ID = 12298
Description =
Error - 09.03.2013 10:44:59 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.03.2013 07:39:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.03.2013 16:24:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.03.2013 09:14:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.03.2013 13:04:40 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.03.2013 11:07:31 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.03.2013 13:11:41 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.03.2013 08:45:57 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.03.2013 17:15:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ Spybot - Search and Destroy Events ]
Error - 22.04.2013 12:36:10 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 08.01.2013 05:36:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.01.2013 06:56:45 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy9" den Befehl "chkdsk" aus.
Error - 08.01.2013 07:34:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.01.2013 07:34:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.01.2013 11:30:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.01.2013 11:30:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.01.2013 18:31:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 08.01.2013 18:31:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 09.01.2013 13:54:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 09.01.2013 13:54:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
[/CODE] OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.04.2013 14:17:05 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Trojaner-Board\OTL 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,99% Memory free 15,92 Gb Paging File | 13,61 Gb Available in Paging File | 85,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,98 Gb Total Space | 39,66 Gb Free Space | 49,59% Space Free | Partition Type: NTFS Drive D: | 851,31 Gb Total Space | 609,59 Gb Free Space | 71,61% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\Trojaner-Board\OTL\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startzentrale.de IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {66FF9F69-3418-44a7-AF2A-8B83B3D8EA29} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{66FF9F69-3418-44a7-AF2A-8B83B3D8EA29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKCU\..\SearchScopes\{70FEE180-EBE5-4fa3-B9FB-49E3D343B7FF}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKCU\..\SearchScopes\{7EE9917A-A530-4c18-B879-D95660327BEC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.startzentrale.de" FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: thumbnailZoom%40dadler.github.com:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012.07.28 22:56:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012.07.28 22:56:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.10 20:09:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.21 21:06:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 16:59:13 | 000,000,000 | ---D | M] [2012.07.28 23:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.21 21:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions [2013.04.21 21:05:52 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013.04.21 21:05:55 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013.03.22 18:44:48 | 000,161,094 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\extensions\thumbnailZoom@dadler.github.com.xpi [2013.04.14 23:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 16:59:12 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2012.08.10 20:09:04 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A24FCBEE-B986-47D8-8AD0-EBDD2C422BF8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.23 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner-Board [2013.04.21 21:25:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics [2013.04.21 21:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.04.21 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2013.04.21 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013.04.21 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013.04.21 21:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.04.21 21:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2013.04.21 21:06:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp [2013.04.21 21:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2013.04.21 21:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2013.04.21 21:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2013.04.21 21:04:07 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.04.21 21:04:07 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.21 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2013.04.21 20:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.04.21 20:54:44 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.04.21 20:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.04.19 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.12 16:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.07 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ [2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.01 22:31:20 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.01 22:31:20 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.01 22:31:20 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files - Modified Within 30 Days ========== [2013.04.23 13:57:02 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.23 13:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.23 13:52:11 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 13:52:11 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 13:49:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.23 13:49:35 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.23 13:49:35 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.23 13:49:35 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.23 13:49:35 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.23 13:45:07 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.04.23 13:44:38 | 2117,570,559 | -HS- | M] () -- C:\hiberfil.sys [2013.04.23 13:44:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.21 21:04:07 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.04.21 21:04:07 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.21 20:54:50 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.10 15:51:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 14:36:53 | 000,418,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.07 18:39:09 | 000,014,565 | ---- | M] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.01 22:31:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.01 22:31:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.01 22:31:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2013.04.23 13:57:02 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.21 21:06:22 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.04.21 20:54:50 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.04.21 20:54:50 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.07 18:39:09 | 000,014,565 | ---- | C] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf [2013.04.02 13:51:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.04 18:17:57 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2012.10.05 12:22:56 | 000,000,282 | ---- | C] () -- C:\Windows\game.ini [2012.09.28 19:17:46 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.09.28 19:17:45 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.09.28 19:17:45 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.08.25 17:28:43 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.08.25 17:28:43 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.08.12 19:43:53 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat [2012.08.07 15:34:52 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2012.07.28 23:04:22 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.07.28 22:55:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.07.28 17:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.28 17:50:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 17:50:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.07.28 17:50:32 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.21 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.09.08 11:34:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Advanced Chemistry Development [2013.01.04 18:46:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.08.02 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF [2012.12.13 16:55:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter [2012.07.29 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.08.01 14:29:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SEGA Corporation [2012.07.28 22:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Splashtop [2013.04.13 15:55:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.10.31 11:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM < End of report > [/CODE] gmer: Code:
ATTFilter GMER Logfile: Code:
ATTFilter [i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Processing: 130422-181356.xml
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Microsoft.Windows.Security.InternetExplorer
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\ iexplore.exe
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Macromedia.FlashPlayer.Cookies
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\cdn.flashtalking.com\ ftLocalComms.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\core.mochibot.com\ com.mochibot.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\doug1izaerwt3.cloudfront.net\ fa3e9c783cb6bec308806b37b0c2d78f26f4de4d.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\ia.media-imdb.com\ IMDBTEST.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\images-na.ssl-images-amazon.com\ mercury.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\imagesrv.adition.com\ movad.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\members.bet365.com\ FCE.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ com.mochiads.lock.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ com.mochiads.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ mochiLCStatus.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ services.mochiads.com.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ __coinsEventLC__.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ __ms_1353002146639_77109.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ __ms_1353002146639_77109_fromgame.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochibot.com\ com.mochibot.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\play.flashx.tv\ analytics.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\s.ytimg.com\ soundData.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\s.ytimg.com\ videostats.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server11.stream2k.com\ com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server22.stream2k.com\ com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server25.stream2k.com\ com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server29.stream2k.com\ com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server44.stream2k.com\ com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server6.stream2k.com\ com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.afcdn.com\ analytics.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\streamcloud.eu\ com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ analytics.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ pa411.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ SpilGames_hot_pursuit_city_UserData.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ WAG_DogfightAces_Campaign.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ WAG_DogfightAces_Defence.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ WAG_DogfightAces_Main.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.naiadexports.com\ naiad.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www8.agame.com\ com.spilgames.settings.1.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\yesload.net\ com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\js.adscale.de\adscale-playlist.swf\ ADSCALE_VOLUME.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##12B5C53856D2479D\ 00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##1BB569B201A2417E\ 00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##4109631858BF8467\ 00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##4BADABEB8E8C69D1\ 00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##5AB2FEA9FC7F8419\ 00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##8ABE9FD535F69C17\ 00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##D8042BAA605AE25F\ 00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##F3593E2E0230D607\ 00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\skype.com\#ui\ preferences.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.putlocker.com\video_player.swf\ org.flowplayer.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.sockshare.com\video_player.swf\ org.flowplayer.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\a.affil.io\s\af.swf\ afstorage.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\back7.keycaptcha.com\js\keycaptcha-logo\ kcv_uid.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\dex.ct-ads.com\cdn\storage.swf\ cta.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\heias.com\x\heias_sc.swf\ heias.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\icq.com\IrCQNet\chat2009.swf\ chat_pref.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\olympia.ard.de\flash\OSMFPlayer.swf\ HDCore.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\play.flashx.tv\player\flowplayer.commercial-3.2.7.swf\ org.flowplayer.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\stat.ed.cupidplc.com\images\ed2.swf\ srfp_28.sol
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: MediaPlex
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***) Cookie:***@mediaplex.com/ ()
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***) Cookie:***@apmebf.com/ ()
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .apmebf.com/ (S)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .mediaplex.com/ (svid)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .apmebf.com/ (TT)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .emjcd.com/ (S)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .apmebf.com/ (LCLK)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .emjcd.com/ (LCLK)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .emjcd.com/ (TT)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .emjcd.com/ (PBLP)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .mediaplex.com/ (mojo1)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .mediaplex.com/ (mojo3)
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: FastClick
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***) Cookie:***@fastclick.net/ ()
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .fastclick.net/ (pluto)
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: DoubleClick
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .doubleclick.net/ (id)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .googleads.g.doubleclick.net/ (ebNewBandWidth_.googleads.g.doubleclick.net)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .doubleclick.net/ (_drt_)
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Zedo
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (ZEDOIDA)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (PCA1395102)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (PI)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (FFMCap)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (FFgeo)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (ZEDOIDX)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (FFcat)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (FFad)
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Tradedoubler
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (TradeDoublerGUID)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (TD_EH_0)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (TD_POOL)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (TD_UNIQUE_IMP)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (TD_PIC)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (BT)
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Statcounter
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .statcounter.com/ (is_unique)
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: BurstMedia
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .burstnet.com/ (BI75128)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .www.burstnet.com/ (56Q8)
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Adviva
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .adviva.net/ (ug)
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: CasaleMedia
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMD2)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (C7M5)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMID)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMPS)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMPP)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMRUM2)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMST)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMDD)
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: WebTrends live
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) statse.webtrendslive.com/ (ACOOKIE)
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Log
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\ ntbtlog.txt
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\ Directx.log
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\ setupact.log
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\ DtcInstall.log
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\ ntbtlog.txt
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\ Directx.log
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\ setupact.log
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\ DtcInstall.log
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: 7-Zip
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\7-ZIP\FM\ FolderHistory
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\7-ZIP\FM\ PanelPath0
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Internet Explorer
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Internet Explorer\TypedURLs
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: MS Management Console
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Microsoft Management Console\Recent File List
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: MS Media Player
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\MediaPlayer\Player\Settings\ Client ID
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: MS Direct3D
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: MS DirectDraw
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ Name
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: MS DirectInput
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\DirectInput\MostRecentApplication\ Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\DirectInput\MostRecentApplication\ Id
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: MS Paint
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Windows.OpenWith
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Windows Explorer
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Windows Media SDK
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\ ComputerName
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\ UniqueID
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\ VolumeSerialNumber
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Cookie
[i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***) Cookies
[i] 2013-04-22 18:36:09 Already cleaned: Firefox (*** (default)) Cookies
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Cache
[i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***) Cache
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Product: Verlauf
[i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***) History
[i] 2013-04-22 18:36:09 :
[i] 2013-04-22 18:36:09 Summary:
[i] 2013-04-22 18:36:09 Errors while cleaning: 0
[i] 2013-04-22 18:36:09 Files moved into quarantine: 4
[i] 2013-04-22 18:36:09 Files successfully cleaned: 133
[+] 2013-04-22 18:36:10 : Gratulation, alles (aus Datei 130422-181356.xml) wurde gelöscht.
