| |
| |||||||
Log-Analyse und Auswertung: Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.04.2013, 20:10
| #1 |
 |  Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? Hallo alle beisammen! Ich hoffe Ihr könnt mir weiterhelfen!!! All meine Probleme fingen an nachdem ich HotSpot Shield deInstalliert hatte... oder vllt ist es dann erst ausgebrochen. Zuerst war meine Internetverbindung deaktiviert/verstellt worden. Dann konnt ich nicht mehr Antivirus-Updates laden. durch ein bisschen rumexperimentieren habe ich die Internetverbindung wieder herstellen können aber es läuft nix mehr rund... also habe ich durch einen anderen pc nach der Ursache/Lösung gegooglet und bin auf euch gestossen. bin kein profi aber kenne mich (durch selber rumhantieren und fuchteln und etlichen pc-verschrottungen  ) a bissele aus!unternommen habe ich bisher nix da wie gesagt keine updates auf antivir mehr möglich sind. das einzige was ich runtergeladen habe NACHDEM ich die log-dateien erstellt habe, war das malware-programm (ergebnis ebenso anhängend) ccleaner habe ich auch laufen lassen (vor der log-erstellung). mein größtes ist nun eben dass ich schutzlos gegen viren bin. Danke im voraus. lg alopolo edit: ich bin mir nicht sicher ob ich während der log-dateien-erstellung sämtliche schutz-progr./software ausgeschaltet bekommen habe. und: was mach ich nun mit den für die log-dateien-zu-erstellenden programmen wie "defogger"? Geändert von alopolo (28.04.2013 um 20:28 Uhr) |
|
28.04.2013, 20:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
29.04.2013, 00:01
| #3 |
| | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? ok sorry! anbei die dateien richtig eingefügt und nein weitere funde habe ich leider nicht in gespeicherter form...
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:23 on 26/04/2013 (alopolo)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 26.04.2013 11:30:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alopolosmann\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,08% Memory free 6,22 Gb Paging File | 4,94 Gb Available in Paging File | 79,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 153,63 Gb Total Space | 24,48 Gb Free Space | 15,93% Space Free | Partition Type: NTFS Drive D: | 303,34 Gb Total Space | 272,28 Gb Free Space | 89,76% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 907,91 Gb Free Space | 97,47% Space Free | Partition Type: NTFS Computer Name: alopolo-PC | User Name: alopolo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.26 11:28:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alopolosmann\Desktop\OTL.exe PRC - [2013.04.26 11:19:03 | 000,050,477 | ---- | M] () -- C:\Users\alopolosmann\Desktop\Defogger.exe PRC - [2013.03.28 13:46:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 13:46:25 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.28 13:46:24 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.28 13:46:24 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.20 17:38:00 | 002,350,216 | ---- | M] (DVDVideoSoft Ltd.) -- C:\Programme\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe PRC - [2013.03.07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe PRC - [2012.08.09 10:16:35 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Programme\MyScrapNook_12\bar\1.bin\12barsvc.exe PRC - [2012.08.09 10:16:35 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Programme\MyScrapNook_12\bar\1.bin\12brmon.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () -- D:\Tobit ClipInc\Server\ClipInc-Server.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.16 10:52:30 | 000,668,424 | ---- | M] (Tobit.Software) -- D:\Tobit ClipInc\Player\ClipIncTray.exe PRC - [2008.12.18 14:21:16 | 000,341,264 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2008.09.19 11:44:20 | 000,113,664 | ---- | M] (Fujitsu Siemens Computers GmbH) -- C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe PRC - [2008.08.27 17:55:20 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.10.27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2005.08.22 10:10:54 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Ulead Systems\Ulead Photo Express 6\CalCheck.exe PRC - [2005.07.28 09:32:20 | 000,094,208 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe PRC - [1998.09.17 17:34:26 | 000,055,296 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe ========== Modules (No Company Name) ========== MOD - [2013.04.26 11:19:03 | 000,050,477 | ---- | M] () -- C:\Users\alopolosmann\Desktop\Defogger.exe MOD - [2013.03.20 17:42:54 | 000,235,144 | ---- | M] () -- C:\Programme\DVDVideoSoft\Free YouTube Download\DVDVideoSoft.Resources.dll MOD - [2013.03.20 17:42:22 | 000,032,768 | ---- | M] () -- C:\Programme\DVDVideoSoft\Free YouTube Download\de-DE\DVDVideoSoft.Resources.resources.dll MOD - [2013.03.07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll MOD - [2013.03.07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll MOD - [2013.03.07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll MOD - [2013.02.15 07:04:11 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll MOD - [2013.01.10 15:42:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll MOD - [2013.01.10 15:12:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013.01.10 15:12:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.10 15:12:31 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 15:12:18 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll MOD - [2013.01.10 15:11:25 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 15:11:11 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.21 23:10:36 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.09.09 22:21:10 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll MOD - [2009.05.27 17:20:18 | 000,187,904 | ---- | M] () -- D:\Tobit ClipInc\Player\ClipInc$.ger MOD - [2009.05.27 14:35:44 | 006,317,568 | ---- | M] () -- D:\Tobit ClipInc\Player\tobitclt.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2005.08.22 10:23:50 | 000,561,152 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead Photo Express 6\uviplA6.dll MOD - [2005.08.22 10:23:48 | 000,020,480 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead Photo Express 6\uvipl.dll MOD - [2005.08.22 10:11:06 | 000,019,968 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead Photo Express 6\Cpuinf32.dll MOD - [2005.07.28 09:32:10 | 000,028,672 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll MOD - [1998.11.30 19:34:06 | 000,075,264 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\U32MISC.DLL MOD - [1998.07.22 18:33:02 | 000,013,824 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\u32Spy.dll ========== Services (SafeList) ========== SRV - [2013.03.28 13:46:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 13:46:24 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.13 16:11:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.08.09 10:16:35 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Programme\MyScrapNook_12\bar\1.bin\12barsvc.exe -- (MyScrapNook_12Service) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () [Auto | Running] -- D:\Tobit ClipInc\Server\ClipInc-Server.exe -- (ClipInc001) SRV - [2008.12.18 14:21:16 | 000,341,264 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.10.27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.03.28 13:46:35 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.28 13:46:35 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.28 13:46:35 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2013.02.23 12:12:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.15 21:11:57 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.07.22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.07.08 03:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2007.05.09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.05.09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm045YYDE&ptb=0QJQ7T5LqZfaA4ON.cOf2w&ind=2010122100&ptnrS=GRxdm045YYDE&si=&n=77d00774&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727 IE - HKLM\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=109727&tt=120812_bandext_3212_5&babsrc=HP_ss&mntrId=884be055000000000000002185c6a2b0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=884B002185C6A2B0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - SOFTWARE\Classes\CLSID\{83821C2B-32A8-4DD7-B6D4-44309A78E668}\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - No CLSID value found IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=884B002185C6A2B0 IE - HKCU\..\SearchScopes\{29412ADE-2012-4FC3-8A93-286B55FB73F9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C63FFDB4-8162-4578-8254-7D0AB653552B&apn_sauid=FE4EEF3D-3A1A-489C-BB5C-638FBDACE1A3 IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm045YYDE&ptb=0QJQ7T5LqZfaA4ON.cOf2w&ind=2010122100&ptnrS=GRxdm045YYDE&si=&n=77d00774&psa=&st=sb&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=dEx9mwMsLAF9Yf_Li5YNUqqEsDM?q={searchTerms} IE - HKCU\..\SearchScopes\{D87887CC-08DA-431B-919B-2E509C9CC189}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.6.1.32 FF - prefs.js..extensions.enabledAddons: m3ffxtbr@mywebsearch.com:1.2 FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.32 FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1 FF - prefs.js..browser.startup.homepage: FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll (MindSpark) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.19 13:52:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.19 13:52:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12ffxtbr@MyScrapNook_12.com: C:\Program Files\MyScrapNook_12\bar\1.bin [2012.08.09 10:16:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 23:34:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.20 23:34:18 | 000,000,000 | ---D | M] [2009.01.21 20:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alopolo\AppData\Roaming\mozilla\Extensions [2013.04.25 09:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions [2010.12.21 07:25:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.19 07:47:48 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.07.05 23:30:36 | 000,000,000 | ---D | M] (Freeware.de) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2012.08.09 10:16:38 | 000,000,000 | ---D | M] (My Scrap Nook) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\12ffxtbr@MyScrapNook_12.com [2010.12.21 07:24:10 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\autopager@mozilla.org [2013.04.18 14:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\ffxtlbr@babylon.com [2012.08.12 12:49:20 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\ffxtlbr@claro.com [2011.03.19 07:47:46 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\finder@meingutscheincode.de [2012.12.20 12:05:44 | 000,002,627 | ---- | M] () -- C:\Users\alopolo\AppData\Roaming\mozilla\firefox\profiles\2zpm80sg.default\searchplugins\askcom.xml [2012.12.20 12:05:54 | 000,002,444 | ---- | M] () -- C:\Users\alopolo\AppData\Roaming\mozilla\firefox\profiles\2zpm80sg.default\searchplugins\babylon1.xml [2012.12.20 12:09:01 | 000,002,188 | ---- | M] () -- C:\Users\alopolo\AppData\Roaming\mozilla\firefox\profiles\2zpm80sg.default\searchplugins\BabylonMngr.xml [2013.04.18 14:43:05 | 000,001,294 | ---- | M] () -- C:\Users\alopolo\AppData\Roaming\mozilla\firefox\profiles\2zpm80sg.default\searchplugins\delta.xml [2009.01.21 20:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.20 12:09:01 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.18 14:42:58 | 000,006,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.12.20 12:09:01 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.12.20 12:09:01 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.12 12:46:08 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.20 12:09:01 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (Toolbar BHO) - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Programme\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark) O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Search Assistant BHO) - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Programme\MyScrapNook_12\bar\1.bin\12SrcAs.dll (MindSpark) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (My Scrap Nook) - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Programme\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark) O3 - HKCU\..\Toolbar\WebBrowser: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O3 - HKCU\..\Toolbar\WebBrowser: (My Scrap Nook) - {FE6F06FB-0FC0-4499-828F-EE48088F504F} - C:\Programme\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EnergySettings] C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [My Scrap Nook Search Scope Monitor] C:\Programme\MyScrapNook_12\bar\1.bin\12SrchMn.exe (MindSpark) O4 - HKLM..\Run: [MyScrapNook_12 Browser Plugin Loader] C:\Programme\MyScrapNook_12\bar\1.bin\12brmon.exe (VER_COMPANY_NAME) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Ulead AutoDetector] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Ulead Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 6\CalCheck.