WIN32/Trustezeb.C Trojaner im Email Anhang

Andreooo29 · 27.06.2013, 21:11

Hallo

Habe gestern leider auch dummerweise einen Anhang einer Spam Mail angeklickt und sofort
schlug mein ESEt Smart Security 6 Vollversion Alarm !
(Anwaltsdrohung von Apple -.-)

Habe obengenannten Trojaner in die Quarantäne verschoben.

System WIN 7 64Bit

Habe Eset nach Neustart durchlaufen lassen und er findet nichts (LOG Datei weiss ich nicht wie ich sie speichere ! (habe Arbeitsspeicher Bootsektor und Systemfestplatte gescannt)

Dann hab ich auch TDSS Killer heruntergeladen und gescannt wie hier beschrieben
(findet 2 Sachen..poste gleich drunter den LOG)
Habe leider ausversehen nicht auf Skip gedrückt beim ersten mal aber die beiden Sachen tauchen immer wieder auf beim scannen)

Danach hab ich noch Malwarebytes installiert...findet nichts..LOG poste ich ebenfalls

Bin ich sauber ? Merke keinerlei Veränderungen bis jetzt. Hab trotzdem Sorge wegen 4 Sachen in der Quarantäne von ESET

Vielen Dank schonmal im Vorraus

10:03:36.0974 0108 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:03:37.0271 0108 ============================================================
10:03:37.0271 0108 Current date / time: 2013/06/27 10:03:37.0271
10:03:37.0271 0108 SystemInfo:
10:03:37.0271 0108
10:03:37.0271 0108 OS Version: 6.1.7601 ServicePack: 1.0
10:03:37.0271 0108 Product type: Workstation
10:03:37.0271 0108 ComputerName: ASRA-PC
10:03:37.0271 0108 UserName: Asra
10:03:37.0271 0108 Windows directory: C:\Windows
10:03:37.0271 0108 System windows directory: C:\Windows
10:03:37.0271 0108 Running under WOW64
10:03:37.0271 0108 Processor architecture: Intel x64
10:03:37.0271 0108 Number of processors: 2
10:03:37.0271 0108 Page size: 0x1000
10:03:37.0271 0108 Boot type: Normal boot
10:03:37.0271 0108 ============================================================
10:03:38.0175 0108 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:03:38.0175 0108 ============================================================
10:03:38.0175 0108 \Device\Harddisk0\DR0:
10:03:38.0175 0108 MBR partitions:
10:03:38.0175 0108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
10:03:38.0191 0108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x183A1856
10:03:38.0191 0108 ============================================================
10:03:38.0207 0108 C: <-> \Device\Harddisk0\DR0\Partition1
10:03:38.0222 0108 D: <-> \Device\Harddisk0\DR0\Partition2
10:03:38.0222 0108 ============================================================
10:03:38.0222 0108 Initialize success
10:03:38.0222 0108 ============================================================
10:03:49.0641 2072 ============================================================
10:03:49.0641 2072 Scan started
10:03:49.0641 2072 Mode: Manual; SigCheck; TDLFS;
10:03:49.0641 2072 ============================================================
10:03:50.0281 2072 ================ Scan system memory ========================
10:03:50.0281 2072 System memory - ok
10:03:50.0281 2072 ================ Scan services =============================
10:03:50.0453 2072 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:03:50.0593 2072 1394ohci - ok
10:03:50.0687 2072 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:03:50.0718 2072 ACPI - ok
10:03:50.0749 2072 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:03:51.0123 2072 AcpiPmi - ok
10:03:51.0201 2072 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:03:51.0217 2072 AdobeARMservice - ok
10:03:51.0295 2072 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:03:51.0311 2072 AdobeFlashPlayerUpdateSvc - ok
10:03:51.0357 2072 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:03:51.0373 2072 adp94xx - ok
10:03:51.0404 2072 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:03:51.0420 2072 adpahci - ok
10:03:51.0435 2072 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:03:51.0435 2072 adpu320 - ok
10:03:51.0451 2072 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:03:51.0576 2072 AeLookupSvc - ok
10:03:51.0638 2072 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:03:51.0716 2072 AFD - ok
10:03:51.0747 2072 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:03:51.0763 2072 agp440 - ok
10:03:51.0794 2072 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:03:51.0825 2072 ALG - ok
10:03:51.0841 2072 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:03:51.0857 2072 aliide - ok
10:03:51.0903 2072 [ D45D3540C5AE2A48C6112DF03F06F374 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:03:51.0981 2072 AMD External Events Utility - ok
10:03:51.0981 2072 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:03:51.0997 2072 amdide - ok
10:03:52.0028 2072 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:03:52.0075 2072 AmdK8 - ok
10:03:52.0325 2072 [ 5B871F3E4A4A6C4693A413E3138B51D0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:03:52.0590 2072 amdkmdag - ok
10:03:52.0668 2072 [ 9BE1140CE8D2C5E878F136A7B85D41B3 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:03:52.0699 2072 amdkmdap - ok
10:03:52.0715 2072 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:03:52.0761 2072 AmdPPM - ok
10:03:52.0793 2072 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:03:52.0808 2072 amdsata - ok
10:03:52.0824 2072 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:03:52.0839 2072 amdsbs - ok
10:03:52.0871 2072 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:03:52.0871 2072 amdxata - ok
10:03:52.0886 2072 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:03:53.0011 2072 AppID - ok
10:03:53.0042 2072 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:03:53.0105 2072 AppIDSvc - ok
10:03:53.0136 2072 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
10:03:53.0183 2072 Appinfo - ok
10:03:53.0198 2072 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:03:53.0245 2072 AppMgmt - ok
10:03:53.0276 2072 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:03:53.0292 2072 arc - ok
10:03:53.0307 2072 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:03:53.0323 2072 arcsas - ok
10:03:53.0417 2072 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:03:53.0432 2072 aspnet_state - ok
10:03:53.0432 2072 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:03:53.0495 2072 AsyncMac - ok
10:03:53.0510 2072 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:03:53.0526 2072 atapi - ok
10:03:53.0573 2072 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:03:53.0588 2072 AtiHDAudioService - ok
10:03:53.0791 2072 [ 5B871F3E4A4A6C4693A413E3138B51D0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:03:53.0885 2072 atikmdag - ok
10:03:53.0931 2072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:03:53.0978 2072 AudioEndpointBuilder - ok
10:03:53.0994 2072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:03:54.0025 2072 AudioSrv - ok
10:03:54.0041 2072 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:03:54.0072 2072 AxInstSV - ok
10:03:54.0103 2072 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:03:54.0134 2072 b06bdrv - ok
10:03:54.0150 2072 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:03:54.0197 2072 b57nd60a - ok
10:03:54.0212 2072 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:03:54.0259 2072 BDESVC - ok
10:03:54.0290 2072 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:03:54.0337 2072 Beep - ok
10:03:54.0368 2072 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:03:54.0415 2072 BFE - ok
10:03:54.0462 2072 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:03:54.0540 2072 BITS - ok
10:03:54.0555 2072 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:03:54.0555 2072 blbdrive - ok
10:03:54.0602 2072 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:03:54.0633 2072 bowser - ok
10:03:54.0649 2072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:03:54.0696 2072 BrFiltLo - ok
10:03:54.0696 2072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:03:54.0711 2072 BrFiltUp - ok
10:03:54.0743 2072 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:03:54.0774 2072 Browser - ok
10:03:54.0789 2072 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:03:54.0836 2072 Brserid - ok
10:03:54.0852 2072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:03:54.0867 2072 BrSerWdm - ok
10:03:54.0867 2072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:03:54.0899 2072 BrUsbMdm - ok
10:03:54.0899 2072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:03:54.0914 2072 BrUsbSer - ok
10:03:54.0930 2072 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:03:54.0961 2072 BTHMODEM - ok
10:03:54.0977 2072 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:03:55.0023 2072 bthserv - ok
10:03:55.0070 2072 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:03:55.0117 2072 cdfs - ok
10:03:55.0164 2072 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:03:55.0179 2072 cdrom - ok
10:03:55.0211 2072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:03:55.0257 2072 CertPropSvc - ok
10:03:55.0273 2072 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:03:55.0304 2072 circlass - ok
10:03:55.0335 2072 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:03:55.0351 2072 CLFS - ok
10:03:55.0413 2072 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:03:55.0429 2072 clr_optimization_v2.0.50727_32 - ok
10:03:55.0491 2072 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:03:55.0507 2072 clr_optimization_v2.0.50727_64 - ok
10:03:55.0538 2072 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:03:55.0554 2072 clr_optimization_v4.0.30319_64 - ok
10:03:55.0601 2072 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
10:03:55.0601 2072 clwvd - ok
10:03:55.0632 2072 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:03:55.0647 2072 CmBatt - ok
10:03:55.0679 2072 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:03:55.0694 2072 cmdide - ok
10:03:55.0741 2072 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:03:55.0772 2072 CNG - ok