Geändert von zwn (23.04.2013 um 14:32 Uhr) |
|
24.04.2013, 12:44
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus nach Facebook-"Video"? Hallo und
__________________ Zitat:
Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender? Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.04.2013, 13:50
| #3 |
| | Virus nach Facebook-"Video"? Hallo und danke für eine erste schnelle Antwort!
__________________Die Professional-Edition habe ich, weil sie mir von der Uni kostenlos zur Verfügung gestellt wird. Ich habe wie gesagt auch mit Ad-Aware gescannt, wobei bei dem Quick-Scan direkt nach/bei der Installation ein Fund gemeldet wurde, allerdings finde ich dazu keine Logs... Ich hatte auch ein zweites mal mit Spybot gescannt, aber auch davon kann ich den Log nicht finden. Dabei waren es glaube ich 12 Funde... Ansonsten sind Avira und Malewarebytes nie fündig geworden. Bei Avira gab es ein paar mal die Meldung das das Update Fehlgeschlagen ist. Macht es bei Malewarebytes einen Unterschied ob ich das mit einem Doppelklick öffne oder mit Rechtsklick und "Als Administrator"? Ich hatte zwischendurch mal 2 Tage oder so öfter mal einen "Skriptfehler", kann aber leider nicht mehr sagen was für einen und er ist auch nie mehr aufgetaucht... |
|
24.04.2013, 13:55
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach Facebook-"Video"? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.04.2013, 14:46
| #5 |
| | Virus nach Facebook-"Video"? So ich habe alle Schritte befolgt. Bei dem Scan mit MBAR wurde nichts gefunden, folglich konnte ich auch keinen "CleanUp" Button klicken, habe aber trotzdem einen Neustart durchgeführt. Bei dem Scan mit aswMBR habe ich nach dem Download der Definitionen die Internetverbindung während des Scans getrennt, da ja die Anti-Viren Programme deaktivert sein sollen. Und ich hoffe das "Quick Scan" die richtige Einstellung war. Hier die Ergebnisse: MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.24.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]
24.04.2013 15:13:43
mbar-log-2013-04-24 (15-13-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 9179
Time elapsed: 4 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-24 15:22:38
-----------------------------
15:22:38.721 OS Version: Windows x64 6.1.7601 Service Pack 1
15:22:38.721 Number of processors: 4 586 0x3A09
15:22:38.721 ComputerName: ***-PC UserName: ***
15:22:38.721 Initialze error 1
15:24:48.591 AVAST engine defs: 13042400
15:26:04.991 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:26:04.991 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
15:26:05.021 Disk 0 MBR read successfully
15:26:05.021 Disk 0 MBR scan
15:26:05.021 Disk 0 unknown MBR code
15:26:05.031 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
15:26:05.031 Disk 0 scanning C:\Windows\system32\drivers
15:26:05.041 Service scanning
15:26:06.251 Modules scanning
15:26:06.251 Disk 0 trace - called modules:
15:26:06.271 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:26:06.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007815060]
15:26:06.281 3 CLASSPNP.SYS[fffff88001d6843f] -> nt!IofCallDriver -> [0xfffffa80071c5db0]
15:26:06.281 5 ACPI.sys[fffff88000f627a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80071ca050]
15:26:06.291 AVAST engine scan C:\Windows
15:26:06.291 AVAST engine scan C:\Windows\system32
15:26:06.301 AVAST engine scan C:\Windows\system32\drivers
15:26:06.301 AVAST engine scan C:\Users\***
15:26:06.311 AVAST engine scan C:\ProgramData
15:26:06.311 Scan finished successfully
15:26:33.171 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
15:26:33.181 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 15:32:19.0502 6024 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:32:19.0502 6024 UEFI system
15:32:20.0110 6024 ============================================================
15:32:20.0110 6024 Current date / time: 2013/04/24 15:32:20.0110
15:32:20.0110 6024 SystemInfo:
15:32:20.0110 6024
15:32:20.0110 6024 OS Version: 6.1.7601 ServicePack: 1.0
15:32:20.0110 6024 Product type: Workstation
15:32:20.0110 6024 ComputerName: ***-PC
15:32:20.0110 6024 UserName: ***
15:32:20.0110 6024 Windows directory: C:\Windows
15:32:20.0110 6024 System windows directory: C:\Windows
15:32:20.0110 6024 Running under WOW64
15:32:20.0110 6024 Processor architecture: Intel x64
15:32:20.0110 6024 Number of processors: 4
15:32:20.0110 6024 Page size: 0x1000
15:32:20.0110 6024 Boot type: Normal boot
15:32:20.0110 6024 ============================================================
15:32:20.0485 6024 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:32:20.0500 6024 ============================================================
15:32:20.0500 6024 \Device\Harddisk0\DR0:
15:32:20.0500 6024 GPT partitions:
15:32:20.0500 6024 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {26927547-BBF4-4498-89D8-219C9C6CD535}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
15:32:20.0500 6024 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {2EB6D383-2EFE-4D21-869C-5EBBBABDE8C7}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
15:32:20.0500 6024 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7C37525D-5200-40DC-AF27-8B30545F5D90}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x9FF4000
15:32:20.0500 6024 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A159DD78-AF6A-4D4B-9CBD-44732B793EF7}, Name: Basic data partition, StartLBA 0xA066800, BlocksNum 0x6A69F800
15:32:20.0500 6024 MBR partitions:
15:32:20.0500 6024 ============================================================
15:32:20.0516 6024 C: <-> \Device\Harddisk0\DR0\Partition3
15:32:20.0547 6024 D: <-> \Device\Harddisk0\DR0\Partition4
15:32:20.0547 6024 ============================================================
15:32:20.0547 6024 Initialize success
15:32:20.0547 6024 ============================================================
15:32:39.0189 6076 ============================================================
15:32:39.0189 6076 Scan started
15:32:39.0189 6076 Mode: Manual; SigCheck; TDLFS;
15:32:39.0189 6076 ============================================================
15:32:39.0392 6076 ================ Scan system memory ========================
15:32:39.0392 6076 System memory - ok
15:32:39.0392 6076 ================ Scan services =============================
15:32:39.0501 6076 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:32:39.0595 6076 1394ohci - ok
15:32:39.0610 6076 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:32:39.0626 6076 ACPI - ok
15:32:39.0641 6076 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:32:39.0657 6076 AcpiPmi - ok
15:32:39.0751 6076 [ 9D90344179ED6A05959DE40FC934A022 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
15:32:39.0766 6076 Ad-Aware Service - ok
15:32:39.0844 6076 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:32:39.0875 6076 AdobeARMservice - ok
15:32:39.0969 6076 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:32:39.0985 6076 AdobeFlashPlayerUpdateSvc - ok
15:32:40.0000 6076 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:32:40.0016 6076 adp94xx - ok
15:32:40.0016 6076 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:32:40.0031 6076 adpahci - ok
15:32:40.0047 6076 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:32:40.0063 6076 adpu320 - ok
15:32:40.0078 6076 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:32:40.0094 6076 AeLookupSvc - ok
15:32:40.0141 6076 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:32:40.0172 6076 AFD - ok
15:32:40.0187 6076 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:32:40.0203 6076 agp440 - ok
15:32:40.0219 6076 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:32:40.0265 6076 ALG - ok
15:32:40.0281 6076 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:32:40.0281 6076 aliide - ok
15:32:40.0328 6076 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:32:40.0375 6076 AMD External Events Utility - ok
15:32:40.0390 6076 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:32:40.0406 6076 amdide - ok
15:32:40.0406 6076 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:32:40.0437 6076 AmdK8 - ok
15:32:40.0593 6076 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:32:40.0843 6076 amdkmdag - ok
15:32:40.0874 6076 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:32:40.0921 6076 amdkmdap - ok
15:32:40.0921 6076 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:32:40.0936 6076 AmdPPM - ok
15:32:40.0952 6076 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:32:40.0967 6076 amdsata - ok
15:32:40.0967 6076 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:32:40.0983 6076 amdsbs - ok
15:32:40.0999 6076 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:32:40.0999 6076 amdxata - ok
15:32:41.0061 6076 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:32:41.0077 6076 AntiVirSchedulerService - ok
15:32:41.0108 6076 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:32:41.0123 6076 AntiVirService - ok
15:32:41.0139 6076 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:32:41.0201 6076 AppID - ok
15:32:41.0233 6076 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:32:41.0279 6076 AppIDSvc - ok
15:32:41.0311 6076 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:32:41.0357 6076 Appinfo - ok
15:32:41.0389 6076 [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
15:32:41.0404 6076 AppleCharger - ok
15:32:41.0435 6076 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
15:32:41.0435 6076 AppleChargerSrv - ok
15:32:41.0451 6076 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:32:41.0482 6076 AppMgmt - ok
15:32:41.0482 6076 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:32:41.0498 6076 arc - ok
15:32:41.0498 6076 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:32:41.0513 6076 arcsas - ok
15:32:41.0529 6076 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:32:41.0545 6076 AsyncMac - ok
15:32:41.0576 6076 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:32:41.0576 6076 atapi - ok
15:32:41.0623 6076 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:32:41.0654 6076 AtiHDAudioService - ok
15:32:41.0685 6076 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:32:41.0763 6076 AudioEndpointBuilder - ok
15:32:41.0779 6076 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:32:41.0794 6076 AudioSrv - ok
15:32:41.0810 6076 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:32:41.0825 6076 avgntflt - ok
15:32:41.0857 6076 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:32:41.0872 6076 avipbb - ok
15:32:41.0903 6076 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:32:41.0919 6076 avkmgr - ok
15:32:41.0935 6076 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:32:41.0966 6076 AxInstSV - ok
15:32:41.0981 6076 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:32:42.0013 6076 b06bdrv - ok
15:32:42.0028 6076 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:32:42.0044 6076 b57nd60a - ok
