| |
| |||||||
Log-Analyse und Auswertung: GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhandenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.07.2013, 22:18
| #1 |
| |  GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden Hallo alle zusammen, habe bereits einige Threads gelesen und bin auch schon die Anleitung durchgegangen. Habe per USB das System gestartet und OTL.txt und EXTRAS.txt nach dem Scan erhalten. Bitte um Hilfe, danke! Hinweis - Ich habe den Scan 2x durchführen müssen, da ich beim ersten Mal die EXTRAS.txt Datei nicht erhalten habe.. OTL.TXT OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/22/2013 12:08:40 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,013.00 Mb Total Physical Memory | 764.00 Mb Available Physical Memory | 75.00% Memory free
901.00 Mb Paging File | 808.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 65.60 Mb Free Space | 65.60% Space Free | Partition Type: NTFS
Drive D: | 78.03 Gb Total Space | 16.47 Gb Free Space | 21.11% Space Free | Partition Type: NTFS
Drive E: | 154.76 Gb Total Space | 18.91 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive X: | 960.70 Mb Total Space | 642.14 Mb Free Space | 66.84% Space Free | Partition Type: FAT
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (All) ==========
SRV - [2013/07/03 07:09:05 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/27 06:16:36 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto] -- D:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/05/13 00:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2013/03/19 00:53:27 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2013/02/27 00:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2013/01/13 16:30:34 | 000,906,240 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2012/12/14 05:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/12/12 08:57:02 | 000,553,440 | ---- | M] (Apple Inc.) [On_Demand] -- D:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2012/11/15 18:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- D:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 08:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- D:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/03 12:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2012/10/03 12:40:35 | 000,499,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2012/09/23 15:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/11 11:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto] -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/07/25 23:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV - [2012/07/04 17:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2012/05/01 00:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2012/04/07 21:01:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\lsass.exe -- (VaultSvc)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\lsass.exe -- (Netlogon)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\lsass.exe -- (EFS)
SRV - [2011/08/30 17:05:02 | 000,390,504 | ---- | M] (Apple Inc.) [Auto] -- D:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2011/08/07 16:28:10 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/24 06:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2011/05/04 00:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2010/11/19 22:21:40 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\WsmSvc.dll -- (WinRM)
SRV - [2010/11/19 22:21:38 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/19 22:21:38 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2010/11/19 22:21:38 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2010/11/19 22:21:36 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/19 22:21:36 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/19 22:21:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV - [2010/11/19 22:21:36 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\WebClnt.dll -- (WebClient)
SRV - [2010/11/19 22:21:34 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\umrdp.dll -- (UmRdpService)
SRV - [2010/11/19 22:21:34 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\umpo.dll -- (Power)
SRV - [2010/11/19 22:21:30 | 000,521,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2010/11/19 22:21:30 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/19 22:21:30 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV - [2010/11/19 22:21:28 | 001,159,168 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2010/11/19 22:21:28 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/19 22:21:26 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2010/11/19 22:21:20 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/19 22:21:10 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV - [2010/11/19 22:21:08 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2010/11/19 22:21:06 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/19 22:21:04 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2010/11/19 22:21:04 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/19 22:21:02 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/19 22:21:00 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/19 22:20:58 | 000,330,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV - [2010/11/19 22:20:58 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/19 22:20:56 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pla.dll -- (pla)
SRV - [2010/11/19 22:19:42 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/19 22:19:34 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010/11/19 22:19:30 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2010/11/19 22:19:28 | 000,071,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV - [2010/11/19 22:19:24 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2010/11/19 22:19:22 | 000,674,304 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV - [2010/11/19 22:19:10 | 000,593,408 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV - [2010/11/19 22:18:36 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2010/11/19 22:18:36 | 000,144,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\dps.dll -- (DPS)
SRV - [2010/11/19 22:18:32 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/19 22:18:26 | 000,546,304 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\cscsvc.dll -- (CscService)
SRV - [2010/11/19 22:18:14 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV - [2010/11/19 22:18:14 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV - [2010/11/19 22:18:08 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2010/11/19 22:18:08 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2010/11/19 22:18:06 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/19 22:18:06 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/19 22:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/11/19 22:17:54 | 001,203,200 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wbengine.exe -- (wbengine)
SRV - [2010/11/19 22:17:52 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/19 22:17:50 | 000,453,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\vds.exe -- (vds)
SRV - [2010/11/19 22:17:50 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2010/11/19 22:17:32 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2010/11/19 22:17:24 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2010/11/19 22:17:12 | 000,523,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\FXSSVC.exe -- (Fax)
SRV - [2010/11/19 22:17:08 | 000,556,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010/11/04 11:52:40 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/11/04 11:52:38 | 000,878,416 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 14:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 14:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/07/13 21:16:18 | 000,147,968 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV - [2009/07/13 21:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV - [2009/07/13 21:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV - [2009/07/13 21:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2009/07/13 21:16:18 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV - [2009/07/13 21:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009/07/13 21:16:17 | 000,288,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\w32time.dll -- (W32Time)
SRV - [2009/07/13 21:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\upnphost.dll -- (upnphost)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009/07/13 21:16:16 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\trkwks.dll -- (TrkWks)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 21:16:15 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2009/07/13 21:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sstpsvc.dll -- (SstpSvc)
SRV - [2009/07/13 21:16:15 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\tbssvc.dll -- (TBS)