10:03:55.0788 2072 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:03:55.0803 2072 Compbatt - ok
10:03:55.0835 2072 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:03:55.0866 2072 CompositeBus - ok
10:03:55.0866 2072 COMSysApp - ok
10:03:55.0881 2072 cpuz135 - ok
10:03:55.0897 2072 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:03:55.0913 2072 crcdisk - ok
10:03:55.0944 2072 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
10:03:55.0959 2072 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:03:55.0959 2072 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:03:55.0975 2072 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
10:03:55.0991 2072 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:03:55.0991 2072 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:03:56.0022 2072 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:03:56.0069 2072 CryptSvc - ok
10:03:56.0100 2072 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:03:56.0162 2072 CSC - ok
10:03:56.0240 2072 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:03:56.0303 2072 CscService - ok
10:03:56.0412 2072 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
10:03:56.0428 2072 CT20XUT - ok
10:03:56.0443 2072 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
10:03:56.0459 2072 CT20XUT.SYS - ok
10:03:56.0474 2072 [ 397FBD4454E5B2FB77E55D1013DF548C ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
10:03:56.0490 2072 ctac32k - ok
10:03:56.0521 2072 [ 50A8CD4DF066FE57D0C473A2645988CC ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
10:03:56.0537 2072 ctaud2k - ok
10:03:56.0568 2072 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
10:03:56.0615 2072 CTEXFIFX - ok
10:03:56.0646 2072 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
10:03:56.0662 2072 CTEXFIFX.SYS - ok
10:03:56.0677 2072 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
10:03:56.0677 2072 CTHWIUT - ok
10:03:56.0708 2072 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
10:03:56.0708 2072 CTHWIUT.SYS - ok
10:03:56.0724 2072 [ 757776E207CA5E71E4A16BD1260AE1F2 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
10:03:56.0740 2072 ctprxy2k - ok
10:03:56.0740 2072 [ 9B111EE2F488A8D9C21A13ED4C777795 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
10:03:56.0755 2072 ctsfm2k - ok
10:03:56.0833 2072 [ 356BB3DD25987179080F3B669AD4080A ] DCamUSBNovatek C:\Windows\system32\Drivers\nvtcam.sys
10:03:56.0896 2072 DCamUSBNovatek - ok
10:03:56.0942 2072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:03:56.0989 2072 DcomLaunch - ok
10:03:57.0005 2072 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:03:57.0052 2072 defragsvc - ok
10:03:57.0083 2072 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:03:57.0130 2072 DfsC - ok
10:03:57.0145 2072 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
10:03:57.0161 2072 dg_ssudbus - ok
10:03:57.0192 2072 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:03:57.0223 2072 Dhcp - ok
10:03:57.0254 2072 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:03:57.0301 2072 discache - ok
10:03:57.0317 2072 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:03:57.0332 2072 Disk - ok
10:03:57.0348 2072 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:03:57.0395 2072 Dnscache - ok
10:03:57.0442 2072 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:03:57.0488 2072 dot3svc - ok
10:03:57.0520 2072 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:03:57.0566 2072 DPS - ok
10:03:57.0582 2072 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:03:57.0598 2072 drmkaud - ok
10:03:57.0644 2072 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:03:57.0676 2072 DXGKrnl - ok
10:03:57.0722 2072 [ 398904F1FBF13CEF0FCB822E9CA5F2D5 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
10:03:57.0738 2072 eamonm - ok
10:03:57.0754 2072 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:03:57.0800 2072 EapHost - ok
10:03:57.0878 2072 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:03:57.0956 2072 ebdrv - ok
10:03:57.0988 2072 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:03:58.0019 2072 EFS - ok
10:03:58.0066 2072 [ 9E39134330C18CBAC0F24C1283701D7E ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
10:03:58.0081 2072 ehdrv - ok
10:03:58.0128 2072 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:03:58.0175 2072 ehRecvr - ok
10:03:58.0206 2072 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:03:58.0237 2072 ehSched - ok
10:03:58.0346 2072 [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
10:03:58.0378 2072 ekrn - ok
10:03:58.0393 2072 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:03:58.0409 2072 elxstor - ok
10:03:58.0424 2072 [ 683DCAF0D4EFC3F95A32E8924849202D ] emupia C:\Windows\system32\drivers\emupia2k.sys
10:03:58.0440 2072 emupia - ok
10:03:58.0456 2072 [ 392EC4EA0C265F5BC50D057BEAA593CD ] epfw C:\Windows\system32\DRIVERS\epfw.sys
10:03:58.0471 2072 epfw - ok
10:03:58.0502 2072 [ 0C9EC63C5BAE9506161F14B8A5C10280 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
10:03:58.0502 2072 EpfwLWF - ok
10:03:58.0534 2072 [ AD03E0C95E750F3FBE84EDA87B2C4E08 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
10:03:58.0534 2072 epfwwfp - ok
10:03:58.0549 2072 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:03:58.0580 2072 ErrDev - ok
10:03:58.0612 2072 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:03:58.0658 2072 EventSystem - ok
10:03:58.0690 2072 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:03:58.0736 2072 exfat - ok
10:03:58.0752 2072 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:03:58.0783 2072 fastfat - ok
10:03:58.0814 2072 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:03:58.0861 2072 Fax - ok
10:03:58.0877 2072 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:03:58.0908 2072 fdc - ok
10:03:58.0939 2072 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:03:59.0002 2072 fdPHost - ok
10:03:59.0017 2072 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:03:59.0048 2072 FDResPub - ok
10:03:59.0080 2072 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:03:59.0080 2072 FileInfo - ok
10:03:59.0095 2072 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:03:59.0142 2072 Filetrace - ok
10:03:59.0142 2072 FIXUSTOR - ok
10:03:59.0158 2072 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:03:59.0158 2072 flpydisk - ok
10:03:59.0189 2072 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:03:59.0204 2072 FltMgr - ok
10:03:59.0267 2072 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
10:03:59.0298 2072 FontCache - ok
10:03:59.0345 2072 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:03:59.0345 2072 FontCache3.0.0.0 - ok
10:03:59.0376 2072 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:03:59.0392 2072 FsDepends - ok
10:03:59.0407 2072 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:03:59.0423 2072 Fs_Rec - ok
10:03:59.0454 2072 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:03:59.0470 2072 fvevol - ok
10:03:59.0485 2072 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:03:59.0501 2072 gagp30kx - ok
10:03:59.0516 2072 [ 7508FCFB8D93556213F530DFFAEDEC45 ] GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
10:03:59.0532 2072 GearAspiWDM - ok
10:03:59.0579 2072 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:03:59.0641 2072 gpsvc - ok
10:03:59.0672 2072 [ 076F366B87575ADC7D152C7A34ACB3DC ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
10:03:59.0704 2072 ha20x22k - ok
10:03:59.0735 2072 [ 4A7533EB52DC9D1847E7F78DEE1CE322 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
10:03:59.0766 2072 ha20x2k - ok
10:03:59.0828 2072 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
10:03:59.0844 2072 hamachi - ok
10:03:59.0860 2072 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:03:59.0906 2072 hcw85cir - ok
10:03:59.0953 2072 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:03:59.0969 2072 HdAudAddService - ok
10:03:59.0984 2072 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:04:00.0016 2072 HDAudBus - ok
10:04:00.0031 2072 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:04:00.0031 2072 HidBatt - ok
10:04:00.0047 2072 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:04:00.0078 2072 HidBth - ok
10:04:00.0094 2072 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:04:00.0125 2072 HidIr - ok
10:04:00.0156 2072 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:04:00.0203 2072 hidserv - ok
10:04:00.0234 2072 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:04:00.0265 2072 HidUsb - ok
10:04:00.0281 2072 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:04:00.0328 2072 hkmsvc - ok
10:04:00.0343 2072 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:04:00.0390 2072 HomeGroupListener - ok
10:04:00.0421 2072 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:04:00.0437 2072 HomeGroupProvider - ok
10:04:00.0468 2072 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:04:00.0484 2072 HpSAMD - ok
10:04:00.0515 2072 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:04:00.0577 2072 HTTP - ok
10:04:00.0608 2072 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:04:00.0608 2072 hwpolicy - ok
10:04:00.0640 2072 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:04:00.0655 2072 i8042prt - ok
10:04:00.0796 2072 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:04:00.0811 2072 iaStorV - ok
10:04:00.0858 2072 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:04:00.0874 2072 idsvc - ok
10:04:00.0905 2072 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:04:00.0920 2072 iirsp - ok
10:04:00.0952 2072 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:04:00.0983 2072 IKEEXT - ok
10:04:00.0998 2072 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:04:01.0014 2072 intelide - ok
10:04:01.0030 2072 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:04:01.0061 2072 intelppm - ok