15:32:42.0059 6076 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:32:42.0091 6076 BDESVC - ok
15:32:42.0106 6076 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:32:42.0137 6076 Beep - ok
15:32:42.0169 6076 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:32:42.0215 6076 BFE - ok
15:32:42.0231 6076 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:32:42.0278 6076 BITS - ok
15:32:42.0293 6076 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:32:42.0309 6076 blbdrive - ok
15:32:42.0325 6076 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:32:42.0325 6076 bowser - ok
15:32:42.0340 6076 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:32:42.0371 6076 BrFiltLo - ok
15:32:42.0371 6076 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:32:42.0371 6076 BrFiltUp - ok
15:32:42.0403 6076 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:32:42.0403 6076 Browser - ok
15:32:42.0418 6076 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:32:42.0449 6076 Brserid - ok
15:32:42.0449 6076 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:32:42.0465 6076 BrSerWdm - ok
15:32:42.0465 6076 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:32:42.0481 6076 BrUsbMdm - ok
15:32:42.0481 6076 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:32:42.0496 6076 BrUsbSer - ok
15:32:42.0496 6076 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:32:42.0527 6076 BTHMODEM - ok
15:32:42.0543 6076 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:32:42.0559 6076 bthserv - ok
15:32:42.0574 6076 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:32:42.0605 6076 cdfs - ok
15:32:42.0621 6076 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:32:42.0637 6076 cdrom - ok
15:32:42.0637 6076 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:32:42.0699 6076 CertPropSvc - ok
15:32:42.0699 6076 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:32:42.0715 6076 circlass - ok
15:32:42.0746 6076 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:32:42.0746 6076 CLFS - ok
15:32:42.0793 6076 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:42.0808 6076 clr_optimization_v2.0.50727_32 - ok
15:32:42.0839 6076 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:32:42.0855 6076 clr_optimization_v2.0.50727_64 - ok
15:32:42.0886 6076 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:32:42.0917 6076 clr_optimization_v4.0.30319_32 - ok
15:32:42.0933 6076 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:32:42.0949 6076 clr_optimization_v4.0.30319_64 - ok
15:32:42.0964 6076 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:32:42.0980 6076 CmBatt - ok
15:32:42.0995 6076 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:32:42.0995 6076 cmdide - ok
15:32:43.0011 6076 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:32:43.0042 6076 CNG - ok
15:32:43.0042 6076 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:32:43.0058 6076 Compbatt - ok
15:32:43.0073 6076 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:32:43.0105 6076 CompositeBus - ok
15:32:43.0105 6076 COMSysApp - ok
15:32:43.0120 6076 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:32:43.0120 6076 crcdisk - ok
15:32:43.0151 6076 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:32:43.0183 6076 CryptSvc - ok
15:32:43.0198 6076 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:32:43.0261 6076 CSC - ok
15:32:43.0276 6076 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:32:43.0307 6076 CscService - ok
15:32:43.0339 6076 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:32:43.0370 6076 DcomLaunch - ok
15:32:43.0385 6076 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:32:43.0417 6076 defragsvc - ok
15:32:43.0432 6076 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:32:43.0479 6076 DfsC - ok
15:32:43.0495 6076 DgiVecp - ok
15:32:43.0526 6076 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:32:43.0557 6076 Dhcp - ok
15:32:43.0557 6076 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:32:43.0604 6076 discache - ok
15:32:43.0604 6076 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:32:43.0619 6076 Disk - ok
15:32:43.0635 6076 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:32:43.0651 6076 dmvsc - ok
15:32:43.0682 6076 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:32:43.0713 6076 Dnscache - ok
15:32:43.0729 6076 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:32:43.0775 6076 dot3svc - ok
15:32:43.0791 6076 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:32:43.0822 6076 DPS - ok
15:32:43.0838 6076 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:32:43.0838 6076 drmkaud - ok
15:32:43.0869 6076 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:32:43.0885 6076 DXGKrnl - ok
15:32:43.0900 6076 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:32:43.0916 6076 EapHost - ok
15:32:43.0978 6076 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:32:44.0087 6076 ebdrv - ok
15:32:44.0119 6076 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:32:44.0134 6076 EFS - ok
15:32:44.0181 6076 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:32:44.0228 6076 ehRecvr - ok
15:32:44.0243 6076 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:32:44.0275 6076 ehSched - ok
15:32:44.0290 6076 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:32:44.0306 6076 elxstor - ok
15:32:44.0321 6076 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:32:44.0337 6076 ErrDev - ok
15:32:44.0368 6076 [ F4845B5EECA94D200F621BBAAF7946C1 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
15:32:44.0384 6076 EtronHub3 - ok
15:32:44.0415 6076 [ 4A5945B5CDCF8EC3F842AE8AAA146A1F ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
15:32:44.0446 6076 EtronXHCI - ok
15:32:44.0462 6076 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:32:44.0509 6076 EventSystem - ok
15:32:44.0524 6076 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:32:44.0555 6076 exfat - ok
15:32:44.0571 6076 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:32:44.0587 6076 fastfat - ok
15:32:44.0618 6076 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:32:44.0649 6076 Fax - ok
15:32:44.0665 6076 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:32:44.0665 6076 fdc - ok
15:32:44.0680 6076 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:32:44.0696 6076 fdPHost - ok
15:32:44.0711 6076 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:32:44.0727 6076 FDResPub - ok
15:32:44.0743 6076 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:32:44.0758 6076 FileInfo - ok
15:32:44.0758 6076 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:32:44.0789 6076 Filetrace - ok
15:32:44.0789 6076 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:32:44.0805 6076 flpydisk - ok
15:32:44.0805 6076 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:32:44.0821 6076 FltMgr - ok
15:32:44.0867 6076 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
15:32:44.0914 6076 FontCache - ok
15:32:44.0945 6076 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:32:44.0961 6076 FontCache3.0.0.0 - ok
15:32:44.0977 6076 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:32:44.0992 6076 FsDepends - ok
15:32:45.0008 6076 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:32:45.0023 6076 Fs_Rec - ok
15:32:45.0055 6076 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:32:45.0070 6076 fvevol - ok
15:32:45.0086 6076 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:32:45.0101 6076 gagp30kx - ok
15:32:45.0117 6076 gdrv - ok
15:32:45.0164 6076 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
15:32:45.0179 6076 gfibto - ok
15:32:45.0211 6076 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:32:45.0257 6076 gpsvc - ok
15:32:45.0289 6076 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
15:32:45.0304 6076 GVTDrv64 - ok
15:32:45.0304 6076 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:32:45.0335 6076 hcw85cir - ok
15:32:45.0367 6076 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:32:45.0398 6076 HdAudAddService - ok
15:32:45.0413 6076 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:32:45.0429 6076 HDAudBus - ok
15:32:45.0429 6076 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:32:45.0445 6076 HidBatt - ok
15:32:45.0460 6076 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:32:45.0476 6076 HidBth - ok
15:32:45.0491 6076 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:32:45.0507 6076 HidIr - ok
15:32:45.0523 6076 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:32:45.0538 6076 hidserv - ok
15:32:45.0554 6076 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:32:45.0569 6076 HidUsb - ok
15:32:45.0601 6076 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:32:45.0647 6076 hkmsvc - ok
15:32:45.0647 6076 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:32:45.0663 6076 HomeGroupListener - ok
15:32:45.0694 6076 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:32:45.0710 6076 HomeGroupProvider - ok
15:32:45.0725 6076 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:32:45.0725 6076 HpSAMD - ok
15:32:45.0757 6076 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:32:45.0788 6076 HTTP - ok
15:32:45.0803 6076 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:32:45.0803 6076 hwpolicy - ok
15:32:45.0819 6076 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:32:45.0835 6076 i8042prt - ok
15:32:45.0850 6076 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:32:45.0866 6076 iaStor - ok
15:32:45.0897 6076 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:32:45.0913 6076 IAStorDataMgrSvc - ok
15:32:45.0928 6076 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:32:45.0959 6076 iaStorV - ok
15:32:45.0991 6076 [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
15:32:46.0006 6076 ICCS ( UnsignedFile.Multi.Generic ) - warning
15:32:46.0006 6076 ICCS - detected UnsignedFile.Multi.Generic (1)
15:32:46.0069 6076 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:32:46.0100 6076 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:32:46.0100 6076 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:32:46.0131 6076 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:32:46.0162 6076 idsvc - ok
15:32:46.0193 6076 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:32:46.0193 6076 iirsp - ok
15:32:46.0225 6076 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:32:46.0271 6076 IKEEXT - ok
15:32:46.0303 6076 [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:32:46.0318 6076 Intel(R) Capability Licensing Service Interface - ok
15:32:46.0334 6076 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:32:46.0349 6076 intelide - ok
15:32:46.0349 6076 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:32:46.0381 6076 intelppm - ok
15:32:46.0396 6076 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:32:46.0427 6076 IPBusEnum - ok
15:32:46.0443 6076 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:32:46.0459 6076 IpFilterDriver - ok