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [ClipIncSrvTray] D:\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [dvdstyler] File not found O4 - Startup: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Ïîèñê@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Ñëîâàðè@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6C9CDA8-C6B7-477D-9E42-8375C52BB421}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2f2d5955-cd24-11dd-b1f5-002185c6a2b0}\Shell\AutoRun\command - "" = K:\menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.18 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\alopolo\Local Settings [2013.04.18 14:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler [2013.04.18 14:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVDStyler [2013.04.17 14:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Users\alopolo\AppData\Roaming\DVDVideoSoft [2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.04.17 14:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.04.17 14:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.26 11:23:00 | 000,000,000 | ---- | M] () -- C:\Users\alopolo\defogger_reenable [2013.04.26 11:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.26 10:54:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 10:54:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 10:40:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_alopolo.job [2013.04.26 10:01:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2100976069-891764606-4081223034-1001UA.job [2013.04.26 07:01:36 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.26 07:01:36 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.26 07:01:36 | 000,126,486 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.26 07:01:36 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.26 06:54:52 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_alopolo.job [2013.04.26 06:54:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.26 06:54:10 | 3220,328,448 | -HS- | M] () -- C:\hiberfil.sys [2013.04.25 11:39:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_alopolo.job [2013.04.24 22:01:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2100976069-891764606-4081223034-1001Core.job [2013.04.18 23:46:38 | 000,001,038 | ---- | M] () -- C:\Users\alopolo\Desktop\DVDVideoSoft Free Studio.lnk [2013.04.18 23:46:37 | 000,002,058 | ---- | M] () -- C:\Users\alopolo\Desktop\Free MP4 Video Converter.lnk [2013.04.18 14:42:47 | 000,000,908 | ---- | M] () -- C:\Users\alopolo\Desktop\DVDStyler.lnk [2013.04.18 12:15:22 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2013.04.18 09:03:39 | 000,001,197 | ---- | M] () -- C:\Users\alopolo\Desktop\Free YouTube to DVD Converter.lnk [2013.04.18 09:03:39 | 000,001,106 | ---- | M] () -- C:\Users\alopolo\Desktop\Free DVD Video Burner.lnk [2013.04.17 14:29:11 | 000,001,101 | ---- | M] () -- C:\Users\alopolo\Desktop\Free YouTube Download.lnk [2013.04.12 12:49:06 | 000,789,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.28 13:46:35 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.28 13:46:35 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.28 13:46:35 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.26 11:23:00 | 000,000,000 | ---- | C] () -- C:\Users\alopolo\defogger_reenable [2013.04.18 23:46:37 | 000,002,058 | ---- | C] () -- C:\Users\alopolo\Desktop\Free MP4 Video Converter.lnk [2013.04.18 14:42:47 | 000,000,908 | ---- | C] () -- C:\Users\alopolo\Desktop\DVDStyler.lnk [2013.04.18 09:03:39 | 000,001,197 | ---- | C] () -- C:\Users\alopolo\Desktop\Free YouTube to DVD Converter.lnk [2013.04.18 09:01:08 | 000,001,106 | ---- | C] () -- C:\Users\alopolo\Desktop\Free DVD Video Burner.lnk [2013.04.17 14:29:12 | 000,001,038 | ---- | C] () -- C:\Users\alopolo\Desktop\DVDVideoSoft Free Studio.lnk [2013.04.17 14:29:11 | 000,001,101 | ---- | C] () -- C:\Users\alopolo\Desktop\Free YouTube Download.lnk [2012.08.20 14:36:16 | 000,001,235 | ---- | C] () -- C:\Users\alopolo\AppData\Local\recently-used.xbel [2009.12.30 14:59:13 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini [2009.11.15 21:18:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.03.08 15:36:56 | 000,000,680 | RHS- | C] () -- C:\Users\alopolo\ntuser.pol [2009.03.07 11:50:23 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.01.25 12:48:22 | 000,000,680 | ---- | C] () -- C:\Users\alopolo\AppData\Local\d3d9caps.dat [2008.12.21 20:02:48 | 000,012,800 | ---- | C] () -- C:\Users\alopolo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.12 12:46:24 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Babylon [2012.12.20 12:08:19 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\DesktopIconForAmazon [2009.03.04 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\digital publishing [2013.04.18 23:46:36 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\DVDVideoSoft [2011.12.16 20:50:21 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\elsterformular [2009.03.12 19:45:21 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Engelmann Media [2012.08.20 14:14:33 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\inkscape [2011.08.03 08:15:10 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\MAGIX [2012.08.17 02:59:40 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\MS-Buchhalter [2012.08.22 13:02:10 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\MusE [2012.08.12 12:45:54 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\OCS [2012.08.12 12:46:08 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Opera [2009.11.16 10:43:17 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Samsung [2009.03.13 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Serif [2012.12.20 12:35:13 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Systweak [2009.03.12 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Tobit ========== Purity Check ========== ========== Files - Unicode (All) ========== [2009.01.09 20:46:16 | 000,000,000 | ---D | M](C:\Users\alopolo\Documents\????? Mail.Ru ??????) -- C:\Users\alopolo\Documents\Файлы Mail.Ru Агента [2009.01.09 20:46:16 | 000,000,000 | ---D | C](C:\Users\alopolo\Documents\????? Mail.Ru ??????) -- C:\Users\alopolo\Documents\Файлы Mail.Ru Агента < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 11:30:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alopolosmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,08% Memory free
6,22 Gb Paging File | 4,94 Gb Available in Paging File | 79,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,63 Gb Total Space | 24,48 Gb Free Space | 15,93% Space Free | Partition Type: NTFS
Drive D: | 303,34 Gb Total Space | 272,28 Gb Free Space | 89,76% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 907,91 Gb Free Space | 97,47% Space Free | Partition Type: NTFS
Computer Name: alopolo-PC | User Name: alopolo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079FC0CC-D153-4A89-87EE-EDCAFBA3D83D}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{17436347-8224-4707-B059-310136E7CF38}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{5C2FDDCC-FCDE-4BB8-8844-E376CB7AE995}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5D7E5C46-EA15-4A58-A062-6F4ECF063674}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B8C64A64-088D-441C-87C2-1FD2527A1548}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BCF745C0-1C29-45AC-82D4-F4B6A15BE17E}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{D7D85808-E747-4F87-81D3-14E28DC69C45}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E304ED96-7E9F-41C6-BD44-F02FCE65053F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F651D9-AAA3-4874-A74B-999E523F0671}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2E4DC274-68B5-4703-AB89-D8A2740E69FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{325E52A9-72F2-45B3-97F3-2375704A0BF7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{52733A88-A04B-4B21-AD91-6DFD04FFD29F}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{8DC3C739-0B3C-4EE4-8100-F07A8F58FC51}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9868F1CF-0712-4F4D-8D6E-5FBDBBDA7DB8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9CD49C33-6C55-4F3A-A539-DAA9D9D21507}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A7FFE30C-7E9A-4E39-BBE8-59AAAEC7AF96}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A9EB14C7-7E68-4EF9-A51F-7A48E9117097}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE0001D3-221A-4852-BC78-EBA774B2071E}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{D21B1B05-C88D-4738-A7D3-99852993EC0B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E4C2BADF-ECAE-4298-9619-E9B6BCDD8CEB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{630F4783-5DE1-4318-A04A-A8B52C8796FD}C:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe |
"TCP Query User{F6A58D04-65DA-44DC-A2E1-04C024C73048}C:\program files\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"UDP Query User{E3A03FAA-814E-4E82-AA71-6A19B27B04A6}C:\program files\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"UDP Query User{E55D5BD9-EA44-4E94-ADA4-BDC97E20236F}C:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C4D233-4F03-4A5D-8EFE-C651D221146D}" = Serif Digital Scrapbook Artist
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9605D5C2-F545-40F2-B39A-0462E4CD3811}" = Windows Vista Demo Screen Saver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B00B1355-DD54-4314-90B1-161C6A7D3FD3}" = Serif PagePlus X2
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B6E9A977-C2C7-4CA0-0001-98605B7C7D3E}" = MyTube Recorder
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload-Software
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A716E5-6E7E-40F8-BB46-6FAEF98FB6FC}" = SystemDiagnostics
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0
"{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}" = Serif PhotoPlus X2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDStyler_is1" = DVDStyler v2.4.3
"ElsterFormular 11.5.0.4546" = ElsterFormular
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.2.6.320
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.23.320
"Freemake Audio Converter_is1" = Freemake Audio Converter Version 1.1.0
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"ifolor-OrderClient21" = ifolor Designer
"Inkscape" = Inkscape 0.48.3.1
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.3.351 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D)
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.76 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"MailRuSputnik" = Mail.Ru Спутник 2.0.1.54
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"Müller Foto" = Müller Foto
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"MyScrapNook_12bar Uninstall" = My Scrap Nook Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Ulead Photo Express 2.0 SE" = Ulead Photo Express 2.0 SE
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.01.2011 10:43:31 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.01.2011 00:55:27 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 00:55:27 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 00:56:39 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.01.2011 02:26:38 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 02:26:38 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 02:27:55 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.01.2011 06:53:55 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 06:53:55 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 06:54:47 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.04.2013 06:47:19 | Computer Name = alopolo-PC | Source = netbt | ID = 4300
Description = Der Treiber konnte nicht erstellt werden.
Error - 12.04.2013 16:21:22 | Computer Name = alopolo-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 14.04.2013 08:03:07 | Computer Name = alopolo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 14.04.2013 18:39:10 | Computer Name = alopolo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 15.04.2013 07:50:16 | Computer Name = alopolo-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "\\?...d8e-11dd-a313-806e6f6e6963}"
wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher
abgebrochen.
Error - 15.04.2013 07:50:33 | Computer Name = alopolo-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error - 15.04.2013 11:46:34 | Computer Name = alopolo-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 18.04.2013 15:17:06 | Computer Name = alopolo-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 25.04.2013 04:09:36 | Computer Name = alopolo-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "\\?...d8e-11dd-a313-806e6f6e6963}"
wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher
abgebrochen.
Error - 25.04.2013 04:09:48 | Computer Name = alopolo-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-27 18:24:10
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-07A7B0 rev.01.03B01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\alopolo\AppData\Local\Temp\uwlorpog.sys
---- System - GMER 2.1 ----
SSDT 8DECB5D6 ZwCreateSection
SSDT 8DECB5E0 ZwRequestWaitReplyPort
SSDT 8DECB5DB ZwSetContextThread
SSDT 8DECB5E5 ZwSetSecurityObject
SSDT 8DECB5EA ZwSystemDebugControl
SSDT 8DECB577 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!KeInsertQueue + 405 828BFA3C 4 Bytes [D6, B5, EC, 8D]
.text ntoskrnl.exe!KeInsertQueue + 729 828BFD60 4 Bytes [E0, B5, EC, 8D]
.text ntoskrnl.exe!KeInsertQueue + 75E 828BFD95 3 Bytes [B5, EC, 8D]
.text ntoskrnl.exe!KeInsertQueue + 7C1 828BFDF8 4 Bytes [E5, B5, EC, 8D]
.text ntoskrnl.exe!KeInsertQueue + 809 828BFE40 4 Bytes [EA, B5, EC, 8D]
.text ...