10:04:01.0092 2072 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:04:01.0123 2072 IPBusEnum - ok
10:04:01.0154 2072 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:04:01.0201 2072 IpFilterDriver - ok
10:04:01.0248 2072 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:04:01.0295 2072 iphlpsvc - ok
10:04:01.0310 2072 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:04:01.0342 2072 IPMIDRV - ok
10:04:01.0373 2072 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:04:01.0420 2072 IPNAT - ok
10:04:01.0435 2072 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:04:01.0622 2072 IRENUM - ok
10:04:01.0638 2072 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:04:01.0654 2072 isapnp - ok
10:04:01.0685 2072 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:04:01.0700 2072 iScsiPrt - ok
10:04:01.0747 2072 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:04:01.0747 2072 kbdclass - ok
10:04:01.0763 2072 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:04:01.0794 2072 kbdhid - ok
10:04:01.0810 2072 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:04:01.0825 2072 KeyIso - ok
10:04:01.0856 2072 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:04:01.0872 2072 KSecDD - ok
10:04:01.0888 2072 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:04:01.0903 2072 KSecPkg - ok
10:04:01.0919 2072 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:04:01.0966 2072 ksthunk - ok
10:04:01.0997 2072 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:04:02.0059 2072 KtmRm - ok
10:04:02.0106 2072 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:04:02.0137 2072 LanmanServer - ok
10:04:02.0153 2072 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:04:02.0215 2072 LanmanWorkstation - ok
10:04:02.0215 2072 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:04:02.0246 2072 lltdio - ok
10:04:02.0278 2072 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:04:02.0309 2072 lltdsvc - ok
10:04:02.0324 2072 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:04:02.0356 2072 lmhosts - ok
10:04:02.0371 2072 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:04:02.0387 2072 LSI_FC - ok
10:04:02.0402 2072 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:04:02.0402 2072 LSI_SAS - ok
10:04:02.0418 2072 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:04:02.0434 2072 LSI_SAS2 - ok
10:04:02.0434 2072 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:04:02.0449 2072 LSI_SCSI - ok
10:04:02.0465 2072 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:04:02.0496 2072 luafv - ok
10:04:02.0527 2072 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:04:02.0543 2072 Mcx2Svc - ok
10:04:02.0558 2072 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:04:02.0574 2072 megasas - ok
10:04:02.0590 2072 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:04:02.0605 2072 MegaSR - ok
10:04:02.0621 2072 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:04:02.0668 2072 MMCSS - ok
10:04:02.0683 2072 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:04:02.0730 2072 Modem - ok
10:04:02.0746 2072 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:04:02.0777 2072 monitor - ok
10:04:02.0824 2072 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:04:02.0839 2072 mouclass - ok
10:04:02.0870 2072 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:04:02.0902 2072 mouhid - ok
10:04:02.0917 2072 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:04:02.0933 2072 mountmgr - ok
10:04:03.0026 2072 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:04:03.0042 2072 MozillaMaintenance - ok
10:04:03.0058 2072 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:04:03.0073 2072 mpio - ok
10:04:03.0104 2072 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:04:03.0136 2072 mpsdrv - ok
10:04:03.0167 2072 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:04:03.0229 2072 MpsSvc - ok
10:04:03.0245 2072 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:04:03.0276 2072 MRxDAV - ok
10:04:03.0307 2072 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:04:03.0354 2072 mrxsmb - ok
10:04:03.0385 2072 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:04:03.0416 2072 mrxsmb10 - ok
10:04:03.0432 2072 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:04:03.0448 2072 mrxsmb20 - ok
10:04:03.0463 2072 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:04:03.0479 2072 msahci - ok
10:04:03.0510 2072 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:04:03.0526 2072 msdsm - ok
10:04:03.0541 2072 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:04:03.0557 2072 MSDTC - ok
10:04:03.0604 2072 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:04:03.0619 2072 Msfs - ok
10:04:03.0635 2072 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:04:03.0666 2072 mshidkmdf - ok
10:04:03.0682 2072 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:04:03.0682 2072 msisadrv - ok
10:04:03.0713 2072 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:04:03.0760 2072 MSiSCSI - ok
10:04:03.0760 2072 msiserver - ok
10:04:03.0791 2072 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:04:03.0838 2072 MSKSSRV - ok
10:04:03.0853 2072 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:04:03.0900 2072 MSPCLOCK - ok
10:04:03.0916 2072 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:04:03.0962 2072 MSPQM - ok
10:04:03.0994 2072 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:04:04.0009 2072 MsRPC - ok
10:04:04.0025 2072 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:04:04.0025 2072 mssmbios - ok
10:04:04.0056 2072 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:04:04.0103 2072 MSTEE - ok
10:04:04.0118 2072 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:04:04.0134 2072 MTConfig - ok
10:04:04.0150 2072 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:04:04.0165 2072 Mup - ok
10:04:04.0196 2072 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:04:04.0243 2072 napagent - ok
10:04:04.0274 2072 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:04:04.0306 2072 NativeWifiP - ok
10:04:04.0337 2072 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:04:04.0352 2072 NDIS - ok
10:04:04.0368 2072 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:04:04.0399 2072 NdisCap - ok
10:04:04.0415 2072 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:04:04.0462 2072 NdisTapi - ok
10:04:04.0477 2072 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:04:04.0524 2072 Ndisuio - ok
10:04:04.0540 2072 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:04:04.0571 2072 NdisWan - ok
10:04:04.0602 2072 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:04:04.0649 2072 NDProxy - ok
10:04:04.0664 2072 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:04:04.0696 2072 NetBIOS - ok
10:04:04.0727 2072 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:04:04.0789 2072 NetBT - ok
10:04:04.0805 2072 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:04:04.0805 2072 Netlogon - ok
10:04:04.0836 2072 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:04:04.0867 2072 Netman - ok
10:04:04.0914 2072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:04:04.0914 2072 NetMsmqActivator - ok
10:04:04.0914 2072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:04:04.0930 2072 NetPipeActivator - ok
10:04:04.0945 2072 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:04:04.0992 2072 netprofm - ok
10:04:04.0992 2072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:04:05.0008 2072 NetTcpActivator - ok
10:04:05.0008 2072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:04:05.0008 2072 NetTcpPortSharing - ok
10:04:05.0039 2072 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:04:05.0039 2072 nfrd960 - ok
10:04:05.0070 2072 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:04:05.0086 2072 NlaSvc - ok
10:04:05.0101 2072 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:04:05.0132 2072 Npfs - ok
10:04:05.0148 2072 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:04:05.0195 2072 nsi - ok
10:04:05.0195 2072 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:04:05.0242 2072 nsiproxy - ok
10:04:05.0288 2072 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:04:05.0335 2072 Ntfs - ok
10:04:05.0335 2072 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:04:05.0382 2072 Null - ok
10:04:05.0413 2072 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:04:05.0429 2072 nvraid - ok
10:04:05.0444 2072 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:04:05.0444 2072 nvstor - ok
10:04:05.0476 2072 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:04:05.0491 2072 nv_agp - ok
10:04:05.0507 2072 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:04:05.0522 2072 ohci1394 - ok
10:04:05.0538 2072 [ A29A80A1CF63D0DC27EEFCAF27D34664 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
10:04:05.0554 2072 ossrv - ok
10:04:05.0616 2072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:04:05.0663 2072 p2pimsvc - ok
10:04:05.0678 2072 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:04:05.0710 2072 p2psvc - ok
10:04:05.0725 2072 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:04:05.0741 2072 Parport - ok
10:04:05.0772 2072 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:04:05.0772 2072 partmgr - ok
10:04:05.0788 2072 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:04:05.0819 2072 PcaSvc - ok
10:04:05.0834 2072 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:04:05.0850 2072 pci - ok
10:04:05.0881 2072 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:04:05.0881 2072 pciide - ok
10:04:05.0912 2072 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:04:05.0928 2072 pcmcia - ok
10:04:05.0959 2072 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:04:05.0959 2072 pcw - ok
10:04:06.0006 2072 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:04:06.0084 2072 PEAUTH - ok