15:32:46.0490 6076 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:32:46.0521 6076 iphlpsvc - ok
15:32:46.0537 6076 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:32:46.0552 6076 IPMIDRV - ok
15:32:46.0568 6076 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:32:46.0599 6076 IPNAT - ok
15:32:46.0615 6076 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:32:46.0630 6076 IRENUM - ok
15:32:46.0646 6076 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:32:46.0661 6076 isapnp - ok
15:32:46.0677 6076 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:32:46.0693 6076 iScsiPrt - ok
15:32:46.0708 6076 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
15:32:46.0708 6076 iusb3hcs - ok
15:32:46.0724 6076 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
15:32:46.0739 6076 iusb3hub - ok
15:32:46.0755 6076 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:32:46.0771 6076 iusb3xhc - ok
15:32:46.0802 6076 [ 166FC0B36842135BC2D3C32DF70ED0D6 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:32:46.0817 6076 jhi_service - ok
15:32:46.0833 6076 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:32:46.0833 6076 kbdclass - ok
15:32:46.0849 6076 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:32:46.0864 6076 kbdhid - ok
15:32:46.0880 6076 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:32:46.0895 6076 KeyIso - ok
15:32:46.0911 6076 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:32:46.0927 6076 KSecDD - ok
15:32:46.0927 6076 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:32:46.0942 6076 KSecPkg - ok
15:32:46.0942 6076 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:32:46.0973 6076 ksthunk - ok
15:32:46.0989 6076 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:32:47.0051 6076 KtmRm - ok
15:32:47.0067 6076 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:32:47.0067 6076 L1C - ok
15:32:47.0098 6076 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:32:47.0145 6076 LanmanServer - ok
15:32:47.0161 6076 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:32:47.0176 6076 LanmanWorkstation - ok
15:32:47.0208 6076 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:32:47.0254 6076 lltdio - ok
15:32:47.0254 6076 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:32:47.0286 6076 lltdsvc - ok
15:32:47.0301 6076 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:32:47.0332 6076 lmhosts - ok
15:32:47.0364 6076 [ C56E64BA70DC822B84D100A6F8D690D3 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:32:47.0379 6076 LMS - ok
15:32:47.0395 6076 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:32:47.0410 6076 LSI_FC - ok
15:32:47.0426 6076 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:32:47.0426 6076 LSI_SAS - ok
15:32:47.0442 6076 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:32:47.0442 6076 LSI_SAS2 - ok
15:32:47.0457 6076 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:32:47.0473 6076 LSI_SCSI - ok
15:32:47.0488 6076 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:32:47.0520 6076 luafv - ok
15:32:47.0535 6076 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:32:47.0551 6076 Mcx2Svc - ok
15:32:47.0566 6076 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:32:47.0566 6076 megasas - ok
15:32:47.0582 6076 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:32:47.0598 6076 MegaSR - ok
15:32:47.0598 6076 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:32:47.0613 6076 MEIx64 - ok
15:32:47.0613 6076 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:32:47.0660 6076 MMCSS - ok
15:32:47.0660 6076 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:32:47.0691 6076 Modem - ok
15:32:47.0691 6076 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:32:47.0707 6076 monitor - ok
15:32:47.0738 6076 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:32:47.0754 6076 mouclass - ok
15:32:47.0754 6076 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:32:47.0769 6076 mouhid - ok
15:32:47.0800 6076 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:32:47.0816 6076 mountmgr - ok
15:32:47.0863 6076 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:32:47.0878 6076 MozillaMaintenance - ok
15:32:47.0878 6076 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:32:47.0894 6076 mpio - ok
15:32:47.0910 6076 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:32:47.0956 6076 mpsdrv - ok
15:32:47.0972 6076 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:32:47.0988 6076 MpsSvc - ok
15:32:48.0003 6076 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:32:48.0019 6076 MRxDAV - ok
15:32:48.0066 6076 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:32:48.0081 6076 mrxsmb - ok
15:32:48.0097 6076 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:32:48.0112 6076 mrxsmb10 - ok
15:32:48.0144 6076 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:32:48.0159 6076 mrxsmb20 - ok
15:32:48.0159 6076 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:32:48.0175 6076 msahci - ok
15:32:48.0190 6076 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:32:48.0190 6076 msdsm - ok
15:32:48.0206 6076 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:32:48.0237 6076 MSDTC - ok
15:32:48.0253 6076 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:32:48.0284 6076 Msfs - ok
15:32:48.0315 6076 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:32:48.0331 6076 mshidkmdf - ok
15:32:48.0346 6076 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:32:48.0346 6076 msisadrv - ok
15:32:48.0378 6076 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:32:48.0393 6076 MSiSCSI - ok
15:32:48.0393 6076 msiserver - ok
15:32:48.0424 6076 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:32:48.0456 6076 MSKSSRV - ok
15:32:48.0471 6076 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:32:48.0502 6076 MSPCLOCK - ok
15:32:48.0502 6076 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:32:48.0534 6076 MSPQM - ok
15:32:48.0549 6076 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:32:48.0549 6076 MsRPC - ok
15:32:48.0565 6076 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:32:48.0565 6076 mssmbios - ok
15:32:48.0580 6076 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:32:48.0596 6076 MSTEE - ok
15:32:48.0612 6076 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:32:48.0627 6076 MTConfig - ok
15:32:48.0643 6076 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:32:48.0643 6076 Mup - ok
15:32:48.0674 6076 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:32:48.0705 6076 napagent - ok
15:32:48.0721 6076 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:32:48.0736 6076 NativeWifiP - ok
15:32:48.0783 6076 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:32:48.0846 6076 NDIS - ok
15:32:48.0846 6076 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:32:48.0877 6076 NdisCap - ok
15:32:48.0892 6076 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:32:48.0908 6076 NdisTapi - ok
15:32:48.0924 6076 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:32:48.0955 6076 Ndisuio - ok
15:32:48.0955 6076 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:32:48.0986 6076 NdisWan - ok
15:32:49.0002 6076 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:32:49.0017 6076 NDProxy - ok
15:32:49.0033 6076 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:32:49.0064 6076 NetBIOS - ok
15:32:49.0064 6076 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:32:49.0095 6076 NetBT - ok
15:32:49.0111 6076 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:32:49.0111 6076 Netlogon - ok
15:32:49.0142 6076 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:32:49.0189 6076 Netman - ok
15:32:49.0189 6076 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:32:49.0267 6076 netprofm - ok
15:32:49.0298 6076 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:49.0314 6076 NetTcpPortSharing - ok
15:32:49.0345 6076 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:32:49.0345 6076 nfrd960 - ok
15:32:49.0360 6076 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:32:49.0392 6076 NlaSvc - ok
15:32:49.0392 6076 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:32:49.0423 6076 Npfs - ok
15:32:49.0423 6076 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:32:49.0454 6076 nsi - ok
15:32:49.0454 6076 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:32:49.0485 6076 nsiproxy - ok
15:32:49.0516 6076 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:32:49.0563 6076 Ntfs - ok
15:32:49.0579 6076 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:32:49.0610 6076 Null - ok
15:32:49.0657 6076 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:32:49.0672 6076 nvraid - ok
15:32:49.0688 6076 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:32:49.0704 6076 nvstor - ok
15:32:49.0735 6076 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:32:49.0750 6076 nv_agp - ok
15:32:49.0766 6076 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:32:49.0782 6076 ohci1394 - ok
15:32:49.0828 6076 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:32:49.0860 6076 ose - ok
15:32:49.0953 6076 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:32:50.0062 6076 osppsvc - ok
15:32:50.0078 6076 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:32:50.0109 6076 p2pimsvc - ok
15:32:50.0125 6076 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:32:50.0140 6076 p2psvc - ok
15:32:50.0156 6076 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:32:50.0172 6076 Parport - ok
15:32:50.0218 6076 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:32:50.0218 6076 partmgr - ok
15:32:50.0250 6076 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:32:50.0265 6076 PcaSvc - ok
15:32:50.0281 6076 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:32:50.0296 6076 pci - ok
15:32:50.0312 6076 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:32:50.0328 6076 pciide - ok
15:32:50.0343 6076 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:32:50.0343 6076 pcmcia - ok
15:32:50.0359 6076 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:32:50.0374 6076 pcw - ok
15:32:50.0390 6076 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:32:50.0421 6076 PEAUTH - ok
15:32:50.0452 6076 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:32:50.0499 6076 PeerDistSvc - ok
15:32:50.0562 6076 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:32:50.0577 6076 PerfHost - ok
15:32:50.0624 6076 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:32:50.0686 6076 pla - ok
15:32:50.0718 6076 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:32:50.0749 6076 PlugPlay - ok
15:32:50.0764 6076 PnkBstrA - ok
15:32:50.0796 6076 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:32:50.0827 6076 PNRPAutoReg - ok
15:32:50.0842 6076 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:32:50.0858 6076 PNRPsvc - ok
15:32:50.0874 6076 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