---- User code sections - GMER 2.1 ----
.text D:\Tobit ClipInc\Server\ClipInc-Server.exe[308] kernel32.dll!SetUnhandledExceptionFilter 75ECA8B5 5 Bytes JMP 0049F8A0 D:\Tobit ClipInc\Server\ClipInc-Server.exe
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!SetScrollRange 76DED185 5 Bytes JMP 10053D40 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!GetSysColorBrush 76DEE21C 5 Bytes JMP 100482E0 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!GetScrollInfo 76DEF073 7 Bytes JMP 10053C10 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!ShowScrollBar 76DEF8AE 5 Bytes JMP 10053D90 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!SetScrollInfo 76DF71D8 7 Bytes JMP 10053CC0 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!GetSysColor 76DF9BF6 5 Bytes JMP 100482A0 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!DrawFrameControl 76E0676D 7 Bytes JMP 100475B0 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!EnableScrollBar 76E0AF53 7 Bytes JMP 10053BD0 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!GetScrollPos 76E1337D 5 Bytes JMP 10053C50 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!GetScrollRange 76E134A5 5 Bytes JMP 10053C80 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!SetScrollPos 76E13602 5 Bytes JMP 10053D00 D:\Tobit ClipInc\Player\TOBITCLT.dll
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.04.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 alopolo :: alopolo-PC [Administrator] 28.04.2013 20:16:58 MBAM-log-2013-04-28 (20-28-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 231648 Laufzeit: 7 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\sysReserve.ini (Malware.Trace) -> Keine Aktion durchgeführt. (Ende) zur Info: ich seh grad da sind einige kyrilische Buchstaben mit drinne oder eben welche die dann aber durch ganz viele fragezeichen ersetzt wurden. wenn da probleme bestehen, versuch ich soweit es geht bei zu helfen. ist eine russische mmmh sowas wie icq... |
|
29.04.2013, 10:04
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.04.2013, 05:22
| #5 |
| | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? so da bin ich wieder... anbei die logs: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.29.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
alopolo :: alopolo-PC [administrator]
29.04.2013 12:36:50
mbar-log-2013-04-29 (12-36-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29659
Time elapsed: 9 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\ProgramData\sysReserve.ini (Malware.Trace) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.29.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
alopolo :: alopolo-PC [administrator]
29.04.2013 13:23:47
mbar-log-2013-04-29 (13-23-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29601
Time elapsed: 8 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 20:03:39
-----------------------------
20:03:39.141 OS Version: Windows 6.0.6002 Service Pack 2
20:03:39.141 Number of processors: 4 586 0x1707
20:03:39.141 ComputerName: alopolo-PC UserName: alopolo
20:03:40.186 Initialize success
20:06:31.544 AVAST engine defs: 13042900
20:07:30.310 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:07:30.310 Disk 0 Vendor: WDC_WD5000AAKS-07A7B0 01.03B01 Size: 476940MB BusType: 3
20:07:30.450 Disk 0 MBR read successfully
20:07:30.466 Disk 0 MBR scan
20:07:30.481 Disk 0 Windows VISTA default MBR code
20:07:30.497 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 2048
20:07:30.512 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 157313 MB offset 18434048
20:07:30.528 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 310625 MB offset 340611072
20:07:30.544 Disk 0 scanning sectors +976771120
20:07:30.606 Disk 0 scanning C:\Windows\system32\drivers
20:07:40.325 Service scanning
20:07:59.950 Modules scanning
20:08:04.645 Disk 0 trace - called modules:
20:08:04.661 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
20:08:04.676 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d29ac8]
20:08:04.676 3 CLASSPNP.SYS[8ac948b3] -> nt!IofCallDriver -> [0x854be4c0]
20:08:04.676 5 acpi.sys[8a6526bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x854be030]
20:08:07.890 AVAST engine scan C:\Windows
20:08:10.558 AVAST engine scan C:\Windows\system32
20:10:53.453 AVAST engine scan C:\Windows\system32\drivers
20:11:04.716 AVAST engine scan C:\Users\alopolo
20:12:53.448 AVAST engine scan C:\ProgramData
20:18:54.947 Scan finished successfully
20:27:20.465 Disk 0 MBR has been saved successfully to "C:\Users\alopolosmann\Desktop\MBR.dat"
20:27:20.480 The log file has been saved successfully to "C:\Users\alopolosmann\Desktop\aswMBR.txt"
Unter AV Scan: none: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-30 06:12:55
-----------------------------
06:12:55.624 OS Version: Windows 6.0.6002 Service Pack 2
06:12:55.624 Number of processors: 4 586 0x1707
06:12:55.624 ComputerName: alopolo-PC UserName: alopolo
06:12:56.498 Initialize success
06:13:11.817 AVAST engine defs: 13042900
06:13:23.377 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:13:23.377 Disk 0 Vendor: WDC_WD5000AAKS-07A7B0 01.03B01 Size: 476940MB BusType: 3
06:13:23.502 Disk 0 MBR read successfully
06:13:23.502 Disk 0 MBR scan
06:13:23.517 Disk 0 Windows VISTA default MBR code
06:13:23.533 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 2048
06:13:23.580 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 157313 MB offset 18434048
06:13:23.611 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 310625 MB offset 340611072
06:13:23.642 Disk 0 scanning sectors +976771120
06:13:23.751 Disk 0 scanning C:\Windows\system32\drivers
06:13:32.066 Service scanning
06:13:49.632 Modules scanning
06:13:53.563 Disk 0 trace - called modules:
06:13:53.578 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
06:13:53.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c9f780]
06:13:53.594 3 CLASSPNP.SYS[8ada98b3] -> nt!IofCallDriver -> [0x84a878c8]
06:13:53.594 5 acpi.sys[8a6536bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84a89b98]
06:13:53.594 Scan finished successfully
06:14:10.645 Disk 0 MBR has been saved successfully to "C:\Users\alopolosmann\Desktop\MBR.dat"
06:14:10.660 The log file has been saved successfully to "C:\Users\alopolosmann\Desktop\aswMBR_2.txt"
Code:
ATTFilter 06:03:19.0761 2088 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
06:03:19.0933 2088 ============================================================
06:03:19.0933 2088 Current date / time: 2013/04/30 06:03:19.0933
06:03:19.0933 2088 SystemInfo:
06:03:19.0933 2088
06:03:19.0933 2088 OS Version: 6.0.6002 ServicePack: 2.0
06:03:19.0933 2088 Product type: Workstation
06:03:19.0933 2088 ComputerName: alopolo-PC
06:03:19.0933 2088 UserName: alopolo
06:03:19.0933 2088 Windows directory: C:\Windows
06:03:19.0933 2088 System windows directory: C:\Windows
06:03:19.0933 2088 Processor architecture: Intel x86
06:03:19.0933 2088 Number of processors: 4
06:03:19.0933 2088 Page size: 0x1000
06:03:19.0933 2088 Boot type: Normal boot
06:03:19.0933 2088 ============================================================
06:03:20.0791 2088 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:03:20.0791 2088 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DA0000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
06:03:20.0822 2088 ============================================================
06:03:20.0822 2088 \Device\Harddisk0\DR0:
06:03:20.0838 2088 MBR partitions:
06:03:20.0838 2088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0x13340800
06:03:20.0838 2088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x144D5000, BlocksNum 0x25EB0830
06:03:20.0838 2088 \Device\Harddisk1\DR1:
06:03:20.0838 2088 MBR partitions:
06:03:20.0838 2088 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
06:03:20.0838 2088 ============================================================
06:03:20.0885 2088 C: <-> \Device\Harddisk0\DR0\Partition1
06:03:21.0009 2088 D: <-> \Device\Harddisk0\DR0\Partition2
06:03:21.0041 2088 F: <-> \Device\Harddisk1\DR1\Partition1
06:03:21.0041 2088 ============================================================
06:03:21.0041 2088 Initialize success
06:03:21.0041 2088 ============================================================
06:03:29.0449 6020 ============================================================
06:03:29.0449 6020 Scan started
06:03:29.0449 6020 Mode: Manual; SigCheck; TDLFS;
06:03:29.0449 6020 ============================================================
06:03:30.0525 6020 ================ Scan system memory ========================
06:03:30.0525 6020 System memory - ok
06:03:30.0525 6020 ================ Scan services =============================
06:03:30.0822 6020 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
06:03:30.0962 6020 ACPI - ok
06:03:31.0056 6020 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
06:03:31.0056 6020 AdobeARMservice - ok
06:03:31.0149 6020 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:03:31.0165 6020 AdobeFlashPlayerUpdateSvc - ok
06:03:31.0181 6020 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
06:03:31.0212 6020 adp94xx - ok
06:03:31.0227 6020 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
06:03:31.0243 6020 adpahci - ok
06:03:31.0274 6020 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
06:03:31.0274 6020 adpu160m - ok
06:03:31.0290 6020 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
06:03:31.0305 6020 adpu320 - ok
06:03:31.0337 6020 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:03:31.0446 6020 AeLookupSvc - ok
06:03:31.0493 6020 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
06:03:31.0555 6020 AFD - ok
06:03:31.0571 6020 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
06:03:31.0586 6020 agp440 - ok
06:03:31.0617 6020 [ FBE4016F9EF3AB3DB547E40A936B6CD9 ] ahcix86s C:\Windows\system32\drivers\ahcix86s.sys
06:03:31.0633 6020 ahcix86s - ok
06:03:31.0649 6020 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
06:03:31.0664 6020 aic78xx - ok
06:03:31.0680 6020 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
06:03:31.0758 6020 ALG - ok
06:03:31.0773 6020 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
06:03:31.0789 6020 aliide - ok
06:03:31.0805 6020 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
06:03:31.0805 6020 amdagp - ok
06:03:31.0820 6020 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
06:03:31.0836 6020 amdide - ok
06:03:31.0851 6020 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
06:03:31.0898 6020 AmdK7 - ok
06:03:31.0929 6020 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
06:03:31.0961 6020 AmdK8 - ok
06:03:32.0070 6020 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
06:03:32.0070 6020 AntiVirSchedulerService - ok
06:03:32.0117 6020 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
06:03:32.0117 6020 AntiVirService - ok
06:03:32.0163 6020 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
06:03:32.0179 6020 Appinfo - ok
06:03:32.0257 6020 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:03:32.0257 6020 Apple Mobile Device - ok
06:03:32.0304 6020 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
06:03:32.0304 6020 arc - ok
06:03:32.0319 6020 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
06:03:32.0335 6020 arcsas - ok
06:03:32.0351 6020 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:03:32.0397 6020 AsyncMac - ok
06:03:32.0429 6020 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
06:03:32.0444 6020 atapi - ok
06:03:32.0491 6020 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:03:32.0522 6020 AudioEndpointBuilder - ok
06:03:32.0553 6020 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
06:03:32.0569 6020 Audiosrv - ok
06:03:32.0631 6020 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
06:03:32.0631 6020 avgntflt - ok
06:03:32.0678 6020 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
06:03:32.0678 6020 avipbb - ok
06:03:32.0725 6020 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
06:03:32.0725 6020 avkmgr - ok
06:03:32.0756 6020 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
06:03:32.0787 6020 Beep - ok
06:03:32.0850 6020 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
06:03:32.0897 6020 BFE - ok
06:03:33.0099 6020 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
06:03:33.0162 6020 BITS - ok
06:03:33.0209 6020 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
06:03:33.0240 6020 blbdrive - ok
06:03:33.0318 6020 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:03:33.0333 6020 Bonjour Service - ok
06:03:33.0365 6020 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:03:33.0411 6020 bowser - ok
06:03:33.0427 6020 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
06:03:33.0443 6020 BrFiltLo - ok
06:03:33.0458 6020 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
06:03:33.0505 6020 BrFiltUp - ok