10:04:06.0131 2072 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:04:06.0178 2072 PeerDistSvc - ok
10:04:06.0256 2072 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:04:06.0271 2072 PerfHost - ok
10:04:06.0349 2072 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:04:06.0396 2072 pla - ok
10:04:06.0443 2072 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:04:06.0505 2072 PlugPlay - ok
10:04:06.0505 2072 PnkBstrA - ok
10:04:06.0505 2072 PnkBstrB - ok
10:04:06.0536 2072 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:04:06.0568 2072 PNRPAutoReg - ok
10:04:06.0583 2072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:04:06.0599 2072 PNRPsvc - ok
10:04:06.0630 2072 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:04:06.0677 2072 PolicyAgent - ok
10:04:06.0708 2072 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:04:06.0739 2072 Power - ok
10:04:06.0770 2072 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:04:06.0802 2072 PptpMiniport - ok
10:04:06.0817 2072 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:04:06.0833 2072 Processor - ok
10:04:06.0864 2072 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:04:06.0880 2072 ProfSvc - ok
10:04:06.0895 2072 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:04:06.0895 2072 ProtectedStorage - ok
10:04:06.0942 2072 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:04:06.0989 2072 Psched - ok
10:04:07.0020 2072 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:04:07.0051 2072 ql2300 - ok
10:04:07.0067 2072 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:04:07.0082 2072 ql40xx - ok
10:04:07.0114 2072 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:04:07.0145 2072 QWAVE - ok
10:04:07.0160 2072 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:04:07.0192 2072 QWAVEdrv - ok
10:04:07.0207 2072 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:04:07.0254 2072 RasAcd - ok
10:04:07.0270 2072 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:04:07.0301 2072 RasAgileVpn - ok
10:04:07.0316 2072 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:04:07.0348 2072 RasAuto - ok
10:04:07.0363 2072 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:04:07.0410 2072 Rasl2tp - ok
10:04:07.0426 2072 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:04:07.0472 2072 RasMan - ok
10:04:07.0488 2072 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:04:07.0519 2072 RasPppoe - ok
10:04:07.0535 2072 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:04:07.0566 2072 RasSstp - ok
10:04:07.0613 2072 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:04:07.0644 2072 rdbss - ok
10:04:07.0675 2072 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:04:07.0691 2072 rdpbus - ok
10:04:07.0722 2072 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:04:07.0769 2072 RDPCDD - ok
10:04:07.0800 2072 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:04:07.0816 2072 RDPDR - ok
10:04:07.0816 2072 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:04:07.0862 2072 RDPENCDD - ok
10:04:07.0878 2072 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:04:07.0909 2072 RDPREFMP - ok
10:04:07.0940 2072 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:04:07.0956 2072 RdpVideoMiniport - ok
10:04:07.0972 2072 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:04:08.0018 2072 RDPWD - ok
10:04:08.0050 2072 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:04:08.0065 2072 rdyboost - ok
10:04:08.0096 2072 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:04:08.0143 2072 RemoteAccess - ok
10:04:08.0159 2072 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:04:08.0206 2072 RemoteRegistry - ok
10:04:08.0221 2072 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:04:08.0252 2072 RpcEptMapper - ok
10:04:08.0268 2072 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:04:08.0284 2072 RpcLocator - ok
10:04:08.0315 2072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:04:08.0346 2072 RpcSs - ok
10:04:08.0377 2072 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:04:08.0424 2072 rspndr - ok
10:04:08.0455 2072 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:04:08.0486 2072 RTL8167 - ok
10:04:08.0518 2072 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:04:08.0533 2072 s3cap - ok
10:04:08.0533 2072 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:04:08.0549 2072 SamSs - ok
10:04:08.0564 2072 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:04:08.0580 2072 sbp2port - ok
10:04:08.0596 2072 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:04:08.0642 2072 SCardSvr - ok
10:04:08.0658 2072 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:04:08.0689 2072 scfilter - ok
10:04:08.0736 2072 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:04:08.0783 2072 Schedule - ok
10:04:08.0798 2072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:04:08.0830 2072 SCPolicySvc - ok
10:04:08.0861 2072 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:04:08.0892 2072 SDRSVC - ok
10:04:08.0986 2072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\SECDRV.SYS
10:04:09.0032 2072 secdrv - ok
10:04:09.0048 2072 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:04:09.0095 2072 seclogon - ok
10:04:09.0110 2072 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:04:09.0142 2072 SENS - ok
10:04:09.0157 2072 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:04:09.0188 2072 SensrSvc - ok
10:04:09.0188 2072 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:04:09.0220 2072 Serenum - ok
10:04:09.0235 2072 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:04:09.0251 2072 Serial - ok
10:04:09.0266 2072 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:04:09.0298 2072 sermouse - ok
10:04:09.0313 2072 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:04:09.0344 2072 SessionEnv - ok
10:04:09.0376 2072 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:04:09.0391 2072 sffdisk - ok
10:04:09.0407 2072 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:04:09.0438 2072 sffp_mmc - ok
10:04:09.0438 2072 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:04:09.0469 2072 sffp_sd - ok
10:04:09.0485 2072 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:04:09.0500 2072 sfloppy - ok
10:04:09.0532 2072 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:04:09.0578 2072 SharedAccess - ok
10:04:09.0610 2072 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:04:09.0656 2072 ShellHWDetection - ok
10:04:09.0656 2072 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:04:09.0672 2072 SiSRaid2 - ok
10:04:09.0688 2072 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:04:09.0703 2072 SiSRaid4 - ok
10:04:09.0766 2072 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:04:09.0781 2072 SkypeUpdate - ok
10:04:09.0781 2072 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:04:09.0828 2072 Smb - ok
10:04:09.0859 2072 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:04:09.0875 2072 SNMPTRAP - ok
10:04:09.0890 2072 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:04:09.0906 2072 spldr - ok
10:04:09.0937 2072 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:04:09.0968 2072 Spooler - ok
10:04:10.0046 2072 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:04:10.0140 2072 sppsvc - ok
10:04:10.0171 2072 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:04:10.0218 2072 sppuinotify - ok
10:04:10.0265 2072 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:04:10.0312 2072 srv - ok
10:04:10.0327 2072 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:04:10.0358 2072 srv2 - ok
10:04:10.0374 2072 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:04:10.0405 2072 srvnet - ok
10:04:10.0436 2072 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:04:10.0499 2072 SSDPSRV - ok
10:04:10.0499 2072 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:04:10.0530 2072 SstpSvc - ok
10:04:10.0561 2072 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
10:04:10.0561 2072 ssudmdm - ok
10:04:10.0577 2072 Steam Client Service - ok
10:04:10.0608 2072 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:04:10.0624 2072 stexstor - ok
10:04:10.0655 2072 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:04:10.0670 2072 stisvc - ok
10:04:10.0702 2072 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:04:10.0702 2072 storflt - ok
10:04:10.0733 2072 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:04:10.0733 2072 storvsc - ok
10:04:10.0748 2072 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:04:10.0764 2072 swenum - ok
10:04:10.0780 2072 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:04:10.0842 2072 swprv - ok
10:04:10.0842 2072 Synth3dVsc - ok
10:04:10.0904 2072 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:04:10.0951 2072 SysMain - ok
10:04:10.0967 2072 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:04:11.0060 2072 TabletInputService - ok
10:04:11.0092 2072 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:04:11.0138 2072 TapiSrv - ok
10:04:11.0154 2072 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:04:11.0185 2072 TBS - ok
10:04:11.0232 2072 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:04:11.0279 2072 Tcpip - ok
10:04:11.0294 2072 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:04:11.0326 2072 TCPIP6 - ok
10:04:11.0357 2072 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:04:11.0372 2072 tcpipreg - ok
10:04:11.0404 2072 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:04:11.0435 2072 TDPIPE - ok
10:04:11.0466 2072 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:04:11.0497 2072 TDTCP - ok
10:04:11.0528 2072 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:04:11.0575 2072 tdx - ok
10:04:11.0591 2072 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:04:11.0606 2072 TermDD - ok
10:04:11.0638 2072 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:04:11.0669 2072 TermService - ok