15:32:50.0874 6076 Point64 - ok
15:32:50.0920 6076 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:32:50.0983 6076 PolicyAgent - ok
15:32:50.0983 6076 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:32:51.0014 6076 Power - ok
15:32:51.0061 6076 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:32:51.0076 6076 PptpMiniport - ok
15:32:51.0108 6076 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:32:51.0123 6076 Processor - ok
15:32:51.0154 6076 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:32:51.0186 6076 ProfSvc - ok
15:32:51.0186 6076 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:32:51.0201 6076 ProtectedStorage - ok
15:32:51.0217 6076 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:32:51.0248 6076 Psched - ok
15:32:51.0279 6076 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:32:51.0310 6076 ql2300 - ok
15:32:51.0310 6076 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:32:51.0326 6076 ql40xx - ok
15:32:51.0342 6076 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:32:51.0357 6076 QWAVE - ok
15:32:51.0373 6076 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:32:51.0373 6076 QWAVEdrv - ok
15:32:51.0388 6076 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:32:51.0404 6076 RasAcd - ok
15:32:51.0420 6076 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:32:51.0435 6076 RasAgileVpn - ok
15:32:51.0451 6076 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:32:51.0466 6076 RasAuto - ok
15:32:51.0482 6076 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:32:51.0513 6076 Rasl2tp - ok
15:32:51.0529 6076 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:32:51.0560 6076 RasMan - ok
15:32:51.0560 6076 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:32:51.0591 6076 RasPppoe - ok
15:32:51.0607 6076 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:32:51.0638 6076 RasSstp - ok
15:32:51.0654 6076 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:32:51.0685 6076 rdbss - ok
15:32:51.0700 6076 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:32:51.0700 6076 rdpbus - ok
15:32:51.0716 6076 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:32:51.0732 6076 RDPCDD - ok
15:32:51.0763 6076 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:32:51.0778 6076 RDPDR - ok
15:32:51.0794 6076 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:32:51.0810 6076 RDPENCDD - ok
15:32:51.0825 6076 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:32:51.0841 6076 RDPREFMP - ok
15:32:51.0872 6076 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:32:51.0903 6076 RDPWD - ok
15:32:51.0919 6076 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:32:51.0934 6076 rdyboost - ok
15:32:51.0950 6076 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:32:51.0981 6076 RemoteAccess - ok
15:32:51.0997 6076 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:32:52.0059 6076 RemoteRegistry - ok
15:32:52.0059 6076 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:32:52.0090 6076 RpcEptMapper - ok
15:32:52.0106 6076 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:32:52.0106 6076 RpcLocator - ok
15:32:52.0122 6076 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:32:52.0153 6076 RpcSs - ok
15:32:52.0168 6076 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:32:52.0184 6076 rspndr - ok
15:32:52.0200 6076 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:32:52.0200 6076 s3cap - ok
15:32:52.0215 6076 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:32:52.0215 6076 SamSs - ok
15:32:52.0309 6076 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
15:32:52.0402 6076 SBAMSvc - ok
15:32:52.0418 6076 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:32:52.0434 6076 sbp2port - ok
15:32:52.0434 6076 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:32:52.0465 6076 SCardSvr - ok
15:32:52.0512 6076 [ 8475E746EB72D04F1015E6F091F50E09 ] SCBackService C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
15:32:52.0543 6076 SCBackService - ok
15:32:52.0543 6076 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:32:52.0590 6076 scfilter - ok
15:32:52.0605 6076 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:32:52.0652 6076 Schedule - ok
15:32:52.0683 6076 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:32:52.0699 6076 SCPolicySvc - ok
15:32:52.0699 6076 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:32:52.0730 6076 SDRSVC - ok
15:32:52.0824 6076 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
15:32:52.0870 6076 SDScannerService - ok
15:32:52.0933 6076 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:32:52.0980 6076 SDUpdateService - ok
15:32:52.0995 6076 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:32:52.0995 6076 SDWSCService - ok
15:32:53.0026 6076 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:32:53.0073 6076 secdrv - ok
15:32:53.0089 6076 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:32:53.0104 6076 seclogon - ok
15:32:53.0120 6076 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:32:53.0151 6076 SENS - ok
15:32:53.0151 6076 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:32:53.0167 6076 SensrSvc - ok
15:32:53.0167 6076 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:32:53.0182 6076 Serenum - ok
15:32:53.0182 6076 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:32:53.0214 6076 Serial - ok
15:32:53.0214 6076 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:32:53.0229 6076 sermouse - ok
15:32:53.0245 6076 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:32:53.0276 6076 SessionEnv - ok
15:32:53.0276 6076 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:32:53.0292 6076 sffdisk - ok
15:32:53.0292 6076 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:32:53.0323 6076 sffp_mmc - ok
15:32:53.0323 6076 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:32:53.0338 6076 sffp_sd - ok
15:32:53.0338 6076 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:32:53.0338 6076 sfloppy - ok
15:32:53.0354 6076 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:32:53.0385 6076 SharedAccess - ok
15:32:53.0401 6076 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:32:53.0432 6076 ShellHWDetection - ok
15:32:53.0432 6076 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:32:53.0448 6076 SiSRaid2 - ok
15:32:53.0448 6076 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:32:53.0463 6076 SiSRaid4 - ok
15:32:53.0526 6076 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:32:53.0572 6076 SkypeUpdate - ok
15:32:53.0588 6076 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:32:53.0619 6076 Smb - ok
15:32:53.0635 6076 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:32:53.0635 6076 SNMPTRAP - ok
15:32:53.0650 6076 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:32:53.0650 6076 spldr - ok
15:32:53.0682 6076 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:32:53.0697 6076 Spooler - ok
15:32:53.0728 6076 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:32:53.0775 6076 sppsvc - ok
15:32:53.0791 6076 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:32:53.0806 6076 sppuinotify - ok
15:32:53.0838 6076 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:32:53.0853 6076 srv - ok
15:32:53.0853 6076 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:32:53.0884 6076 srv2 - ok
15:32:53.0916 6076 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:32:53.0931 6076 srvnet - ok
15:32:53.0947 6076 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:32:53.0978 6076 SSDPSRV - ok
15:32:53.0994 6076 SSPORT - ok
15:32:53.0994 6076 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:32:54.0025 6076 SstpSvc - ok
15:32:54.0072 6076 [ 1CFA4A1F3C7BB4C8F299E00428EB8677 ] SSUService C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
15:32:54.0087 6076 SSUService - ok
15:32:54.0103 6076 Steam Client Service - ok
15:32:54.0118 6076 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:32:54.0134 6076 stexstor - ok
15:32:54.0165 6076 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:32:54.0212 6076 stisvc - ok
15:32:54.0228 6076 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:32:54.0243 6076 storflt - ok
15:32:54.0243 6076 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:32:54.0259 6076 StorSvc - ok
15:32:54.0274 6076 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:32:54.0274 6076 storvsc - ok
15:32:54.0290 6076 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:32:54.0290 6076 swenum - ok
15:32:54.0306 6076 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:32:54.0337 6076 swprv - ok
15:32:54.0368 6076 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:32:54.0415 6076 SysMain - ok
15:32:54.0430 6076 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:32:54.0430 6076 TabletInputService - ok
15:32:54.0462 6076 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:32:54.0493 6076 TapiSrv - ok
15:32:54.0493 6076 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:32:54.0524 6076 TBS - ok
15:32:54.0555 6076 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:32:54.0618 6076 Tcpip - ok
15:32:54.0633 6076 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:32:54.0664 6076 TCPIP6 - ok
15:32:54.0680 6076 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:32:54.0696 6076 tcpipreg - ok
15:32:54.0711 6076 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:32:54.0727 6076 TDPIPE - ok
15:32:54.0742 6076 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:32:54.0758 6076 TDTCP - ok
15:32:54.0758 6076 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:32:54.0774 6076 tdx - ok
15:32:54.0805 6076 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:32:54.0805 6076 TermDD - ok
15:32:54.0820 6076 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:32:54.0852 6076 TermService - ok
15:32:54.0867 6076 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:32:54.0883 6076 Themes - ok
15:32:54.0914 6076 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:32:54.0930 6076 THREADORDER - ok
15:32:54.0930 6076 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:32:54.0961 6076 TrkWks - ok
15:32:54.0992 6076 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:32:55.0039 6076 TrustedInstaller - ok
15:32:55.0054 6076 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:32:55.0101 6076 tssecsrv - ok
15:32:55.0117 6076 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:32:55.0132 6076 TsUsbFlt - ok
15:32:55.0132 6076 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:32:55.0132 6076 TsUsbGD - ok
15:32:55.0148 6076 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:32:55.0210 6076 tunnel - ok
15:32:55.0226 6076 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:32:55.0226 6076 uagp35 - ok
15:32:55.0242 6076 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:32:55.0273 6076 udfs - ok
15:32:55.0288 6076 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:32:55.0304 6076 UI0Detect - ok