06:03:33.0521 6020 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
06:03:33.0567 6020 Browser - ok
06:03:33.0599 6020 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
06:03:33.0739 6020 Brserid - ok
06:03:33.0755 6020 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
06:03:33.0786 6020 BrSerWdm - ok
06:03:33.0801 6020 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
06:03:33.0864 6020 BrUsbMdm - ok
06:03:33.0879 6020 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
06:03:33.0911 6020 BrUsbSer - ok
06:03:33.0926 6020 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
06:03:33.0973 6020 BTHMODEM - ok
06:03:34.0004 6020 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:03:34.0035 6020 cdfs - ok
06:03:34.0098 6020 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:03:34.0113 6020 cdrom - ok
06:03:34.0160 6020 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
06:03:34.0238 6020 CertPropSvc - ok
06:03:34.0254 6020 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
06:03:34.0285 6020 circlass - ok
06:03:34.0363 6020 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
06:03:34.0394 6020 CLFS - ok
06:03:34.0503 6020 ClipInc001 - ok
06:03:34.0659 6020 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:03:34.0691 6020 clr_optimization_v2.0.50727_32 - ok
06:03:34.0737 6020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:03:34.0784 6020 clr_optimization_v4.0.30319_32 - ok
06:03:34.0800 6020 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
06:03:34.0815 6020 cmdide - ok
06:03:34.0847 6020 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
06:03:34.0862 6020 Compbatt - ok
06:03:34.0878 6020 COMSysApp - ok
06:03:34.0893 6020 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
06:03:34.0909 6020 crcdisk - ok
06:03:34.0925 6020 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
06:03:34.0956 6020 Crusoe - ok
06:03:35.0018 6020 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:03:35.0049 6020 CryptSvc - ok
06:03:35.0096 6020 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:03:35.0174 6020 DcomLaunch - ok
06:03:35.0205 6020 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:03:35.0237 6020 DfsC - ok
06:03:35.0315 6020 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
06:03:35.0424 6020 DFSR - ok
06:03:35.0486 6020 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
06:03:35.0517 6020 Dhcp - ok
06:03:35.0549 6020 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
06:03:35.0564 6020 disk - ok
06:03:35.0595 6020 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:03:35.0642 6020 Dnscache - ok
06:03:35.0673 6020 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
06:03:35.0705 6020 dot3svc - ok
06:03:35.0736 6020 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
06:03:35.0767 6020 DPS - ok
06:03:35.0798 6020 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:03:35.0845 6020 drmkaud - ok
06:03:35.0923 6020 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:03:35.0954 6020 DXGKrnl - ok
06:03:36.0032 6020 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
06:03:36.0048 6020 E1G60 - ok
06:03:36.0063 6020 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
06:03:36.0110 6020 EapHost - ok
06:03:36.0173 6020 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
06:03:36.0173 6020 Ecache - ok
06:03:36.0204 6020 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:03:36.0219 6020 ehRecvr - ok
06:03:36.0235 6020 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
06:03:36.0266 6020 ehSched - ok
06:03:36.0282 6020 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
06:03:36.0297 6020 ehstart - ok
06:03:36.0329 6020 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
06:03:36.0344 6020 elxstor - ok
06:03:36.0407 6020 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
06:03:36.0485 6020 EMDMgmt - ok
06:03:36.0500 6020 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
06:03:36.0531 6020 ErrDev - ok
06:03:36.0578 6020 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
06:03:36.0625 6020 EventSystem - ok
06:03:36.0672 6020 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
06:03:36.0734 6020 exfat - ok
06:03:36.0765 6020 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:03:36.0812 6020 fastfat - ok
06:03:36.0828 6020 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:03:36.0859 6020 fdc - ok
06:03:36.0890 6020 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
06:03:36.0906 6020 fdPHost - ok
06:03:36.0921 6020 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
06:03:36.0984 6020 FDResPub - ok
06:03:37.0015 6020 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:03:37.0015 6020 FileInfo - ok
06:03:37.0031 6020 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:03:37.0077 6020 Filetrace - ok
06:03:37.0187 6020 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
06:03:37.0265 6020 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
06:03:37.0265 6020 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
06:03:37.0280 6020 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:03:37.0311 6020 flpydisk - ok
06:03:37.0343 6020 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:03:37.0358 6020 FltMgr - ok
06:03:37.0421 6020 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
06:03:37.0452 6020 FontCache - ok
06:03:37.0530 6020 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
06:03:37.0545 6020 FontCache3.0.0.0 - ok
06:03:37.0561 6020 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:03:37.0608 6020 Fs_Rec - ok
06:03:37.0623 6020 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
06:03:37.0623 6020 gagp30kx - ok
06:03:37.0655 6020 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:03:37.0670 6020 GEARAspiWDM - ok
06:03:37.0764 6020 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
06:03:37.0764 6020 GoogleDesktopManager-051210-111108 - ok
06:03:37.0857 6020 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
06:03:37.0982 6020 gpsvc - ok
06:03:38.0091 6020 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:03:38.0138 6020 HdAudAddService - ok
06:03:38.0185 6020 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
06:03:38.0247 6020 HDAudBus - ok
06:03:38.0263 6020 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
06:03:38.0325 6020 HidBth - ok
06:03:38.0341 6020 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
06:03:38.0388 6020 HidIr - ok
06:03:38.0450 6020 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
06:03:38.0481 6020 hidserv - ok
06:03:38.0497 6020 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:03:38.0528 6020 HidUsb - ok
06:03:38.0559 6020 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:03:38.0575 6020 hkmsvc - ok
06:03:38.0591 6020 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
06:03:38.0606 6020 HpCISSs - ok
06:03:38.0637 6020 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:03:38.0684 6020 HTTP - ok
06:03:38.0700 6020 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
06:03:38.0715 6020 i2omp - ok
06:03:38.0747 6020 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
06:03:38.0778 6020 i8042prt - ok
06:03:38.0809 6020 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\drivers\iastor.sys
06:03:38.0825 6020 iaStor - ok
06:03:38.0840 6020 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
06:03:38.0856 6020 iaStorV - ok
06:03:38.0918 6020 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:03:38.0949 6020 idsvc - ok
06:03:38.0996 6020 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
06:03:39.0012 6020 iirsp - ok
06:03:39.0043 6020 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
06:03:39.0090 6020 IKEEXT - ok
06:03:39.0183 6020 [ 737D0390644DEF1A20C1CCF92C0E9C0C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
06:03:39.0261 6020 IntcAzAudAddService - ok
06:03:39.0277 6020 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
06:03:39.0293 6020 intelide - ok
06:03:39.0308 6020 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:03:39.0355 6020 intelppm - ok
06:03:39.0371 6020 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:03:39.0417 6020 IPBusEnum - ok
06:03:39.0433 6020 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:03:39.0464 6020 IpFilterDriver - ok
06:03:39.0495 6020 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:03:39.0542 6020 iphlpsvc - ok
06:03:39.0542 6020 IpInIp - ok
06:03:39.0558 6020 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
06:03:39.0589 6020 IPMIDRV - ok
06:03:39.0605 6020 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
06:03:39.0620 6020 IPNAT - ok
06:03:39.0667 6020 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:03:39.0683 6020 iPod Service - ok
06:03:39.0698 6020 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:03:39.0729 6020 IRENUM - ok
06:03:39.0745 6020 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:03:39.0745 6020 isapnp - ok
06:03:39.0807 6020 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
06:03:39.0823 6020 iScsiPrt - ok
06:03:39.0839 6020 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
06:03:39.0839 6020 iteatapi - ok
06:03:39.0854 6020 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
06:03:39.0870 6020 iteraid - ok
06:03:39.0885 6020 [ C36F3A1A4E8416EF43F30DEAB7701730 ] JRAID C:\Windows\system32\drivers\jraid.sys
06:03:39.0932 6020 JRAID - ok
06:03:39.0948 6020 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:03:39.0963 6020 kbdclass - ok
06:03:40.0026 6020 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
06:03:40.0057 6020 kbdhid - ok
06:03:40.0088 6020 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
06:03:40.0119 6020 KeyIso - ok
06:03:40.0151 6020 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:03:40.0166 6020 KSecDD - ok
06:03:40.0213 6020 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
06:03:40.0244 6020 KtmRm - ok
06:03:40.0275 6020 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
06:03:40.0322 6020 LanmanServer - ok
06:03:40.0369 6020 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:03:40.0400 6020 LanmanWorkstation - ok
06:03:40.0431 6020 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:03:40.0478 6020 lltdio - ok
06:03:40.0509 6020 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:03:40.0541 6020 lltdsvc - ok
06:03:40.0556 6020 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:03:40.0603 6020 lmhosts - ok
06:03:40.0619 6020 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
06:03:40.0634 6020 LSI_FC - ok
06:03:40.0650 6020 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
06:03:40.0650 6020 LSI_SAS - ok
06:03:40.0665 6020 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
06:03:40.0681 6020 LSI_SCSI - ok
06:03:40.0697 6020 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
06:03:40.0728 6020 luafv - ok
06:03:40.0775 6020 [ 9E9306063ECD8AA91B3FB76678D3CEE2 ] LVUSBSta C:\Windows\system32\DRIVERS\LVUSBSta.sys
06:03:40.0790 6020 LVUSBSta - ok
06:03:40.0806 6020 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:03:40.0837 6020 Mcx2Svc - ok
06:03:40.0868 6020 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
06:03:40.0868 6020 megasas - ok
06:03:40.0915 6020 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
06:03:40.0931 6020 MegaSR - ok
06:03:41.0040 6020 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
06:03:41.0040 6020 Microsoft Office Groove Audit Service - ok
06:03:41.0102 6020 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
06:03:41.0133 6020 MMCSS - ok
06:03:41.0165 6020 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
06:03:41.0211 6020 Modem - ok
06:03:41.0243 6020 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:03:41.0258 6020 monitor - ok
06:03:41.0274 6020 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:03:41.0274 6020 mouclass - ok
06:03:41.0289 6020 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:03:41.0321 6020 mouhid - ok
06:03:41.0336 6020 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
06:03:41.0336 6020 MountMgr - ok
06:03:41.0367 6020 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
06:03:41.0383 6020 mpio - ok
06:03:41.0383 6020 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:03:41.0430 6020 mpsdrv - ok
06:03:41.0477 6020 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
06:03:41.0523 6020 MpsSvc - ok
06:03:41.0539 6020 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
06:03:41.0555 6020 Mraid35x - ok
06:03:41.0586 6020 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:03:41.0617 6020 MRxDAV - ok
06:03:41.0648 6020 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:03:41.0679 6020 mrxsmb - ok
06:03:41.0711 6020 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:03:41.0726 6020 mrxsmb10 - ok
06:03:41.0726 6020 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:03:41.0742 6020 mrxsmb20 - ok
06:03:41.0773 6020 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