10:04:11.0684 2072 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:04:11.0716 2072 Themes - ok
10:04:11.0731 2072 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:04:11.0762 2072 THREADORDER - ok
10:04:11.0809 2072 [ FBD16717FD68B206C4CE3BB3C9EE5CB3 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
10:04:11.0809 2072 TomTomHOMEService - ok
10:04:11.0825 2072 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:04:11.0872 2072 TrkWks - ok
10:04:11.0918 2072 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:04:11.0965 2072 TrustedInstaller - ok
10:04:11.0981 2072 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:04:12.0012 2072 tssecsrv - ok
10:04:12.0028 2072 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:04:12.0074 2072 TsUsbFlt - ok
10:04:12.0074 2072 tsusbhub - ok
10:04:12.0106 2072 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:04:12.0152 2072 tunnel - ok
10:04:12.0184 2072 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:04:12.0199 2072 uagp35 - ok
10:04:12.0230 2072 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:04:12.0262 2072 udfs - ok
10:04:12.0293 2072 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:04:12.0293 2072 UI0Detect - ok
10:04:12.0308 2072 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:04:12.0324 2072 uliagpkx - ok
10:04:12.0340 2072 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:04:12.0355 2072 umbus - ok
10:04:12.0371 2072 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:04:12.0386 2072 UmPass - ok
10:04:12.0402 2072 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:04:12.0433 2072 UmRdpService - ok
10:04:12.0449 2072 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:04:12.0480 2072 upnphost - ok
10:04:12.0511 2072 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:04:12.0542 2072 usbccgp - ok
10:04:12.0558 2072 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:04:12.0589 2072 usbcir - ok
10:04:12.0605 2072 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:04:12.0636 2072 usbehci - ok
10:04:12.0667 2072 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:04:12.0683 2072 usbhub - ok
10:04:12.0714 2072 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:04:12.0730 2072 usbohci - ok
10:04:12.0761 2072 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:04:12.0792 2072 usbprint - ok
10:04:12.0808 2072 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:04:12.0839 2072 usbscan - ok
10:04:12.0870 2072 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:04:12.0901 2072 USBSTOR - ok
10:04:12.0917 2072 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:04:12.0932 2072 usbuhci - ok
10:04:12.0995 2072 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:04:13.0010 2072 usbvideo - ok
10:04:13.0042 2072 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:04:13.0073 2072 UxSms - ok
10:04:13.0088 2072 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:04:13.0104 2072 VaultSvc - ok
10:04:13.0104 2072 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:04:13.0120 2072 vdrvroot - ok
10:04:13.0151 2072 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:04:13.0213 2072 vds - ok
10:04:13.0229 2072 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:04:13.0244 2072 vga - ok
10:04:13.0260 2072 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:04:13.0291 2072 VgaSave - ok
10:04:13.0291 2072 VGPU - ok
10:04:13.0322 2072 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:04:13.0322 2072 vhdmp - ok
10:04:13.0338 2072 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:04:13.0354 2072 viaide - ok
10:04:13.0369 2072 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:04:13.0385 2072 vmbus - ok
10:04:13.0400 2072 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:04:13.0400 2072 VMBusHID - ok
10:04:13.0432 2072 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:04:13.0447 2072 volmgr - ok
10:04:13.0478 2072 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:04:13.0494 2072 volmgrx - ok
10:04:13.0494 2072 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:04:13.0510 2072 volsnap - ok
10:04:13.0541 2072 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:04:13.0541 2072 vsmraid - ok
10:04:13.0588 2072 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:04:13.0650 2072 VSS - ok
10:04:13.0666 2072 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:04:13.0712 2072 vwifibus - ok
10:04:13.0728 2072 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:04:13.0775 2072 W32Time - ok
10:04:13.0806 2072 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:04:13.0822 2072 WacomPen - ok
10:04:13.0837 2072 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:04:13.0868 2072 WANARP - ok
10:04:13.0868 2072 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:04:13.0900 2072 Wanarpv6 - ok
10:04:13.0931 2072 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:04:13.0978 2072 wbengine - ok
10:04:13.0993 2072 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:04:14.0009 2072 WbioSrvc - ok
10:04:14.0040 2072 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:04:14.0087 2072 wcncsvc - ok
10:04:14.0102 2072 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:04:14.0134 2072 WcsPlugInService - ok
10:04:14.0149 2072 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:04:14.0165 2072 Wd - ok
10:04:14.0196 2072 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:04:14.0227 2072 Wdf01000 - ok
10:04:14.0243 2072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:04:14.0321 2072 WdiServiceHost - ok
10:04:14.0321 2072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:04:14.0336 2072 WdiSystemHost - ok
10:04:14.0368 2072 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:04:14.0383 2072 WebClient - ok
10:04:14.0399 2072 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:04:14.0446 2072 Wecsvc - ok
10:04:14.0461 2072 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:04:14.0492 2072 wercplsupport - ok
10:04:14.0508 2072 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:04:14.0555 2072 WerSvc - ok
10:04:14.0586 2072 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:04:14.0602 2072 WfpLwf - ok
10:04:14.0617 2072 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:04:14.0633 2072 WIMMount - ok
10:04:14.0648 2072 WinDefend - ok
10:04:14.0664 2072 WinHttpAutoProxySvc - ok
10:04:14.0711 2072 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:04:14.0758 2072 Winmgmt - ok
10:04:14.0804 2072 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:04:14.0867 2072 WinRM - ok
10:04:14.0882 2072 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:04:14.0914 2072 WinUsb - ok
10:04:14.0945 2072 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:04:14.0992 2072 Wlansvc - ok
10:04:15.0085 2072 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:04:15.0132 2072 wlidsvc - ok
10:04:15.0148 2072 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:04:15.0179 2072 WmiAcpi - ok
10:04:15.0210 2072 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:04:15.0241 2072 wmiApSrv - ok
10:04:15.0257 2072 WMPNetworkSvc - ok
10:04:15.0288 2072 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:04:15.0304 2072 WPCSvc - ok
10:04:15.0335 2072 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:04:15.0350 2072 WPDBusEnum - ok
10:04:15.0382 2072 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:04:15.0428 2072 ws2ifsl - ok
10:04:15.0444 2072 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:04:15.0475 2072 wscsvc - ok
10:04:15.0491 2072 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:04:15.0522 2072 WSDPrintDevice - ok
10:04:15.0569 2072 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
10:04:15.0584 2072 WSDScan - ok
10:04:15.0584 2072 WSearch - ok
10:04:15.0662 2072 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:04:15.0694 2072 wuauserv - ok
10:04:15.0740 2072 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:04:15.0756 2072 WudfPf - ok
10:04:15.0772 2072 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:04:15.0803 2072 WUDFRd - ok
10:04:15.0834 2072 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:04:15.0865 2072 wudfsvc - ok
10:04:15.0896 2072 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
10:04:15.0928 2072 WwanSvc - ok
10:04:15.0943 2072 ================ Scan global ===============================
10:04:15.0990 2072 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:04:16.0021 2072 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:04:16.0037 2072 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:04:16.0068 2072 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:04:16.0084 2072 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:04:16.0084 2072 [Global] - ok
10:04:16.0084 2072 ================ Scan MBR ==================================
10:04:16.0099 2072 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:04:16.0489 2072 \Device\Harddisk0\DR0 - ok
10:04:16.0489 2072 ================ Scan VBR ==================================
10:04:16.0489 2072 [ 989E292610A651DC37274FAB1FEFEA44 ] \Device\Harddisk0\DR0\Partition1
10:04:16.0505 2072 \Device\Harddisk0\DR0\Partition1 - ok
10:04:16.0505 2072 [ 968BB18E65F586E8E380B2931419097E ] \Device\Harddisk0\DR0\Partition2
10:04:16.0505 2072 \Device\Harddisk0\DR0\Partition2 - ok
10:04:16.0505 2072 ============================================================
10:04:16.0505 2072 Scan finished
10:04:16.0505 2072 ============================================================
10:04:16.0505 4052 Detected object count: 2
10:04:16.0505 4052 Actual detected object count: 2
10:04:30.0732 4052 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:30.0732 4052 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:30.0732 4052 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:30.0732 4052 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.27.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Asra :: ASRA-PC [Administrator]