15:32:55.0320 6076 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:32:55.0335 6076 uliagpkx - ok
15:32:55.0351 6076 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:32:55.0351 6076 umbus - ok
15:32:55.0382 6076 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:32:55.0398 6076 UmPass - ok
15:32:55.0429 6076 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:32:55.0444 6076 UmRdpService - ok
15:32:55.0507 6076 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
15:32:55.0522 6076 UnlockerDriver5 - ok
15:32:55.0569 6076 [ 0F9E1BC7E2BEA1A4108EC9736CF0C2D9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:32:55.0585 6076 UNS - ok
15:32:55.0600 6076 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:32:55.0647 6076 upnphost - ok
15:32:55.0678 6076 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
15:32:55.0694 6076 usbccgp - ok
15:32:55.0710 6076 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:32:55.0741 6076 usbcir - ok
15:32:55.0756 6076 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:32:55.0772 6076 usbehci - ok
15:32:55.0788 6076 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:32:55.0819 6076 usbhub - ok
15:32:55.0850 6076 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:32:55.0866 6076 usbohci - ok
15:32:55.0881 6076 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:32:55.0912 6076 usbprint - ok
15:32:55.0944 6076 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:32:55.0959 6076 usbscan - ok
15:32:55.0990 6076 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:32:56.0022 6076 USBSTOR - ok
15:32:56.0022 6076 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:32:56.0053 6076 usbuhci - ok
15:32:56.0053 6076 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:32:56.0100 6076 UxSms - ok
15:32:56.0115 6076 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:32:56.0115 6076 VaultSvc - ok
15:32:56.0131 6076 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:32:56.0146 6076 vdrvroot - ok
15:32:56.0146 6076 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:32:56.0178 6076 vds - ok
15:32:56.0193 6076 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:32:56.0209 6076 vga - ok
15:32:56.0224 6076 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:32:56.0256 6076 VgaSave - ok
15:32:56.0287 6076 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:32:56.0287 6076 vhdmp - ok
15:32:56.0365 6076 [ E8AF45C4FE2457D003E1842806F38748 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:32:56.0412 6076 VIAHdAudAddService - ok
15:32:56.0427 6076 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:32:56.0443 6076 viaide - ok
15:32:56.0458 6076 [ 05D6657A9CCFD269D05D41BFFDCE9498 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
15:32:56.0474 6076 VIAKaraokeService - ok
15:32:56.0505 6076 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:32:56.0521 6076 vmbus - ok
15:32:56.0536 6076 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:32:56.0552 6076 VMBusHID - ok
15:32:56.0568 6076 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:32:56.0568 6076 volmgr - ok
15:32:56.0599 6076 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:32:56.0614 6076 volmgrx - ok
15:32:56.0630 6076 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:32:56.0630 6076 volsnap - ok
15:32:56.0646 6076 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:32:56.0661 6076 vsmraid - ok
15:32:56.0692 6076 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:32:56.0724 6076 VSS - ok
15:32:56.0739 6076 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:32:56.0755 6076 vwifibus - ok
15:32:56.0770 6076 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:32:56.0786 6076 W32Time - ok
15:32:56.0802 6076 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:32:56.0802 6076 WacomPen - ok
15:32:56.0833 6076 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:32:56.0864 6076 WANARP - ok
15:32:56.0880 6076 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:32:56.0895 6076 Wanarpv6 - ok
15:32:56.0926 6076 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:32:56.0973 6076 wbengine - ok
15:32:56.0973 6076 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:32:56.0989 6076 WbioSrvc - ok
15:32:57.0004 6076 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:32:57.0036 6076 wcncsvc - ok
15:32:57.0051 6076 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:32:57.0067 6076 WcsPlugInService - ok
15:32:57.0082 6076 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:32:57.0082 6076 Wd - ok
15:32:57.0114 6076 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:32:57.0176 6076 Wdf01000 - ok
15:32:57.0192 6076 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:32:57.0207 6076 WdiServiceHost - ok
15:32:57.0207 6076 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:32:57.0223 6076 WdiSystemHost - ok
15:32:57.0238 6076 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:32:57.0254 6076 WebClient - ok
15:32:57.0254 6076 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:32:57.0301 6076 Wecsvc - ok
15:32:57.0301 6076 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:32:57.0316 6076 wercplsupport - ok
15:32:57.0332 6076 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:32:57.0363 6076 WerSvc - ok
15:32:57.0363 6076 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:32:57.0379 6076 WfpLwf - ok
15:32:57.0394 6076 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:32:57.0394 6076 WIMMount - ok
15:32:57.0410 6076 WinDefend - ok
15:32:57.0410 6076 WinHttpAutoProxySvc - ok
15:32:57.0441 6076 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:32:57.0488 6076 Winmgmt - ok
15:32:57.0519 6076 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:32:57.0566 6076 WinRM - ok
15:32:57.0582 6076 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:32:57.0613 6076 Wlansvc - ok
15:32:57.0691 6076 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:32:57.0738 6076 wlidsvc - ok
15:32:57.0738 6076 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:32:57.0769 6076 WmiAcpi - ok
15:32:57.0769 6076 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:32:57.0800 6076 wmiApSrv - ok
15:32:57.0816 6076 WMPNetworkSvc - ok
15:32:57.0831 6076 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:32:57.0847 6076 WPCSvc - ok
15:32:57.0847 6076 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:32:57.0862 6076 WPDBusEnum - ok
15:32:57.0878 6076 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:32:57.0909 6076 ws2ifsl - ok
15:32:57.0909 6076 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:32:57.0925 6076 wscsvc - ok
15:32:57.0925 6076 WSearch - ok
15:32:57.0987 6076 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:32:58.0050 6076 wuauserv - ok
15:32:58.0081 6076 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:32:58.0096 6076 WudfPf - ok
15:32:58.0128 6076 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:32:58.0143 6076 WUDFRd - ok
15:32:58.0174 6076 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:32:58.0190 6076 wudfsvc - ok
15:32:58.0206 6076 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:32:58.0221 6076 WwanSvc - ok
15:32:58.0237 6076 ================ Scan global ===============================
15:32:58.0252 6076 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:32:58.0284 6076 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:32:58.0284 6076 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:32:58.0315 6076 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:32:58.0346 6076 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:32:58.0346 6076 [Global] - ok
15:32:58.0346 6076 ================ Scan MBR ==================================
15:32:58.0362 6076 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
15:32:58.0455 6076 \Device\Harddisk0\DR0 - ok
15:32:58.0455 6076 ================ Scan VBR ==================================
15:32:58.0455 6076 [ A649E871F768EFE980D4A2D1B9382860 ] \Device\Harddisk0\DR0\Partition1
15:32:58.0455 6076 \Device\Harddisk0\DR0\Partition1 - ok
15:32:58.0486 6076 [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
15:32:58.0486 6076 \Device\Harddisk0\DR0\Partition2 - ok
15:32:58.0502 6076 [ AD080B2420D8B5E74E76E942A93214B7 ] \Device\Harddisk0\DR0\Partition3
15:32:58.0502 6076 \Device\Harddisk0\DR0\Partition3 - ok
15:32:58.0502 6076 [ 15A6FF2C409481E588EBBFAEA840CB3D ] \Device\Harddisk0\DR0\Partition4
15:32:58.0518 6076 \Device\Harddisk0\DR0\Partition4 - ok
15:32:58.0518 6076 ============================================================
15:32:58.0518 6076 Scan finished
15:32:58.0518 6076 ============================================================
15:32:58.0518 5224 Detected object count: 2
15:32:58.0518 5224 Actual detected object count: 2
15:33:21.0481 5224 ICCS ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:21.0481 5224 ICCS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:21.0481 5224 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:21.0481 5224 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:37:29.0247 1444 Deinitialize success
|
|
24.04.2013, 14:52
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach Facebook-"Video"? Unauffällig... JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Virus nach Facebook-"Video"? |
|
24.04.2013, 15:28
| #7 |
| | Virus nach Facebook-"Video"? Was ist eigentlich mit den Funden von Spybot und den 2 Funden von TDSS-Killer? Kann ich die ruhigen Gewissens ignorieren? Habe auch die nächsten Schritte ausgeführt. Hier die Ergebnisse: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Professional x64
Ran by *** on 24.04.2013 at 16:01:26,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\splashtop"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\splashtop"
Successfully deleted: [Folder] "C:\Users\***\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\adawaretb"
Failed to delete: [Folder] "C:\Program Files (x86)\splashtop"
~~~ FireFox
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de"
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\minidumps [92 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.04.2013 at 16:03:19,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.202 - Datei am 24/04/2013 um 16:09:50 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\30wdt0hg.default\adawaretb
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\30wdt0hg.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2288 octets] - [24/04/2013 16:09:50]
########## EOF - C:\AdwCleaner[S1].txt - [2348 octets] ##########
Code:
ATTFilter OTL logfile created on: 24.04.2013 16:13:48 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 78,08% Memory free 15,92 Gb Paging File | 13,92 Gb Available in Paging File | 87,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,98 Gb Total Space | 39,43 Gb Free Space | 49,30% Space Free | Partition Type: NTFS Drive D: | 851,31 Gb Total Space | 609,55 Gb Free Space | 71,60% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startzentrale.de IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes\{66FF9F69-3418-44a7-AF2A-8B83B3D8EA29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes\{70FEE180-EBE5-4fa3-B9FB-49E3D343B7FF}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes\{7EE9917A-A530-4c18-B879-D95660327BEC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.startzentrale.de" FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: thumbnailZoom%40dadler.github.com:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.10 20:09:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.21 21:06:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 16:59:13 | 000,000,000 | ---D | M] [2012.07.28 23:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.24 16:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions [2013.03.22 18:44:48 | 000,161,094 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\extensions\thumbnailZoom@dadler.github.com.xpi [2013.04.24 16:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.10 20:09:04 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" File not found O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-2013973767-2700943792-3981858110-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A24FCBEE-B986-47D8-8AD0-EBDD2C422BF8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.24 16:12:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\adwcleaner [2013.04.24 16:11:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp [2013.04.24 16:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop [2013.04.24 16:01:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.24 16:01:14 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.24 16:00:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\JRT [2013.04.24 15:37:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TDSSKILLER [2013.04.24 15:27:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\aswMBR [2013.04.24 15:27:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2013.04.23 13:57:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.23 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner-Board [2013.04.21 21:25:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics [2013.04.21 21:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.04.21 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2013.04.21 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013.04.21 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013.04.21 21:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.04.21 21:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2013.04.21 21:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2013.04.21 21:04:07 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.04.21 21:04:07 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.21 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2013.04.21 20:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.04.21 20:54:44 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.04.21 20:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.04.19 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.12 16:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 07:56:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.10 07:56:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.10 07:56:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.10 07:56:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.10 07:56:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.10 07:56:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.10 07:56:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.10 07:56:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.10 07:56:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 07:56:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.10 07:56:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.10 07:56:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 07:56:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 07:56:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 07:56:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.10 07:56:20 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.10 07:56:20 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.10 07:56:20 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.10 07:56:20 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.10 07:56:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.10 07:56:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.10 07:54:47 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 07:54:47 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 07:54:47 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 07:54:47 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 07:54:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 07:54:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.07 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ [2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.01 22:31:20 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.01 22:31:20 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.01 22:31:20 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.27 14:54:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.27 14:54:19 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.27 14:54:19 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.26 13:59:12 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys ========== Files - Modified Within 30 Days ========== [2013.04.24 16:11:28 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.04.24 16:11:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.24 16:11:05 | 2117,570,559 | -HS- | M] () -- C:\hiberfil.sys [2013.04.24 15:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.24 15:24:09 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 15:24:09 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 15:22:49 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.24 15:22:49 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.24 15:22:49 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.24 15:22:49 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.24 15:22:49 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.23 17:01:02 | 000,057,712 | ---- | M] () -- C:\Users\***\Desktop\Scan.PDF [2013.04.23 13:57:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.23 13:57:02 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.21 21:04:07 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.04.21 21:04:07 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.21 20:54:50 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.12 16:09:13 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.12 16:09:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.10 15:51:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 14:36:53 | 000,418,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.07 18:39:09 | 000,014,565 | ---- | M] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.01 22:31:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.01 22:31:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.01 22:31:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.27 14:54:16 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.27 14:54:16 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll ========== Files Created - No Company Name ========== [2013.04.23 17:01:02 | 000,057,712 | ---- | C] () -- C:\Users\***\Desktop\Scan.PDF [2013.04.23 13:57:02 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.21 21:06:22 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.04.21 20:54:50 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.04.21 20:54:50 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.07 18:39:09 | 000,014,565 | ---- | C] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf [2013.04.02 13:51:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.04 18:17:57 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2012.10.05 12:22:56 | 000,000,282 | ---- | C] () -- C:\Windows\game.ini [2012.09.28 19:17:46 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.09.28 19:17:45 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.09.28 19:17:45 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.08.25 17:28:43 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.08.25 17:28:43 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.08.12 19:43:53 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat [2012.08.07 15:34:52 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2012.07.28 23:04:22 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.07.28 22:55:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.07.28 17:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.28 17:50:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 17:50:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.07.28 17:50:32 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.04.2013 16:13:48 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 78,08% Memory free
15,92 Gb Paging File | 13,92 Gb Available in Paging File | 87,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,98 Gb Total Space | 39,43 Gb Free Space | 49,30% Space Free | Partition Type: NTFS
Drive D: | 851,31 Gb Total Space | 609,55 Gb Free Space | 71,60% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053D1ECA-16C4-4D85-9702-7E4C2E6AC167}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B2A680B-C5EC-43CC-85DC-6FF23595E105}" = lport=445 | protocol=6 | dir=in | app=system |
"{1D7AAE3B-3298-49BF-8092-175010B8203F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{25F6075E-6CF0-4348-9FFF-9E79FB183FB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{331E3BAB-03F7-4AB6-8979-A2EC5B4B70F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34E85162-7E62-4291-B6FA-90B40120E1F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{4A724997-D429-4FF2-8150-D1AA2E6C7967}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5174C8AB-CCFC-45F6-8F0C-E2DDE2EE7562}" = lport=137 | protocol=17 | dir=in | app=system |
"{606BA6DA-71B4-49F6-837E-B060D92D4218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60D7EF28-E601-415D-A340-F710C71D8A2B}" = rport=445 | protocol=6 | dir=out | app=system |
"{73CC2E96-B689-4BDC-A352-341AA2B4417C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{790F1CD0-46A2-439E-87BD-D249A60C3F5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79F8A380-5C69-49A5-A512-7D127FEE5093}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7C2BA455-F8D0-42B1-859B-530AEECA65AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99137CD1-AAF8-403F-A9F5-21DE2B1EB3F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A526CDA5-9975-4F2A-8141-E36A101C8369}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A881DEC4-BF96-4AB5-ADCB-1C557FEEF0B7}" = lport=138 | protocol=17 | dir=in | app=system |