06:03:41.0773 6020 msahci - ok
06:03:41.0789 6020 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:03:41.0804 6020 msdsm - ok
06:03:41.0820 6020 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
06:03:41.0867 6020 MSDTC - ok
06:03:41.0898 6020 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:03:41.0913 6020 Msfs - ok
06:03:41.0929 6020 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:03:41.0929 6020 msisadrv - ok
06:03:41.0960 6020 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:03:41.0991 6020 MSiSCSI - ok
06:03:42.0007 6020 msiserver - ok
06:03:42.0023 6020 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:03:42.0054 6020 MSKSSRV - ok
06:03:42.0085 6020 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:03:42.0101 6020 MSPCLOCK - ok
06:03:42.0116 6020 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:03:42.0132 6020 MSPQM - ok
06:03:42.0179 6020 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:03:42.0194 6020 MsRPC - ok
06:03:42.0210 6020 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
06:03:42.0225 6020 mssmbios - ok
06:03:42.0241 6020 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:03:42.0257 6020 MSTEE - ok
06:03:42.0288 6020 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
06:03:42.0288 6020 Mup - ok
06:03:42.0335 6020 [ 622FCF264119F7DF127BE353F796B319 ] MyScrapNook_12Service C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsvc.exe
06:03:42.0350 6020 MyScrapNook_12Service - ok
06:03:42.0366 6020 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
06:03:42.0413 6020 napagent - ok
06:03:42.0459 6020 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:03:42.0475 6020 NativeWifiP - ok
06:03:42.0506 6020 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:03:42.0522 6020 NDIS - ok
06:03:42.0553 6020 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:03:42.0584 6020 NdisTapi - ok
06:03:42.0600 6020 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:03:42.0615 6020 Ndisuio - ok
06:03:42.0678 6020 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:03:42.0693 6020 NdisWan - ok
06:03:42.0709 6020 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:03:42.0725 6020 NDProxy - ok
06:03:42.0803 6020 [ A0101E836D2A39682E134C47B1565256 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
06:03:42.0834 6020 Nero BackItUp Scheduler 3 - ok
06:03:42.0849 6020 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:03:42.0896 6020 NetBIOS - ok
06:03:42.0927 6020 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
06:03:42.0959 6020 netbt - ok
06:03:42.0959 6020 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
06:03:42.0974 6020 Netlogon - ok
06:03:43.0005 6020 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
06:03:43.0037 6020 Netman - ok
06:03:43.0068 6020 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
06:03:43.0115 6020 netprofm - ok
06:03:43.0146 6020 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:03:43.0161 6020 NetTcpPortSharing - ok
06:03:43.0193 6020 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
06:03:43.0224 6020 nfrd960 - ok
06:03:43.0239 6020 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:03:43.0271 6020 NlaSvc - ok
06:03:43.0286 6020 [ 9CF3E134EB0490D60FE68631A7D666A0 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
06:03:43.0317 6020 NMIndexingService - ok
06:03:43.0364 6020 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:03:43.0380 6020 Npfs - ok
06:03:43.0395 6020 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
06:03:43.0442 6020 nsi - ok
06:03:43.0458 6020 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:03:43.0505 6020 nsiproxy - ok
06:03:43.0551 6020 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:03:43.0598 6020 Ntfs - ok
06:03:43.0629 6020 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
06:03:43.0676 6020 ntrigdigi - ok
06:03:43.0692 6020 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
06:03:43.0723 6020 Null - ok
06:03:43.0785 6020 [ ADB84B1E6B837C45443AA25ABE9E7012 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
06:03:43.0817 6020 NVENETFD - ok
06:03:44.0019 6020 [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:03:44.0363 6020 nvlddmkm - ok
06:03:44.0394 6020 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:03:44.0409 6020 nvraid - ok
06:03:44.0425 6020 [ 736054614AB962D4EC01EF4ABCE115F1 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
06:03:44.0456 6020 nvsmu - ok
06:03:44.0472 6020 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:03:44.0487 6020 nvstor - ok
06:03:44.0503 6020 [ EDB99121D49EB6010C15A6ACB4526D47 ] nvsvc C:\Windows\system32\nvvsvc.exe
06:03:44.0534 6020 nvsvc - ok
06:03:44.0565 6020 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:03:44.0565 6020 nv_agp - ok
06:03:44.0581 6020 NwlnkFlt - ok
06:03:44.0581 6020 NwlnkFwd - ok
06:03:44.0659 6020 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:03:44.0675 6020 odserv - ok
06:03:44.0737 6020 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
06:03:44.0768 6020 ohci1394 - ok
06:03:44.0815 6020 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:03:44.0831 6020 ose - ok
06:03:44.0893 6020 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
06:03:44.0955 6020 p2pimsvc - ok
06:03:44.0971 6020 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
06:03:44.0987 6020 p2psvc - ok
06:03:45.0018 6020 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
06:03:45.0049 6020 Parport - ok
06:03:45.0096 6020 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:03:45.0096 6020 partmgr - ok
06:03:45.0111 6020 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
06:03:45.0174 6020 Parvdm - ok
06:03:45.0189 6020 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
06:03:45.0221 6020 PcaSvc - ok
06:03:45.0252 6020 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
06:03:45.0267 6020 pci - ok
06:03:45.0283 6020 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
06:03:45.0299 6020 pciide - ok
06:03:45.0314 6020 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
06:03:45.0330 6020 pcmcia - ok
06:03:45.0361 6020 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:03:45.0423 6020 PEAUTH - ok
06:03:45.0486 6020 [ 0DA6C5E0C8DA6CEBE52DAACFE7AE9DE6 ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
06:03:45.0533 6020 PID_PEPI - ok
06:03:45.0579 6020 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
06:03:45.0689 6020 pla - ok
06:03:45.0720 6020 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:03:45.0751 6020 PlugPlay - ok
06:03:45.0782 6020 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
06:03:45.0813 6020 PNRPAutoReg - ok
06:03:45.0845 6020 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
06:03:45.0860 6020 PNRPsvc - ok
06:03:45.0923 6020 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:03:45.0969 6020 PolicyAgent - ok
06:03:45.0985 6020 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:03:46.0032 6020 PptpMiniport - ok
06:03:46.0032 6020 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
06:03:46.0063 6020 Processor - ok
06:03:46.0094 6020 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
06:03:46.0125 6020 ProfSvc - ok
06:03:46.0141 6020 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
06:03:46.0157 6020 ProtectedStorage - ok
06:03:46.0203 6020 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
06:03:46.0235 6020 PSched - ok
06:03:46.0281 6020 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
06:03:46.0297 6020 PxHelp20 - ok
06:03:46.0328 6020 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
06:03:46.0375 6020 ql2300 - ok
06:03:46.0406 6020 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
06:03:46.0422 6020 ql40xx - ok
06:03:46.0453 6020 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
06:03:46.0469 6020 QWAVE - ok
06:03:46.0500 6020 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:03:46.0515 6020 QWAVEdrv - ok
06:03:46.0593 6020 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
06:03:46.0625 6020 RapiMgr - ok
06:03:46.0656 6020 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:03:46.0687 6020 RasAcd - ok
06:03:46.0703 6020 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
06:03:46.0749 6020 RasAuto - ok
06:03:46.0765 6020 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:03:46.0781 6020 Rasl2tp - ok
06:03:46.0812 6020 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
06:03:46.0827 6020 RasMan - ok
06:03:46.0874 6020 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:03:46.0890 6020 RasPppoe - ok
06:03:46.0937 6020 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:03:46.0952 6020 RasSstp - ok
06:03:46.0968 6020 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:03:46.0983 6020 rdbss - ok
06:03:46.0999 6020 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:03:47.0030 6020 RDPCDD - ok
06:03:47.0061 6020 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
06:03:47.0077 6020 rdpdr - ok
06:03:47.0093 6020 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:03:47.0124 6020 RDPENCDD - ok
06:03:47.0155 6020 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:03:47.0171 6020 RDPWD - ok
06:03:47.0217 6020 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:03:47.0249 6020 RemoteAccess - ok
06:03:47.0280 6020 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:03:47.0311 6020 RemoteRegistry - ok
06:03:47.0327 6020 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
06:03:47.0358 6020 RpcLocator - ok
06:03:47.0373 6020 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
06:03:47.0405 6020 RpcSs - ok
06:03:47.0420 6020 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:03:47.0451 6020 rspndr - ok
06:03:47.0467 6020 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
06:03:47.0467 6020 SamSs - ok
06:03:47.0498 6020 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:03:47.0498 6020 sbp2port - ok
06:03:47.0545 6020 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:03:47.0561 6020 SCardSvr - ok
06:03:47.0592 6020 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
06:03:47.0670 6020 Schedule - ok
06:03:47.0701 6020 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
06:03:47.0732 6020 SCPolicySvc - ok
06:03:47.0748 6020 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:03:47.0779 6020 SDRSVC - ok
06:03:47.0795 6020 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:03:47.0841 6020 secdrv - ok
06:03:47.0857 6020 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
06:03:47.0888 6020 seclogon - ok
06:03:47.0904 6020 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
06:03:47.0935 6020 SENS - ok
06:03:47.0951 6020 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
06:03:47.0997 6020 Serenum - ok
06:03:48.0013 6020 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
06:03:48.0044 6020 Serial - ok
06:03:48.0060 6020 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
06:03:48.0091 6020 sermouse - ok
06:03:48.0107 6020 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
06:03:48.0122 6020 SessionEnv - ok
06:03:48.0138 6020 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:03:48.0169 6020 sffdisk - ok
06:03:48.0200 6020 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:03:48.0216 6020 sffp_mmc - ok
06:03:48.0231 6020 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:03:48.0263 6020 sffp_sd - ok
06:03:48.0309 6020 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:03:48.0325 6020 sfloppy - ok
06:03:48.0372 6020 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:03:48.0450 6020 SharedAccess - ok
06:03:48.0497 6020 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:03:48.0528 6020 ShellHWDetection - ok
06:03:48.0543 6020 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
06:03:48.0559 6020 sisagp - ok
06:03:48.0575 6020 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
06:03:48.0575 6020 SiSRaid2 - ok
06:03:48.0590 6020 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
06:03:48.0606 6020 SiSRaid4 - ok
06:03:48.0699 6020 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
06:03:48.0824 6020 slsvc - ok
06:03:48.0855 6020 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
06:03:48.0887 6020 SLUINotify - ok
06:03:48.0933 6020 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:03:48.0965 6020 Smb - ok
06:03:48.0996 6020 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:03:49.0011 6020 SNMPTRAP - ok
06:03:49.0105 6020 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
06:03:49.0121 6020 Sony PC Companion - ok
06:03:49.0152 6020 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
06:03:49.0167 6020 spldr - ok
06:03:49.0214 6020 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
06:03:49.0245 6020 Spooler - ok
06:03:49.0292 6020 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
06:03:49.0339 6020 srv - ok
06:03:49.0386 6020 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:03:49.0433 6020 srv2 - ok