27.06.2013 22:11:59
mbam-log-2013-06-27 (22-11-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 334793
Laufzeit: 37 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

aharonov · 28.06.2013, 00:22

Hallo,

Zitat:

Dann hab ich auch TDSS Killer heruntergeladen und gescannt wie hier beschrieben
(findet 2 Sachen..poste gleich drunter den LOG)
Habe leider ausversehen nicht auf Skip gedrückt beim ersten mal aber die beiden Sachen tauchen immer wieder auf beim scannen)

Diese beiden Sachen sind auch überhaupt nicht schädlich.

Zitat:

Bin ich sauber ?

Kann ich so noch nicht sagen. Aber immerhin scheint ESET bei diesem verseuchten Anhang rechtzeitig eingegriffen zu haben..

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Andreooo29 · 28.06.2013, 07:12

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.06.2013 08:04:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Asra\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,07% Memory free
8,00 Gb Paging File | 6,58 Gb Available in Paging File | 82,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 5,28 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 64,28 Gb Free Space | 33,17% Space Free | Partition Type: NTFS
 
Computer Name: ASRA-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Asra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CTXFIGER.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (DCamUSBNovatek) -- C:\Windows\SysNative\drivers\nvtcam.sys (Novatek)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 20:27:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.06.12 20:10:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 20:27:17 | 000,000,000 | ---D | M]
 
[2012.11.23 00:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\Extensions
[2012.11.23 00:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.06.16 01:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\Firefox\Profiles\cd2j6spx.default\extensions
[2013.06.16 01:21:29 | 000,375,787 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.06.11 23:10:27 | 000,187,236 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\videoresumer@jetpack.xpi
[2012.12.11 22:25:07 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.12 18:35:21 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013.05.09 00:40:47 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.03 19:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.23 20:40:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.17 21:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.17 21:50:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2013.06.27 01:39:28 | 000,000,840 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost 
O1 - Hosts: ::1             localhost 
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0AF34EE-C3DA-444D-9460-4E21FF2EDDF0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.28 08:02:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asra\Desktop\OTL.exe
[2013.06.27 22:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.27 22:10:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.27 22:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.27 22:07:05 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Asra\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.27 21:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.27 21:30:34 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Asra\Desktop\SpyHunter-Installer.exe
[2013.06.27 01:22:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.06.27 00:31:08 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Roaming\Malwarebytes
[2013.06.27 00:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.27 00:30:51 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Local\Programs
[2013.06.27 00:23:26 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Asra\Desktop\tdsskiller.exe
[2013.06.13 01:03:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.13 01:03:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.13 01:03:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.13 01:03:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.13 01:03:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.13 01:03:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.13 01:03:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.13 01:03:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.13 01:03:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.13 01:03:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.13 01:03:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.13 01:03:12 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.13 01:03:11 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.13 01:03:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.13 01:03:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.06.12 22:24:53 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 22:24:53 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 22:24:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 22:24:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 22:24:48 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 22:24:35 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 22:24:35 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 22:24:35 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 22:24:34 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 22:24:34 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 22:24:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 22:24:30 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 22:24:30 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.12 20:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.06.12 20:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.06.12 20:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.10 23:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartTweak Software
[2013.06.09 22:39:44 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Roaming\ESET
[2013.06.09 22:39:44 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Local\ESET
[2013.06.09 22:22:38 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.06.05 20:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.05 20:04:31 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.06.05 20:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.05 20:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.28 08:03:15 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 08:03:15 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 08:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asra\Desktop\OTL.exe
[2013.06.28 07:55:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.28 07:55:51 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.28 00:20:24 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013.06.28 00:20:24 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013.06.28 00:20:24 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013.06.28 00:19:13 | 055,804,858 | ---- | M] () -- C:\Users\Asra\Desktop\ggggg.mp4
[2013.06.27 23:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.27 22:10:01 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.27 22:07:49 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Asra\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.27 21:30:44 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Asra\Desktop\SpyHunter-Installer.exe
[2013.06.27 01:39:28 | 000,000,840 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.27 00:23:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Asra\Desktop\tdsskiller.exe
[2013.06.19 13:53:04 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.19 13:53:04 | 000,694,460 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.19 13:53:04 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.19 13:53:04 | 000,147,584 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.19 13:53:04 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.11 21:29:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.11 21:29:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.11 00:09:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.02 18:16:32 | 001,093,271 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.06.02 18:16:32 | 000,055,555 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.05.30 00:13:32 | 000,012,288 | ---- | M] () -- C:\Users\Asra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2013.06.28 00:13:33 | 055,804,858 | ---- | C] () -- C:\Users\Asra\Desktop\ggggg.mp4
[2013.06.27 22:10:01 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.05 20:04:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.10.14 19:22:59 | 001,586,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.18 19:02:01 | 001,093,271 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.04.20 13:36:36 | 000,012,288 | ---- | C] () -- C:\Users\Asra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.14 18:49:22 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.14 18:49:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.12 23:39:01 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.04.12 23:39:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.04.12 23:37:33 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.04.12 19:31:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

Andreooo29 · 28.06.2013, 07:14

OTL EXTRAS Logfile:
OTL Logfile:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.06.2013 08:04:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Asra\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,07% Memory free
8,00 Gb Paging File | 6,58 Gb Available in Paging File | 82,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 5,28 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 64,28 Gb Free Space | 33,17% Space Free | Partition Type: NTFS
 
Computer Name: ASRA-PC | User Name: Asra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4012749123-2322542761-2195987858-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{409F8043-12EF-4F38-A84D-DDEC2360AAD3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B419B7E5-2C65-4D4C-BA9F-EE93FE505E03}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B402C0-61CC-4E51-B3E9-C13EFB1D0C97}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{42B77B2C-4BD0-421F-9320-5174F3328C00}" = protocol=6 | dir=in | app=d:\css\steamapps\common\counter-strike source\hl2.exe | 
"{735BF6E8-19D0-4373-B3A6-C6997264FD5B}" = protocol=17 | dir=in | app=c:\users\asra\appdata\roaming\utorrent\utorrent.exe | 
"{88915EA0-B0AF-4E19-80E0-31E6EADB5320}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{95A43206-6D61-48FA-96BB-A1E0A9D0184E}" = protocol=17 | dir=in | app=d:\css\steamapps\common\counter-strike source\hl2.exe | 
"{C8FA842F-883A-42EC-9AE7-84A3E7EE4E37}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CD9FD459-AF93-4DF0-B39C-D73685B79275}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{CE091322-0162-4CD7-AF7F-16A06B43D1B8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D673852F-87C8-48FE-BB54-4E05392D8A5B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D6AB1672-BCCD-40ED-B330-B4CDB22C0039}" = protocol=6 | dir=in | app=c:\users\asra\appdata\roaming\utorrent\utorrent.exe | 
"{EA929FB2-6A0D-4920-8168-E86593787903}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{F5C20FCC-2900-4F60-BF68-3D942C44F418}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1F85668C-CEB7-7A2E-356C-C42F950A982C}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416045FF}" = Java(TM) 6 Update 45 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DA9F8C00-2674-476F-9836-0F3661A09A30}" = ESET Smart Security
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}" = AMD Catalyst Install Manager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudioCS" = Creative Audio-Systemsteuerung
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Opera 12.11.1661" = Opera 12.11
"SFBM" = SoundFont-Bank-Manager
"Steam App 240" = Counter-Strike: Source
"TomTom HOME" = TomTom HOME 2.7.3.1894
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4012749123-2322542761-2195987858-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2013 15:41:17 | Computer Name = Asra-PC | Source = ESENT | ID = 455
Description = Windows (3036) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0000C.log.
 