"{A8E8E366-058C-42F3-8664-561201440831}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFDB7142-FE27-4E3D-A6DE-EA3B9857F616}" = rport=138 | protocol=17 | dir=out | app=system |
"{B10DC8E5-1E19-4AA9-95FB-F6DC31BC0063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC8B3877-DE17-4030-B75E-4D4F7BA27DBD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CD270723-4037-44D0-BCD6-9E13635DFD95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F254A677-B6C4-493D-BE02-76ECC55791C8}" = rport=137 | protocol=17 | dir=out | app=system |
"{F98495EA-978B-414C-8F39-B39D6AEB1E07}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03543A78-1844-4DB2-884E-E61B63628747}" = protocol=6 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe |
"{042ED58F-8A80-4EFA-897A-765EF33B192A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{05AED89E-ED3B-473A-83C4-2211FBA44AEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0AA1CA60-9CC2-41E7-8015-3B429133BDE5}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe |
"{111CE07C-7E3B-43AC-9229-68B478A481E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{13763ACD-07AB-47DB-AF24-79D7BF32280A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14450B91-2C51-406C-8141-E1C210DE7554}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E3F1706-6F9F-4731-8A84-0D7BEF0333B3}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe |
"{2672A338-5ACF-4DC7-B46C-270CE3AB8193}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2905AFAA-A4C6-4F91-A5AC-55841AE293AE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4007DF4D-F0FE-4952-BE38-34D3C8477368}" = protocol=6 | dir=in | app=d:\games\cod4 mw\iw3mp.exe |
"{468D3BB1-EDE5-4E86-A934-2A617EA82D80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F87F356-EC0B-433A-884C-6D8AF3A33A6F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{58B56E31-97A9-47E1-B592-37C8FC732AF2}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{61DA499B-918F-4AF7-B4AE-B9DE32904BB4}" = protocol=17 | dir=in | app=d:\games\street fighter iv\ssfiv.exe |
"{6A187ED3-A888-439B-B44A-9E4E76A1AF30}" = protocol=17 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe |
"{6E0A4E84-59EC-40E4-92F7-E493795BFF6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E122F83-70B3-4223-949C-0D69B6775166}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{720569FF-D6F1-48FD-9F7F-D3B3B3A6E829}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe |
"{72F56326-E1FE-4A1A-9F22-B9BAD18DF314}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FC0FDCC-3540-4F3B-A328-6E19E40E775F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{88567FB6-CDCA-4D8E-B86A-D5B304552723}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{8A04F809-2DE6-4AF7-B578-E5D55C5AC2F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{996491A3-ABD4-4708-A5B5-394113955E2A}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe |
"{A27A58D8-CEAE-4DC4-BB2D-E8293559D25E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A4699B08-3471-45A7-88BC-590D6DD82F60}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{A57D9C23-0DA1-48FA-90A8-19864BAC64C7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{ADA65890-5F0E-4042-BFFE-5F9B1A6A8878}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{AE7F76DA-369E-4769-851D-EC65DCEFE41D}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{AF2D453E-4190-4940-BB76-60013BF52C01}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B5051A1B-C957-4856-A820-CB1D110EDCF3}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe |
"{B67D4C3B-F8E4-4B17-94F7-B1BC5637E8E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B67FFFE8-EA25-413A-BE2D-F31B7DA9760A}" = protocol=6 | dir=in | app=d:\games\street fighter iv\ssfiv.exe |
"{BB8ADD7A-1DEE-49B7-899B-F255E921561C}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe |
"{BBAC2AFB-70A1-4E5F-9717-A5D015D31535}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1D7B709-7660-48AE-8319-38889D9FB003}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe |
"{C6096757-F656-4E16-A079-7D34A1F6074E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D04F6D4A-B679-4F86-9CAA-FC57B2574E12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7C3465F-A32D-4729-8ED4-ABA7BD3F5507}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{DA2594F0-B444-4749-B476-175EB4BD38D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC4E6DA9-BCA4-4060-AF42-8AE3A00BA27F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe |
"{DC686CAE-FE56-44C5-8262-36F60E761493}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{E59AA3BF-5656-4905-9224-35C975175372}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E78923F0-03F5-49B7-A92E-FA4A02798388}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFD2E393-8ADC-4C1C-945A-36DFF02079A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F49E385A-195F-4ABC-90FB-6394EAAAE309}" = protocol=17 | dir=in | app=d:\games\cod4 mw\iw3mp.exe |
"{F70042D6-99C3-49CD-80CE-0C12531B100C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FB547F36-260D-4F78-8C65-E56257CB545F}" = protocol=6 | dir=out | app=system |
"{FE40AFE4-BEAD-4E73-BADB-7B64A44AE3E8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{FF333F3C-BEC7-4B50-A613-FA0A44CCA871}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{6AE52F37-B7A9-494A-BA51-EF413B05870C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{7A8A84B8-B9A8-4727-AC4A-939DE9AE84B7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BB8B580B-8119-0235-C923-5F1EECE66561}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"{43430FA0-4A2E-404A-B715-951000048101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{43430FA0-4A2E-404A-B715-951000058101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{CA00F224-335F-6A70-DC7A-45D26F61C443}" = HydraVision
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2B086BD-75A9-45D1-A675-151624B259A1}" = Splashtop Connect for IE
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EF25F71D-F3E8-42A3-8B5A-DBF83C4B942F}" = Splashtop Connect for Firefox
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup" = DivX-Setup
"Free Video Converter_is1" = Free Video Converter V 3.1
"FreePDF_XP" = FreePDF (Remove only)
"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"PunkBusterSvc" = PunkBuster Services
"Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"XnView_is1" = XnView 1.99
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.04.2013 10:11:20 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ Spybot - Search and Destroy Events ]
Error - 22.04.2013 12:36:10 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 24.04.2013 10:11:13 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 24.04.2013 10:11:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
|
|
24.04.2013, 15:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach Facebook-"Video"? Spybot kann man ignorieren => deinstallieren  Effektiv ist das Tool nicht und wir setzen das hier auch nicht ein Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.04.2013, 16:51
| #9 |
| | Virus nach Facebook-"Video"? Würdest du mir bitte (wenn möglich) erklären was es mit den 2 Funden von TDSS-Killer auf sich hat? Würde mich sehr freuen! Hier die Ergebnisse von den letzten Scans: Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.24.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 24.04.2013 16:46:30 mbam-log-2013-04-24 (16-46-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 214184 Laufzeit: 1 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f0109d86286a6345bd9b29566b251c08
# engine=13687
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-24 03:36:44
# local_time=2013-04-24 05:36:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 10774 232237494 3565 0
# compatibility_mode=5893 16776574 100 94 428639 118447654 0 0
# scanned=157546
# found=0
# cleaned=0
# scan_time=2669
|
|
24.04.2013, 20:46
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach Facebook-"Video"? Was gibt es da großartig zu erklären, naja der tdsskiller ist ein Spezialtool und kein Spielzeug, das Teil scant sehr aggressiv und zeigt dementsprechend auch öfter legitime Einträge als suspicious oder unknown oder unsigned (nicht signiert) an. Das ist ICCS: Code:
ATTFilter 15:32:46.0006 6076 ICCS - detected UnsignedFile.Multi.Generic (1)
15:32:46.0069 6076 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Code:
ATTFilter 15:32:46.0100 6076 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:32:46.0131 6076 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
 Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2013, 21:14
| #11 |
| | Virus nach Facebook-"Video"? Danke für die Erklärung! Jetzt wo dus sagst ist es einleuchtend... Ich habe bisher keine weiteren Scans gemacht und Probleme hatte ich ja nie, ich war nur unsicher ob ich mir was eingefangen habe (was evtl. Passwörter o.ä. ausspäht...) Kleine Aktualisierung: war gerade auf "wetter.com" und da kam dann folgenede Meldung: "Invalid Certificate" und ich konnte nur auf "OK" klicken... Die Tips werde ich befolgen. Sollte mir bei den nächsten Scans etwas auffallen oder gefunden werden, dann melde ich mich wieder. Die ganzen Programme kann ich dann einfach wieder deinstallieren bzw. löschen oder? Vielen, vielen Dank für die sehr schnelle Hilfe! Geändert von zwn (25.04.2013 um 21:27 Uhr) |
|
25.04.2013, 22:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach Facebook-"Video"? Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.05.2013, 09:36
| #13 |
| | Virus nach Facebook-"Video"? Hallo cosinus, ich fürchte ich benötige nochmal deine Hilfe: bei meinem letzten Scan mit Avira Antivir habe ich festgestellt, dass ich 43 Warnungen bekommen habe. Dummerweise weiß ich nicht wie ich damit umgehen soll, bzw. ob ich das ignorieren kann/darf/soll oder was ich sonst tun muss. Wäre echt super wenn du mir da nochmal helfen könntest! Da ich die log Datei nicht wie sonst mit in den Threat einfügen konnte (warum auch immer?) füge ich sie mal im Anhang an... |
|
09.05.2013, 17:41
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus nach Facebook-"Video"? Diese Warnungen sind normal, kannst du ignorieren. Manche Systemdateien sind exklusiv von Windows gesperrt, können dann weder von anderen Prozessen gelesen, geschrieben oder gelscht werden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.05.2013, 08:51
| #15 |
| | Virus nach Facebook-"Video"? OK. ich fand es nur etwas seltsam. Ich habe mal die älteren Scans angeguckt und soviele Warnungen kamen das erste mal am 21.04. In der Woche davor waren es 0 Warnungen... Vielen Dank nochmal! Geändert von zwn (10.05.2013 um 08:59 Uhr) |
|
| Themen zu Virus nach Facebook-"Video"? |
| 7-zip, ad-aware, antivir, autorun, bho, black, converter, error, excel, flash player, helper, install.exe, logfile, mozilla, ntdll.dll, prozess, registry, rundll, safer networking, scan, security, senden, software, super, svchost.exe, system, teamspeak, trojaner-board, usb, virus, windows, wurm |
Linear-Darstellung