06:03:49.0479 6020 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:03:49.0495 6020 srvnet - ok
06:03:49.0495 6020 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:03:49.0542 6020 SSDPSRV - ok
06:03:49.0573 6020 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
06:03:49.0573 6020 ssmdrv - ok
06:03:49.0589 6020 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:03:49.0620 6020 SstpSvc - ok
06:03:49.0667 6020 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
06:03:49.0667 6020 StarOpen ( UnsignedFile.Multi.Generic ) - warning
06:03:49.0667 6020 StarOpen - detected UnsignedFile.Multi.Generic (1)
06:03:49.0729 6020 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
06:03:49.0745 6020 stisvc - ok
06:03:49.0776 6020 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
06:03:49.0791 6020 swenum - ok
06:03:49.0823 6020 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
06:03:49.0869 6020 swprv - ok
06:03:49.0885 6020 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
06:03:49.0901 6020 Symc8xx - ok
06:03:49.0916 6020 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
06:03:49.0916 6020 Sym_hi - ok
06:03:49.0932 6020 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
06:03:49.0947 6020 Sym_u3 - ok
06:03:49.0994 6020 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
06:03:50.0057 6020 SysMain - ok
06:03:50.0072 6020 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:03:50.0103 6020 TabletInputService - ok
06:03:50.0166 6020 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
06:03:50.0197 6020 TapiSrv - ok
06:03:50.0228 6020 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
06:03:50.0259 6020 TBS - ok
06:03:50.0306 6020 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:03:50.0337 6020 Tcpip - ok
06:03:50.0369 6020 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
06:03:50.0400 6020 Tcpip6 - ok
06:03:50.0431 6020 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:03:50.0447 6020 tcpipreg - ok
06:03:50.0462 6020 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:03:50.0493 6020 TDPIPE - ok
06:03:50.0525 6020 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:03:50.0540 6020 TDTCP - ok
06:03:50.0571 6020 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:03:50.0603 6020 tdx - ok
06:03:50.0649 6020 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
06:03:50.0665 6020 TermDD - ok
06:03:50.0681 6020 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
06:03:50.0712 6020 TermService - ok
06:03:50.0774 6020 [ 492CD96EFA28DCCF0497523C161884E8 ] TestHandler C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
06:03:50.0790 6020 TestHandler - ok
06:03:50.0805 6020 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
06:03:50.0821 6020 Themes - ok
06:03:50.0837 6020 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
06:03:50.0852 6020 THREADORDER - ok
06:03:50.0868 6020 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
06:03:50.0899 6020 TrkWks - ok
06:03:50.0961 6020 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:03:51.0008 6020 TrustedInstaller - ok
06:03:51.0055 6020 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:03:51.0086 6020 tssecsrv - ok
06:03:51.0133 6020 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
06:03:51.0164 6020 tunmp - ok
06:03:51.0195 6020 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:03:51.0211 6020 tunnel - ok
06:03:51.0227 6020 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
06:03:51.0242 6020 uagp35 - ok
06:03:51.0289 6020 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:03:51.0305 6020 udfs - ok
06:03:51.0320 6020 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:03:51.0367 6020 UI0Detect - ok
06:03:51.0383 6020 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:03:51.0398 6020 uliagpkx - ok
06:03:51.0414 6020 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
06:03:51.0429 6020 uliahci - ok
06:03:51.0445 6020 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
06:03:51.0461 6020 UlSata - ok
06:03:51.0461 6020 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
06:03:51.0476 6020 ulsata2 - ok
06:03:51.0492 6020 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:03:51.0523 6020 umbus - ok
06:03:51.0539 6020 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
06:03:51.0585 6020 upnphost - ok
06:03:51.0632 6020 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
06:03:51.0695 6020 UPnPService ( UnsignedFile.Multi.Generic ) - warning
06:03:51.0695 6020 UPnPService - detected UnsignedFile.Multi.Generic (1)
06:03:51.0757 6020 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
06:03:51.0788 6020 usbaudio - ok
06:03:51.0819 6020 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:03:51.0835 6020 usbccgp - ok
06:03:51.0851 6020 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
06:03:51.0897 6020 usbcir - ok
06:03:51.0944 6020 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:03:51.0960 6020 usbehci - ok
06:03:52.0007 6020 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:03:52.0038 6020 usbhub - ok
06:03:52.0085 6020 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
06:03:52.0100 6020 usbohci - ok
06:03:52.0116 6020 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
06:03:52.0163 6020 usbprint - ok
06:03:52.0178 6020 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:03:52.0209 6020 USBSTOR - ok
06:03:52.0225 6020 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
06:03:52.0256 6020 usbuhci - ok
06:03:52.0287 6020 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
06:03:52.0319 6020 usb_rndisx - ok
06:03:52.0350 6020 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
06:03:52.0381 6020 UxSms - ok
06:03:52.0412 6020 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
06:03:52.0443 6020 vds - ok
06:03:52.0475 6020 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:03:52.0506 6020 vga - ok
06:03:52.0537 6020 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
06:03:52.0568 6020 VgaSave - ok
06:03:52.0584 6020 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
06:03:52.0599 6020 viaagp - ok
06:03:52.0615 6020 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
06:03:52.0631 6020 ViaC7 - ok
06:03:52.0646 6020 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
06:03:52.0662 6020 viaide - ok
06:03:52.0662 6020 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:03:52.0677 6020 volmgr - ok
06:03:52.0709 6020 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:03:52.0724 6020 volmgrx - ok
06:03:52.0771 6020 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:03:52.0787 6020 volsnap - ok
06:03:52.0802 6020 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
06:03:52.0802 6020 vsmraid - ok
06:03:52.0865 6020 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
06:03:52.0927 6020 VSS - ok
06:03:52.0943 6020 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
06:03:52.0974 6020 W32Time - ok
06:03:53.0005 6020 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
06:03:53.0036 6020 WacomPen - ok
06:03:53.0052 6020 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
06:03:53.0083 6020 Wanarp - ok
06:03:53.0099 6020 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:03:53.0114 6020 Wanarpv6 - ok
06:03:53.0145 6020 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
06:03:53.0177 6020 WcesComm - ok
06:03:53.0223 6020 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:03:53.0255 6020 wcncsvc - ok
06:03:53.0286 6020 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:03:53.0301 6020 WcsPlugInService - ok
06:03:53.0395 6020 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
06:03:53.0411 6020 Wd - ok
06:03:53.0520 6020 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:03:53.0613 6020 Wdf01000 - ok
06:03:53.0629 6020 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:03:53.0660 6020 WdiServiceHost - ok
06:03:53.0676 6020 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:03:53.0691 6020 WdiSystemHost - ok
06:03:53.0707 6020 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
06:03:53.0754 6020 WebClient - ok
06:03:53.0785 6020 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:03:53.0816 6020 Wecsvc - ok
06:03:53.0832 6020 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:03:53.0863 6020 wercplsupport - ok
06:03:53.0910 6020 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
06:03:53.0925 6020 WerSvc - ok
06:03:53.0972 6020 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
06:03:53.0988 6020 WinDefend - ok
06:03:53.0988 6020 WinHttpAutoProxySvc - ok
06:03:54.0081 6020 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:03:54.0097 6020 Winmgmt - ok
06:03:54.0144 6020 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
06:03:54.0237 6020 WinRM - ok
06:03:54.0284 6020 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
06:03:54.0331 6020 Wlansvc - ok
06:03:54.0362 6020 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
06:03:54.0378 6020 WmiAcpi - ok
06:03:54.0409 6020 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:03:54.0440 6020 wmiApSrv - ok
06:03:54.0534 6020 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
06:03:54.0565 6020 WMPNetworkSvc - ok
06:03:54.0596 6020 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:03:54.0612 6020 WPCSvc - ok
06:03:54.0643 6020 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:03:54.0659 6020 WPDBusEnum - ok
06:03:54.0705 6020 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
06:03:54.0721 6020 WpdUsb - ok
06:03:54.0861 6020 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:03:54.0908 6020 WPFFontCache_v0400 - ok
06:03:54.0924 6020 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:03:54.0955 6020 ws2ifsl - ok
06:03:54.0986 6020 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
06:03:55.0017 6020 wscsvc - ok
06:03:55.0033 6020 WSearch - ok
06:03:55.0095 6020 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
06:03:55.0158 6020 wuauserv - ok
06:03:55.0220 6020 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:03:55.0236 6020 WudfPf - ok
06:03:55.0283 6020 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:03:55.0314 6020 WUDFRd - ok
06:03:55.0329 6020 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:03:55.0361 6020 wudfsvc - ok
06:03:55.0361 6020 ================ Scan global ===============================
06:03:55.0392 6020 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
06:03:55.0423 6020 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
06:03:55.0439 6020 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
06:03:55.0485 6020 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
06:03:55.0485 6020 [Global] - ok
06:03:55.0485 6020 ================ Scan MBR ==================================
06:03:55.0501 6020 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
06:03:56.0016 6020 \Device\Harddisk0\DR0 - ok
06:03:56.0031 6020 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
06:03:56.0125 6020 \Device\Harddisk1\DR1 - ok
06:03:56.0125 6020 ================ Scan VBR ==================================
06:03:56.0125 6020 [ 185C049ECD5ACB891998D768FBD3F72E ] \Device\Harddisk0\DR0\Partition1
06:03:56.0125 6020 \Device\Harddisk0\DR0\Partition1 - ok
06:03:56.0156 6020 [ 86138E283E37CB640465F5DCF3CD7721 ] \Device\Harddisk0\DR0\Partition2
06:03:56.0156 6020 \Device\Harddisk0\DR0\Partition2 - ok
06:03:56.0156 6020 [ A8801C8EFFE68982279DCD98B10D1751 ] \Device\Harddisk1\DR1\Partition1
06:03:56.0156 6020 \Device\Harddisk1\DR1\Partition1 - ok
06:03:56.0156 6020 ============================================================
06:03:56.0156 6020 Scan finished
06:03:56.0156 6020 ============================================================
06:03:56.0172 4312 Detected object count: 3
06:03:56.0172 4312 Actual detected object count: 3
06:04:28.0729 4312 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
06:04:28.0729 4312 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:04:28.0729 4312 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
06:04:28.0729 4312 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:04:28.0745 4312 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
06:04:28.0745 4312 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:05:03.0829 1360 Deinitialize success
|
|
30.04.2013, 15:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? |
|
01.05.2013, 22:51
| #7 |
| | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? so nun zum nächsten: Code:
ATTFilter ComboFix 13-05-01.03 - alopolo 01.05.2013 23:30:26.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.1712 [GMT 2:00]
ausgeführt von:: c:\users\alopolosmann\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFRDF50.tmp
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\IsUn0407.exe
c:\windows\system32\roboot.exe
c:\windows\UA000011.DLL
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-01 bis 2013-05-01 ))))))))))))))))))))))))))))))
.
.