Error - 25.06.2013 15:41:20 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 25.06.2013 15:41:20 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 25.06.2013 15:41:20 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 25.06.2013 15:41:20 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 25.06.2013 15:41:20 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 25.06.2013 15:41:21 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 25.06.2013 15:41:21 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 25.06.2013 15:41:21 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 25.06.2013 15:41:21 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 25.06.2013 15:41:21 | Computer Name = Asra-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Restart the service.
 
Error - 25.06.2013 15:42:03 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.06.2013 14:41:23 | Computer Name = Asra-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 26.06.2013 14:42:17 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.06.2013 15:35:48 | Computer Name = Asra-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 26.06.2013 18:38:57 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.06.2013 03:06:23 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.06.2013 14:09:25 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.06.2013 15:39:02 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 28.06.2013 01:57:05 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

--- --- ---

--- --- ---

--- --- ---

OTL EXTRAS Logfile:
OTL Logfile:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 28.06.2013 08:04:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Asra\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,07% Memory free
8,00 Gb Paging File | 6,58 Gb Available in Paging File | 82,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 5,28 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 64,28 Gb Free Space | 33,17% Space Free | Partition Type: NTFS
 
Computer Name: ASRA-PC | User Name: Asra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4012749123-2322542761-2195987858-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{409F8043-12EF-4F38-A84D-DDEC2360AAD3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B419B7E5-2C65-4D4C-BA9F-EE93FE505E03}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B402C0-61CC-4E51-B3E9-C13EFB1D0C97}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{42B77B2C-4BD0-421F-9320-5174F3328C00}" = protocol=6 | dir=in | app=d:\css\steamapps\common\counter-strike source\hl2.exe | 
"{735BF6E8-19D0-4373-B3A6-C6997264FD5B}" = protocol=17 | dir=in | app=c:\users\asra\appdata\roaming\utorrent\utorrent.exe | 
"{88915EA0-B0AF-4E19-80E0-31E6EADB5320}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{95A43206-6D61-48FA-96BB-A1E0A9D0184E}" = protocol=17 | dir=in | app=d:\css\steamapps\common\counter-strike source\hl2.exe | 
"{C8FA842F-883A-42EC-9AE7-84A3E7EE4E37}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CD9FD459-AF93-4DF0-B39C-D73685B79275}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{CE091322-0162-4CD7-AF7F-16A06B43D1B8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D673852F-87C8-48FE-BB54-4E05392D8A5B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D6AB1672-BCCD-40ED-B330-B4CDB22C0039}" = protocol=6 | dir=in | app=c:\users\asra\appdata\roaming\utorrent\utorrent.exe | 
"{EA929FB2-6A0D-4920-8168-E86593787903}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{F5C20FCC-2900-4F60-BF68-3D942C44F418}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1F85668C-CEB7-7A2E-356C-C42F950A982C}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416045FF}" = Java(TM) 6 Update 45 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DA9F8C00-2674-476F-9836-0F3661A09A30}" = ESET Smart Security
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}" = AMD Catalyst Install Manager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudioCS" = Creative Audio-Systemsteuerung
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Opera 12.11.1661" = Opera 12.11
"SFBM" = SoundFont-Bank-Manager
"Steam App 240" = Counter-Strike: Source
"TomTom HOME" = TomTom HOME 2.7.3.1894
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4012749123-2322542761-2195987858-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2013 15:41:17 | Computer Name = Asra-PC | Source = ESENT | ID = 455
Description = Windows (3036) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0000C.log.
 
Error - 25.06.2013 15:41:20 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 25.06.2013 15:41:20 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 25.06.2013 15:41:20 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 25.06.2013 15:41:20 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 25.06.2013 15:41:20 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 25.06.2013 15:41:21 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 25.06.2013 15:41:21 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 25.06.2013 15:41:21 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 25.06.2013 15:41:21 | Computer Name = Asra-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 25.06.2013 15:41:21 | Computer Name = Asra-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Restart the service.
 
Error - 25.06.2013 15:42:03 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.06.2013 14:41:23 | Computer Name = Asra-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 26.06.2013 14:42:17 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.06.2013 15:35:48 | Computer Name = Asra-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 26.06.2013 18:38:57 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.06.2013 03:06:23 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.06.2013 14:09:25 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.06.2013 15:39:02 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 28.06.2013 01:57:05 | Computer Name = Asra-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

--- --- ---

--- --- ---

--- --- ---

Sorry ausversehen doppelt gepostet !!!!!
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.06.2013 08:04:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Asra\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,07% Memory free
8,00 Gb Paging File | 6,58 Gb Available in Paging File | 82,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 5,28 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 64,28 Gb Free Space | 33,17% Space Free | Partition Type: NTFS
 
Computer Name: ASRA-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Asra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CTXFIGER.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (DCamUSBNovatek) -- C:\Windows\SysNative\drivers\nvtcam.sys (Novatek)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 20:27:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.06.12 20:10:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 20:27:17 | 000,000,000 | ---D | M]
 
[2012.11.23 00:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\Extensions
[2012.11.23 00:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.06.16 01:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\Firefox\Profiles\cd2j6spx.default\extensions
[2013.06.16 01:21:29 | 000,375,787 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.06.11 23:10:27 | 000,187,236 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\videoresumer@jetpack.xpi
[2012.12.11 22:25:07 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.12 18:35:21 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013.05.09 00:40:47 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.03 19:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.23 20:40:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.17 21:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.17 21:50:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2013.06.27 01:39:28 | 000,000,840 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost 
O1 - Hosts: ::1             localhost 
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0AF34EE-C3DA-444D-9460-4E21FF2EDDF0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.28 08:02:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asra\Desktop\OTL.exe
[2013.06.27 22:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.27 22:10:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.27 22:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.27 22:07:05 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Asra\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.27 21:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.27 21:30:34 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Asra\Desktop\SpyHunter-Installer.exe
[2013.06.27 01:22:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.06.27 00:31:08 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Roaming\Malwarebytes
[2013.06.27 00:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.27 00:30:51 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Local\Programs
[2013.06.27 00:23:26 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Asra\Desktop\tdsskiller.exe
[2013.06.13 01:03:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.13 01:03:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.13 01:03:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.13 01:03:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.13 01:03:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.13 01:03:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.13 01:03:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.13 01:03:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.13 01:03:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.13 01:03:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.13 01:03:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.13 01:03:12 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.13 01:03:11 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.13 01:03:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.13 01:03:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.06.12 22:24:53 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 22:24:53 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 22:24:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 22:24:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 22:24:48 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 22:24:35 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 22:24:35 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 22:24:35 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 22:24:34 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 22:24:34 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 22:24:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 22:24:30 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 22:24:30 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.12 20:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.06.12 20:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.06.12 20:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.10 23:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartTweak Software
[2013.06.09 22:39:44 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Roaming\ESET
[2013.06.09 22:39:44 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Local\ESET
[2013.06.09 22:22:38 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.06.05 20:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.05 20:04:31 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.06.05 20:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.05 20:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.28 08:03:15 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 08:03:15 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 08:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asra\Desktop\OTL.exe
[2013.06.28 07:55:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.28 07:55:51 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.28 00:20:24 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013.06.28 00:20:24 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013.06.28 00:20:24 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013.06.28 00:19:13 | 055,804,858 | ---- | M] () -- C:\Users\Asra\Desktop\ggggg.mp4
[2013.06.27 23:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.27 22:10:01 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.27 22:07:49 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Asra\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.27 21:30:44 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Asra\Desktop\SpyHunter-Installer.exe
[2013.06.27 01:39:28 | 000,000,840 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.27 00:23:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Asra\Desktop\tdsskiller.exe
[2013.06.19 13:53:04 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.19 13:53:04 | 000,694,460 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.19 13:53:04 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.19 13:53:04 | 000,147,584 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.19 13:53:04 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.11 21:29:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.11 21:29:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.11 00:09:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.02 18:16:32 | 001,093,271 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.06.02 18:16:32 | 000,055,555 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.05.30 00:13:32 | 000,012,288 | ---- | M] () -- C:\Users\Asra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2013.06.28 00:13:33 | 055,804,858 | ---- | C] () -- C:\Users\Asra\Desktop\ggggg.mp4
[2013.06.27 22:10:01 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.05 20:04:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.10.14 19:22:59 | 001,586,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.18 19:02:01 | 001,093,271 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.04.20 13:36:36 | 000,012,288 | ---- | C] () -- C:\Users\Asra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.14 18:49:22 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.14 18:49:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.12 23:39:01 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.04.12 23:39:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.04.12 23:37:33 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.04.12 19:31:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