2013-05-01 21:37 . 2013-05-01 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-01 21:37 . 2013-05-01 21:38 -------- d-----w- c:\users\alopolo\AppData\Local\temp
2013-04-30 10:14 . 2013-04-17 04:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6194E690-6703-48A3-9706-B133AF048CA6}\mpengine.dll
2013-04-28 18:16 . 2013-04-28 18:16 -------- d-----w- c:\users\alopolo\AppData\Roaming\Malwarebytes
2013-04-28 18:16 . 2013-04-28 18:16 -------- d-----w- c:\programdata\Malwarebytes
2013-04-28 18:16 . 2013-04-28 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-28 18:16 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-24 04:20 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-18 12:42 . 2013-04-18 12:42 -------- d-----w- c:\users\alopolosmann\.thumb
2013-04-18 12:42 . 2013-04-18 12:42 -------- d-----w- c:\program files\DVDStyler
2013-04-17 12:29 . 2013-04-18 21:47 -------- d-----w- c:\users\alopolosmann\AppData\Roaming\DVDVideoSoft
2013-04-17 12:29 . 2013-04-28 21:51 -------- d-----w- c:\program files\DVDVideoSoft
2013-04-17 12:29 . 2013-04-28 21:51 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-04-17 12:29 . 2013-04-28 21:51 -------- d-----w- c:\users\alopolo\AppData\Roaming\DVDVideoSoft
2013-04-17 12:17 . 2013-04-17 12:17 -------- d-----w- c:\program files\7-Zip
2013-04-12 08:44 . 2013-02-22 03:39 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-04-12 08:44 . 2013-02-22 03:38 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-04-12 08:44 . 2013-02-22 03:37 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 05:21 . 2013-04-12 06:40 -------- d-----w- c:\users\alopolosmann\AppData\Local\Mozilla Firefox
2013-04-12 04:47 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-12 04:47 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-12 04:47 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-12 04:47 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-12 04:47 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-12 04:47 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-12 04:47 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-05 19:00 . 2013-04-05 19:00 -------- d-----w- c:\users\alopolosmann\restore
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-28 11:46 . 2013-02-23 10:25 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-28 11:46 . 2013-02-23 10:25 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 11:46 . 2013-02-23 10:25 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-13 14:11 . 2012-11-29 04:46 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 14:11 . 2011-08-31 03:41 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2009-10-03 08:02 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-02-25 22:22 . 2013-02-25 22:22 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:22 . 2012-10-10 20:14 1017120 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-25 22:22 . 2013-02-25 22:22 6262608 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:22 . 2013-02-25 22:22 2505144 ----a-w- c:\windows\system32\nvapi.dll
2013-02-25 22:22 . 2013-02-25 22:22 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-25 22:22 . 2012-10-10 20:14 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-25 22:22 . 2013-02-25 22:22 15129960 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-25 22:22 . 2013-02-25 22:22 7932256 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:22 . 2013-02-25 22:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:22 . 2013-02-25 22:22 20449056 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-25 22:22 . 2013-02-25 22:22 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:22 . 2013-02-25 22:22 2720544 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-12 01:57 . 2013-03-21 08:31 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 01:57 . 2013-03-21 08:31 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2010-09-09 20:21 . 2009-11-16 08:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ClipIncSrvTray"="d:\tobit clipinc\Player\ClipIncTray.exe" [2009-03-16 668424]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-02-04 447152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-27 6281760]
"EnergySettings"="c:\program files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe" [2008-09-19 113664]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-09 30192]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-22 198160]
"PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"Ulead AutoDetector"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"Ulead Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"My Scrap Nook Search Scope Monitor"="c:\progra~1\MYSCRA~2\bar\1.bin\12srchmn.exe" [2012-08-09 42536]
"MyScrapNook_12 Browser Plugin Loader"="c:\progra~1\MYSCRA~2\bar\1.bin\12brmon.exe" [2012-08-09 30096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"Z1"="c:\users\alopolosmann\Desktop\mbar\mbar.exe" [2013-03-23 1398856]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]
.
c:\users\alopolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PMB Medien-Prüfung.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-6-6 333088]
.
c:\users\alopolosmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\alopolo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Photo Express Calendar Checker SE.lnk - c:\program files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2009-12-16 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-29 14:11]
.
2013-04-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2100976069-891764606-4081223034-1001Core.job
- c:\users\alopolosmann\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-30 19:56]
.
2013-04-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2100976069-891764606-4081223034-1001UA.job
- c:\users\alopolosmann\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-30 19:56]
.
2013-04-29 c:\windows\Tasks\ReclaimerUpdateFiles_alopolo.job
- c:\users\alopolo\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-20 09:49]
.
2013-04-29 c:\windows\Tasks\ReclaimerUpdateXML_alopolo.job
- c:\users\alopolo\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-20 09:49]
.
2013-05-01 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_alopolo.job
- c:\users\alopolo\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-20 09:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=884B002185C6A2B0
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Ïîèñê@Mail.Ru - c:\program files\Mail.Ru\Sputnik\MailRuSputnik.dll/282
IE: Ñëîâàðè@Mail.Ru - c:\program files\Mail.Ru\Sputnik\MailRuSputnik.dll/283
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: !HIDDEN! 2009-09-07 06:14; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - 884be055000000000000002185c6a2b0
FF - user.js: extensions.claro.instlDay - 15564
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.112:49
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=884be055000000000000002185c6a2b0&q=
FF - user.js: extensions.BabylonToolbar.id - 884be055000000000000002185c6a2b0
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15694
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.211:05
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109727&tt=191212_1849_5112_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 884be055000000000000002185c6a2b0
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15813
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1614:43
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKLM-RunOnce-dvdstyler - (no file)
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-ElsterFormular 11.5.0.4546 - c:\program files\ElsterFormular\uninstall.exe
AddRemove-Ulead Photo Express 2.0 SE - c:\windows\IsUn0407.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-01 23:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2320)
c:\program files\MyScrapNook_12\bar\1.bin\12brstub.dll
.
Zeit der Fertigstellung: 2013-05-01 23:39:42
ComboFix-quarantined-files.txt 2013-05-01 21:39
.
Vor Suchlauf: 18 Verzeichnis(se), 26.379.419.648 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 27.288.371.200 Bytes frei
.
- - End Of File - - 3B57C69980E5D977E90CF5907089C7B7
p.s.: hat auch gar nicht gemeckert! |
|
01.05.2013, 23:18
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2013, 05:04
| #9 | |
| | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?Zitat:
ich habe es ausgeführt, es hat mir eine log auf dem desktop erstellt und wo ich dann neu gestartet hatte war es weg...? Code:
ATTFilter # AdwCleaner v2.300 - Datei am 02/05/2013 um 06:13:52 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : alopolo - alopolo-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\alopolosmann\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\alopolosmann\AppData\Roaming\Mozilla\Firefox\Profiles\dgvctsjl.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\alopolosmann\AppData\Roaming\Mozilla\Firefox\Profiles\dgvctsjl.default\searchplugins\Conduit.xml
Gelöscht mit Neustart : C:\Program Files\MyScrapNook_12
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\alopolo\AppData\LocalLow\MyScrapNook_12
Ordner Gelöscht : C:\Users\alopolo\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gelöscht : C:\Users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Ordner Gelöscht : C:\Users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\extensions\12ffxtbr@MyScrapNook_12.com
Ordner Gelöscht : C:\Users\alopolo\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\alopolosmann\AppData\Local\MyScrapNook_12
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\MyScrapNook_12
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\MyWebSearch
Ordner Gelöscht : C:\Users\alopolosmann\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\alopolosmann\AppData\Roaming\Mozilla\Firefox\Profiles\dgvctsjl.default\extensions\12ffxtbr@MyScrapNook_12.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\53eda8be13ce944
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\53eda8be13ce944
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Schlüssel Gelöscht : HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v3.6.8 (de)
Datei : C:\Users\alopolo\AppData\Roaming\Mozilla\Firefox\Profiles\2zpm80sg.default\prefs.js
Gelöscht : user_pref("extensions.enabledAddons", "autopager@mozilla.org:0.6.1.32,m3ffxtbr@mywebsearch.com:1.2,{[...]
Datei : C:\Users\alopolosmann\AppData\Roaming\Mozilla\Firefox\Profiles\dgvctsjl.default\prefs.js
Gelöscht : user_pref("browser.search.defaultthis.engineName", "WiseConvert Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&Sea[...]
Gelöscht : user_pref("browser.search.selectedEngine", "WiseConvert Customized Web Search");
Gelöscht : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
*************************
AdwCleaner[S1].txt - [5538 octets] - [02/05/2013 06:13:52]
########## EOF - \AdwCleaner[S1].txt - [5598 octets] ##########
Code:
ATTFilter OTL logfile created on: 02.05.2013 06:25:44 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alopolosmann\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,92% Memory free 6,22 Gb Paging File | 5,16 Gb Available in Paging File | 82,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 153,63 Gb Total Space | 24,70 Gb Free Space | 16,08% Space Free | Partition Type: NTFS Drive D: | 303,34 Gb Total Space | 266,44 Gb Free Space | 87,83% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 907,93 Gb Free Space | 97,47% Space Free | Partition Type: NTFS Computer Name: alopolo-PC | User Name: alopolo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\alopolosmann\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) PRC - C:\Programme\MyScrapNook_12\bar\1.bin\12barsvc.exe (COMPANYVERS_NAME) PRC - C:\Programme\MyScrapNook_12\bar\1.bin\12brmon.exe (VER_COMPANY_NAME) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - D:\Tobit ClipInc\Server\ClipInc-Server.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Ulead Systems\Ulead Photo Express 6\CalCheck.exe (Ulead Systems, Inc.) PRC - C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll () MOD - C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll () MOD - C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - D:\Tobit ClipInc\Player\ClipInc$.ger () MOD - D:\Tobit ClipInc\Player\tobitclt.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 6\uviplA6.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 6\uvipl.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 6\Cpuinf32.dll () MOD - C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\U32MISC.DLL () MOD - C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\u32Spy.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (MyScrapNook_12Service) -- C:\Programme\MyScrapNook_12\bar\1.bin\12barsvc.exe (COMPANYVERS_NAME) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ClipInc001) -- D:\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (TestHandler) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\alopolo\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKLM\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes\{D87887CC-08DA-431B-919B-2E509C9CC189}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = https://asp.stotax.com/ IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - No CLSID value found IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\URLSearchHook: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - No CLSID value found IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes,bProtectorDefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060} IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes,BrowserMngrDefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local> IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8555 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.32 FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1 FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll (MindSpark) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.19 13:52:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.19 13:52:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12ffxtbr@MyScrapNook_12.com: C:\Program Files\MyScrapNook_12\bar\1.bin [2013.05.02 06:13:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 23:34:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.20 23:34:18 | 000,000,000 | ---D | M] [2009.01.21 20:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alopolo\AppData\Roaming\mozilla\Extensions [2013.05.02 06:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions [2010.12.21 07:25:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.21 07:24:10 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\autopager@mozilla.org [2011.03.19 07:47:46 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\finder@meingutscheincode.de [2009.01.21 20:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.20 12:09:01 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.20 12:09:01 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.12.20 12:09:01 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.12 12:46:08 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.20 12:09:01 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.01 23:38:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O3 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..\Toolbar\WebBrowser: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O3 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..\Toolbar\WebBrowser: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EnergySettings] C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [My Scrap Nook Search Scope Monitor] C:\Programme\MyScrapNook_12\bar\1.bin\12SrchMn.exe (MindSpark) O4 - HKLM..\Run: [MyScrapNook_12 Browser Plugin Loader] C:\Programme\MyScrapNook_12\bar\1.bin\12brmon.exe (VER_COMPANY_NAME) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Ulead AutoDetector] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Ulead Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 6\CalCheck.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\Run: [ClipIncSrvTray] D:\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software) O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001..\Run: [ClipIncSrvTray] D:\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software) O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001..\Run: [Facebook Update] C:\Users\alopolosmann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat () O4 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000..\RunOnce: [Report] \AdwCleaner[S1].txt () O4 - Startup: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) O4 - Startup: C:\Users\alopolosmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Ïîèñê@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Ñëîâàðè@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2100976069-891764606-4081223034-1000\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6C9CDA8-C6B7-477D-9E42-8375C52BB421}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.02 05:51:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.02 05:51:11 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.01 23:39:44 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.01 23:39:44 | 000,000,000 | ---D | C] -- C:\Users\alopolo\AppData\Local\temp [2013.05.01 23:39:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.01 23:29:32 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.01 23:19:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.01 23:19:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.01 23:19:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.01 23:19:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.01 23:19:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.28 20:16:44 | 000,000,000 | ---D | C] -- C:\Users\alopolo\AppData\Roaming\Malwarebytes [2013.04.28 20:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.28 20:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.28 20:16:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.28 20:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.18 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\alopolo\Local Settings [2013.04.18 14:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler [2013.04.18 14:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVDStyler [2013.04.17 14:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Users\alopolo\AppData\Roaming\DVDVideoSoft [2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.04.17 14:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.04.17 14:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.04.12 10:45:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.12 10:45:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.12 10:45:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.12 10:45:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.12 10:45:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.12 10:45:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.12 10:45:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.12 10:44:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.12 06:47:51 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.12 06:47:51 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.12 06:47:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.12 06:47:48 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.04.12 06:47:47 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2013.05.02 06:23:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.02 06:23:47 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.02 06:23:47 | 000,126,486 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.02 06:23:47 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.02 06:16:50 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_alopolo.job [2013.05.02 06:16:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.02 06:16:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.02 06:16:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.02 06:16:29 | 3220,312,064 | -HS- | M] () -- C:\hiberfil.sys [2013.05.02 06:14:16 | 000,000,099 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.05.02 06:11:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.02 01:01:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2100976069-891764606-4081223034-1001UA.job [2013.05.01 23:38:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.30 22:01:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2100976069-891764606-4081223034-1001Core.job [2013.04.30 05:31:27 | 435,551,619 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.29 11:38:59 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_alopolo.job [2013.04.29 11:27:16 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_alopolo.job [2013.04.28 23:51:56 | 000,001,101 | ---- | M] () -- C:\Users\alopolo\Desktop\Free YouTube Download.lnk [2013.04.28 20:16:26 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.26 11:23:00 | 000,000,000 | ---- | M] () -- C:\Users\alopolo\defogger_reenable [2013.04.18 23:46:38 | 000,001,038 | ---- | M] () -- C:\Users\alopolo\Desktop\DVDVideoSoft Free Studio.lnk [2013.04.18 23:46:37 | 000,002,058 | ---- | M] () -- C:\Users\alopolo\Desktop\Free MP4 Video Converter.lnk [2013.04.18 14:42:47 | 000,000,908 | ---- | M] () -- C:\Users\alopolo\Desktop\DVDStyler.lnk [2013.04.18 12:15:22 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2013.04.18 09:03:39 | 000,001,197 | ---- | M] () -- C:\Users\alopolo\Desktop\Free YouTube to DVD Converter.lnk [2013.04.18 09:03:39 | 000,001,106 | ---- | M] () -- C:\Users\alopolo\Desktop\Free DVD Video Burner.lnk [2013.04.12 12:49:06 | 000,789,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.05.02 06:13:59 | 000,000,099 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.05.01 23:19:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.01 23:19:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.01 23:19:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.01 23:19:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.01 23:19:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.30 05:31:27 | 435,551,619 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.28 20:16:26 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.26 11:23:00 | 000,000,000 | ---- | C] () -- C:\Users\alopolo\defogger_reenable [2013.04.18 23:46:37 | 000,002,058 | ---- | C] () -- C:\Users\alopolo\Desktop\Free MP4 Video Converter.lnk [2013.04.18 14:42:47 | 000,000,908 | ---- | C] () -- C:\Users\alopolo\Desktop\DVDStyler.lnk [2013.04.18 09:03:39 | 000,001,197 | ---- | C] () -- C:\Users\alopolo\Desktop\Free YouTube to DVD Converter.lnk [2013.04.18 09:01:08 | 000,001,106 | ---- | C] () -- C:\Users\alopolo\Desktop\Free DVD Video Burner.lnk [2013.04.17 14:29:12 | 000,001,038 | ---- | C] () -- C:\Users\alopolo\Desktop\DVDVideoSoft Free Studio.lnk [2013.04.17 14:29:11 | 000,001,101 | ---- | C] () -- C:\Users\alopolo\Desktop\Free YouTube Download.lnk [2012.08.20 14:36:16 | 000,001,235 | ---- | C] () -- C:\Users\alopolo\AppData\Local\recently-used.xbel [2009.11.15 21:18:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.03.08 15:36:56 | 000,000,680 | RHS- | C] () -- C:\Users\alopolo\ntuser.pol [2009.03.07 11:50:23 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.01.25 12:48:22 | 000,000,680 | ---- | C] () -- C:\Users\alopolo\AppData\Local\d3d9caps.dat [2008.12.21 20:02:48 | 000,012,800 | ---- | C] () -- C:\Users\alopolo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2009.01.09 20:46:16 | 000,000,000 | ---D | M](C:\Users\alopolo\Documents\????? Mail.Ru ??????) -- C:\Users\alopolo\Documents\Файлы Mail.Ru Агента [2009.01.09 20:46:16 | 000,000,000 | ---D | C](C:\Users\alopolo\Documents\????? Mail.Ru ??????) -- C:\Users\alopolo\Documents\Файлы Mail.Ru Агента < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.05.2013 06:25:44 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alopolosmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,92% Memory free
6,22 Gb Paging File | 5,16 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,63 Gb Total Space | 24,70 Gb Free Space | 16,08% Space Free | Partition Type: NTFS
Drive D: | 303,34 Gb Total Space | 266,44 Gb Free Space | 87,83% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 907,93 Gb Free Space | 97,47% Space Free | Partition Type: NTFS
Computer Name: alopolo-PC | User Name: alopolo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\alopolosmann\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079FC0CC-D153-4A89-87EE-EDCAFBA3D83D}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{17436347-8224-4707-B059-310136E7CF38}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{27FC8AFA-F492-460B-9781-73B2363B6261}" = rport=139 | protocol=6 | dir=out | app=system |
"{5C2FDDCC-FCDE-4BB8-8844-E376CB7AE995}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5D7E5C46-EA15-4A58-A062-6F4ECF063674}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6A7CF2F9-B80E-41CD-BDEE-E52CE2E3FBA1}" = lport=139 | protocol=6 | dir=in | app=system |
"{72E4368C-3747-4A55-BCE5-6AB1597D555C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{769F8914-96BC-422B-98C3-338921C1A5AC}" = rport=138 | protocol=17 | dir=out | app=system |
"{8783D96B-13D1-47BF-BA1E-60A5CD04C82C}" = lport=138 | protocol=17 | dir=in | app=system |
"{B4118985-07A7-4723-93E5-67AC3CC5E7F4}" = lport=137 | protocol=17 | dir=in | app=system |
"{B8C64A64-088D-441C-87C2-1FD2527A1548}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BCF745C0-1C29-45AC-82D4-F4B6A15BE17E}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{C61921E5-4E3C-4B71-9BFC-8858AEE47D19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C83273F6-10DA-4A32-AB4A-0E2931E3D348}" = rport=445 | protocol=6 | dir=out | app=system |
"{D7D85808-E747-4F87-81D3-14E28DC69C45}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E304ED96-7E9F-41C6-BD44-F02FCE65053F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E6CCD5A7-2F25-4742-A7B8-4CC2E8E9394A}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE048DDD-2726-41D4-80B1-4B292F4F4ECD}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F651D9-AAA3-4874-A74B-999E523F0671}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2E4DC274-68B5-4703-AB89-D8A2740E69FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{325E52A9-72F2-45B3-97F3-2375704A0BF7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{52733A88-A04B-4B21-AD91-6DFD04FFD29F}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{8146763B-4E0D-4ADE-9FAC-EA3D4C7A62F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{83D68802-329C-4E83-A223-D7A5E3306D89}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8DC3C739-0B3C-4EE4-8100-F07A8F58FC51}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9868F1CF-0712-4F4D-8D6E-5FBDBBDA7DB8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9CD49C33-6C55-4F3A-A539-DAA9D9D21507}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A7FFE30C-7E9A-4E39-BBE8-59AAAEC7AF96}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A9EB14C7-7E68-4EF9-A51F-7A48E9117097}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC1930B7-4747-4602-8322-0F10DA745ED1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AE0001D3-221A-4852-BC78-EBA774B2071E}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{D21B1B05-C88D-4738-A7D3-99852993EC0B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E1F01EB4-6B5C-41F9-BC75-99D21909F65F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E4C2BADF-ECAE-4298-9619-E9B6BCDD8CEB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{630F4783-5DE1-4318-A04A-A8B52C8796FD}C:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe |
"TCP Query User{F6A58D04-65DA-44DC-A2E1-04C024C73048}C:\program files\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"UDP Query User{E3A03FAA-814E-4E82-AA71-6A19B27B04A6}C:\program files\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"UDP Query User{E55D5BD9-EA44-4E94-ADA4-BDC97E20236F}C:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C4D233-4F03-4A5D-8EFE-C651D221146D}" = Serif Digital Scrapbook Artist
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9605D5C2-F545-40F2-B39A-0462E4CD3811}" = Windows Vista Demo Screen Saver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B00B1355-DD54-4314-90B1-161C6A7D3FD3}" = Serif PagePlus X2
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B6E9A977-C2C7-4CA0-0001-98605B7C7D3E}" = MyTube Recorder
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload-Software
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A716E5-6E7E-40F8-BB46-6FAEF98FB6FC}" = SystemDiagnostics
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0
"{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}" = Serif PhotoPlus X2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDStyler_is1" = DVDStyler v2.4.3
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.2.6.320
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.23.320
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.422
"Freemake Audio Converter_is1" = Freemake Audio Converter Version 1.1.0
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"ifolor-OrderClient21" = ifolor Designer
"Inkscape" = Inkscape 0.48.3.1
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.3.351 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D)
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.76 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"MailRuSputnik" = Mail.Ru Спутник 2.0.1.54
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"Müller Foto" = Müller Foto
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"MyScrapNook_12bar Uninstall" = My Scrap Nook Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2100976069-891764606-4081223034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2100976069-891764606-4081223034-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MRA" = Mail.Ru Агент 5.5 (сборка 2842, для текущего пользователя)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.05.2013 00:10:51 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.05.2013 00:18:13 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description =
< End of report >
|
|
02.05.2013, 13:01
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2013, 13:49
| #11 |
| | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows Vista (TM) Home Premium x86
Ran by alopolo on 02.05.2013 at 6:05:51,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.05.2013 at 6:07:15,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und neu gestartet hab ich ihn, nicht das programm |
|
02.05.2013, 13:52
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8555
IE - HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - user.js - File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2013, 13:59
| #13 | |
| | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield?Zitat:
|
|
02.05.2013, 14:03
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? In diesem Fall kommt da nichts vor, du kannst das Script 1:1 übernehmen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2013, 14:19
| #15 |
| | Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? danke Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2100976069-891764606-4081223034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: m3ffxtbr@mywebsearch.com:1.1 removed from extensions.enabledItems
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\alopolosmann\Desktop\cmd.bat deleted successfully.
C:\Users\alopolosmann\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: alopolo
->Temp folder emptied: 66924 bytes
->Temporary Internet Files folder emptied: 3050228 bytes
->Java cache emptied: 7517920 bytes
->FireFox cache emptied: 136105255 bytes
->Flash cache emptied: 1313 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: alopolosmann
->Temp folder emptied: 3013624 bytes
->Temporary Internet Files folder emptied: 4824324 bytes
->Java cache emptied: 5440379 bytes
->FireFox cache emptied: 451409370 bytes
->Google Chrome cache emptied: 78501491 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 5344 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 658,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 05022013_150519
|
|
| Themen zu Oh je 2 Trojaner gefunden, AntiVirus-Update nicht mehr möglich... vllt nach DeInstallation von HotSpot Shield? |
| andere, anderen, anhänge, ccleaner, deinstallation, deinstalliert, einzige, ergebnis, gen, herstellen, hoffe, hotspot, hotspot shield, interne, internetverbindung, internetverbindungsabriß, keine updates, laufen, malware, nicht mehr, probleme, profi, rojaner gefunden, shield, tiere, troja, trojaner, verbindung, viren, weiterhelfen, wieder herstellen |
Textbox. 
Linear-Darstellung