SO jetzt aber alles da..SORRY musste schnell gehen vor der Arbeit

aharonov · 28.06.2013, 10:32

Hallo,

das Log sieht gut aus. Nur noch eine Kleinigkeit:

Schritt 1

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von SecurityCheck
Log von OTL

Andreooo29 · 28.06.2013, 18:06

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.303 - Logfile created 06/28/2013 at 18:55:12
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Asra - ASRA-PC
# Boot Mode : Normal
# Running from : C:\Users\Asra\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Asra\AppData\Roaming\Mozilla\Firefox\Profiles\cd2j6spx.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
File Found : C:\Users\Asra\AppData\Roaming\Mozilla\Firefox\Profiles\cd2j6spx.default\foxydeal.sqlite
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Asra\AppData\Local\PutLockerDownloader
Folder Found : C:\Users\Asra\AppData\Roaming\dvdvideosoftiehelpers
Folder Found : C:\Users\Asra\AppData\Roaming\Mozilla\Firefox\Profiles\cd2j6spx.default\jetpack

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\FoxyDeal
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Movie2KDownloader
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Tarma Installer
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (de)

File : C:\Users\Asra\AppData\Roaming\Mozilla\Firefox\Profiles\cd2j6spx.default\prefs.js

Found : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Found : user_pref("extentions.y2layers.installId", "eaaab1a5-452b-42c1-8aa4-9f285c60c7ef");

-\\ Opera v12.11.1661.0

File : C:\Users\Asra\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3818 octets] - [28/06/2013 18:55:12]

########## EOF - C:\AdwCleaner[R1].txt - [3878 octets] ##########

--- --- ---

Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 6.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 6 Update 31
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 21.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.06.2013 18:59:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Asra\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 71,20% Memory free
8,00 Gb Paging File | 6,80 Gb Available in Paging File | 85,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 5,21 Gb Free Space | 13,34% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 64,28 Gb Free Space | 33,17% Space Free | Partition Type: NTFS
 
Computer Name: ASRA-PC | User Name: Asra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Asra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CTXFIGER.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (DCamUSBNovatek) -- C:\Windows\SysNative\drivers\nvtcam.sys (Novatek)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-4012749123-2322542761-2195987858-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 20:27:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.06.12 20:10:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.05 20:27:17 | 000,000,000 | ---D | M]
 
[2012.11.23 00:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\Extensions
[2012.11.23 00:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.06.16 01:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\Firefox\Profiles\cd2j6spx.default\extensions
[2013.06.16 01:21:29 | 000,375,787 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.06.11 23:10:27 | 000,187,236 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\videoresumer@jetpack.xpi
[2012.12.11 22:25:07 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.12 18:35:21 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013.05.09 00:40:47 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Asra\AppData\Roaming\mozilla\firefox\profiles\cd2j6spx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.03 19:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.23 20:40:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.17 21:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.17 21:50:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2013.06.27 01:39:28 | 000,000,840 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost 
O1 - Hosts: ::1             localhost 
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0AF34EE-C3DA-444D-9460-4E21FF2EDDF0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.28 08:02:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asra\Desktop\OTL.exe
[2013.06.27 22:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.27 22:10:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.27 22:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.27 22:07:05 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Asra\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.27 21:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.27 21:30:34 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Asra\Desktop\SpyHunter-Installer.exe
[2013.06.27 01:22:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.06.27 00:31:08 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Roaming\Malwarebytes
[2013.06.27 00:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.27 00:30:51 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Local\Programs
[2013.06.27 00:23:26 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Asra\Desktop\tdsskiller.exe
[2013.06.12 20:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.06.12 20:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.06.12 20:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.10 23:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartTweak Software
[2013.06.09 22:39:44 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Roaming\ESET
[2013.06.09 22:39:44 | 000,000,000 | ---D | C] -- C:\Users\Asra\AppData\Local\ESET
[2013.06.09 22:22:38 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.06.05 20:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.05 20:04:31 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.06.05 20:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.05 20:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.28 18:56:46 | 000,890,988 | ---- | M] () -- C:\Users\Asra\Desktop\SecurityCheck.exe
[2013.06.28 18:54:46 | 000,648,201 | ---- | M] () -- C:\Users\Asra\Desktop\adwcleaner.exe
[2013.06.28 18:40:56 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 18:40:56 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 18:33:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.28 18:33:32 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.28 08:26:55 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013.06.28 08:26:55 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013.06.28 08:26:55 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2013.06.28 08:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asra\Desktop\OTL.exe
[2013.06.28 00:19:13 | 055,804,858 | ---- | M] () -- C:\Users\Asra\Desktop\ggggg.mp4
[2013.06.27 23:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.27 22:10:01 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.27 22:07:49 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Asra\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.27 21:30:44 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Asra\Desktop\SpyHunter-Installer.exe
[2013.06.27 01:39:28 | 000,000,840 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.27 00:23:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Asra\Desktop\tdsskiller.exe
[2013.06.19 13:53:04 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.19 13:53:04 | 000,694,460 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.19 13:53:04 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.19 13:53:04 | 000,147,584 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.19 13:53:04 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.11 00:09:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.02 18:16:32 | 001,093,271 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.06.02 18:16:32 | 000,055,555 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.05.30 00:13:32 | 000,012,288 | ---- | M] () -- C:\Users\Asra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2013.06.28 18:56:41 | 000,890,988 | ---- | C] () -- C:\Users\Asra\Desktop\SecurityCheck.exe
[2013.06.28 18:54:40 | 000,648,201 | ---- | C] () -- C:\Users\Asra\Desktop\adwcleaner.exe
[2013.06.28 00:13:33 | 055,804,858 | ---- | C] () -- C:\Users\Asra\Desktop\ggggg.mp4
[2013.06.27 22:10:01 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.05 20:04:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.10.14 19:22:59 | 001,586,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.18 19:02:01 | 001,093,271 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.04.20 13:36:36 | 000,012,288 | ---- | C] () -- C:\Users\Asra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.14 18:49:22 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.14 18:49:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.12 23:39:01 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.04.12 23:39:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.04.12 23:37:33 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.04.12 19:31:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.09 20:48:27 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\Amazon
[2012.04.19 13:32:40 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\Canneverbe Limited
[2013.05.27 20:00:48 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\DVDVideoSoft
[2013.02.01 22:21:19 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.06.09 22:39:44 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\ESET
[2012.09.19 23:36:20 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\GlarySoft
[2012.04.12 22:59:14 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\IrfanView
[2012.04.15 00:41:11 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\OpenOffice.org
[2012.04.23 21:52:55 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\Opera
[2012.04.13 20:30:51 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\Origin
[2012.11.23 00:34:41 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\TomTom
[2012.04.15 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\TuneUp Software
[2013.04.09 23:04:00 | 000,000,000 | ---D | M] -- C:\Users\Asra\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

aharonov · 28.06.2013, 18:17

Hallo,

das sieht soweit gut aus.

Schritt 1

Führe den AdwCleaner noch einmal aus, aber wähle dieses Mal die Option "Löschen" und nicht "Suchen".

Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 25.

Gehe zu
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
Start --> Systemsteuerung --> Software (bei Win XP)
und deinstalliere alle älteren Java-Versionen.

In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:

Lade dir die neueste Java-Version herunter.
Schliesse alle laufenden Programme, speziell den Browser.
Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".

Schritt 3

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:

Deinstalliere bitte deine aktuelle Version von Adobe Reader über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Schritt 4

Dein Firefox ist nicht mehr aktuell.
Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch.
Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird.

Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.

Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
- Schliesse alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Andreooo29 · 28.06.2013, 18:54

VIELEN VIELEN DANK für die schnelle und ausführliche Hilfe !!! Alles auf dem neusten Stand und MBM bleibt zur Sicherheit mit auf dem Rechner.

Thema erledigt

schönes WE wünsche ich

aharonov · 28.06.2013, 19:04

Danke für die Rückmeldung.

Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

WIN32/Trustezeb.C Trojaner im Email Anhang

Log-Analyse und Auswertung: WIN32/Trustezeb.C Trojaner im Email Anhang