SRV - [2009/07/13 21:16:13 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2009/07/13 21:16:13 | 000,112,640 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2009/07/13 21:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\Sens.dll -- (SENS)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,327,680 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2009/07/13 21:16:12 | 000,154,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV - [2009/07/13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 21:15:43 | 000,308,736 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 21:15:36 | 000,189,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV - [2009/07/13 21:15:36 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV - [2009/07/13 21:15:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV - [2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/07/13 21:15:33 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:20 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2009/07/13 21:15:20 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\bthserv.dll -- (bthserv)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/13 21:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:46 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV - [2009/07/13 21:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV - [2009/07/13 21:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2009/07/13 21:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\msdtc.exe -- (MSDTC)
SRV - [2009/07/13 21:14:22 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Locator.exe -- (RpcLocator)
SRV - [2009/07/13 21:14:19 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/13 21:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\dllhost.exe -- (COMSysApp)
SRV - [2009/07/13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 17:14:51 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
========== Driver Services (All) ==========
DRV - File not found [Kernel | On_Demand] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand] -- -- (Synth3dVsc)
DRV - [2013/06/27 06:16:36 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System] -- D:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/05/08 01:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV - [2013/05/08 01:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2013/04/12 09:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2013/04/10 01:18:40 | 000,728,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2013/01/24 00:47:07 | 000,196,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV - [2012/11/15 18:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- D:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 08:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- D:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/14 22:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- D:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/03 11:21:38 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2012/10/01 22:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/28 05:32:56 | 000,044,544 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2012/09/20 22:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/20 22:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- D:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/20 22:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System] -- D:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/13 22:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- D:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/22 13:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2012/08/21 08:01:22 | 000,026,840 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/07/25 23:39:21 | 000,526,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2012/07/25 22:33:43 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2012/07/25 22:32:51 | 000,155,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2012/06/02 00:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2012/06/02 00:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2012/06/02 00:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\cng.sys -- (CNG)
DRV - [2012/04/27 23:17:07 | 000,183,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2012/03/17 03:27:18 | 000,056,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2012/03/01 01:46:57 | 000,019,824 | ---- | M] (Microsoft Corporation) [Recognizer | Boot] -- D:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2012/02/17 00:13:22 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2011/08/07 16:42:26 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/08 22:30:00 | 000,223,744 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011/04/28 22:46:33 | 000,311,808 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2011/04/28 22:46:15 | 000,310,272 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011/04/28 22:46:10 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011/04/26 22:17:28 | 000,096,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011/04/26 22:17:22 | 000,123,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2011/03/24 22:58:37 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2011/03/24 22:58:06 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2011/03/24 22:57:58 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2011/03/24 22:57:56 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2011/03/11 01:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011/03/11 01:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\system32\drivers\amdsata.sys -- (amdsata)
DRV - [2011/03/11 01:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- D:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV - [2011/03/11 00:01:12 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2011/02/23 00:47:33 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2011/01/21 08:52:18 | 000,381,032 | ---- | M] (Paragon) [Kernel | System] -- D:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011/01/21 08:52:18 | 000,057,112 | ---- | M] (Paragon Software Group) [Kernel | Boot] -- D:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2011/01/21 08:52:18 | 000,040,824 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- D:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/11/19 22:30:18 | 000,245,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2010/11/19 22:30:18 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2010/11/19 22:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/19 22:30:16 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2010/11/19 22:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/19 22:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/19 22:30:14 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\system32\drivers\termdd.sys -- (TermDD)
DRV - [2010/11/19 22:30:12 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/11/19 22:30:12 | 000,085,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2010/11/19 22:30:08 | 000,153,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2010/11/19 22:30:06 | 000,233,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2010/11/19 22:30:06 | 000,116,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2010/11/19 22:30:02 | 000,130,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2010/11/19 22:30:02 | 000,078,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2010/11/19 22:30:02 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2010/11/19 22:29:54 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2010/11/19 22:29:16 | 000,274,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2010/11/19 20:24:48 | 000,133,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpdr.sys -- (RDPDR)
DRV - [2010/11/19 20:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/19 20:22:22 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2010/11/19 20:22:20 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2010/11/19 20:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/19 20:21:12 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2010/11/19 20:07:52 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2010/11/19 20:07:46 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2010/11/19 20:07:46 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV - [2010/11/19 20:07:40 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/11/19 20:06:42 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2010/11/19 20:06:38 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2010/11/19 20:01:14 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2010/11/19 20:00:26 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\umbus.sys -- (umbus)
DRV - [2010/11/19 20:00:22 | 000,304,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2010/11/19 20:00:22 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\usbvideo.sys -- (usbvideo) USB-Videogerät (WDM)
DRV - [2010/11/19 19:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/19 19:59:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2010/11/19 19:59:30 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\HDAudBus.sys -- (HDAudBus)
DRV - [2010/11/19 19:50:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2010/11/19 19:50:22 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2010/11/19 19:50:12 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2010/11/19 19:29:50 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2010/11/19 19:24:58 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2010/11/19 19:19:16 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2010/11/19 19:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/19 19:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/19 18:47:56 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\acpipmi.sys -- (AcpiPmi)
DRV - [2010/11/19 18:44:38 | 000,388,096 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\csc.sys -- (CSC)
DRV - [2010/11/19 18:44:06 | 000,242,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- D:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2010/11/19 18:42:44 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2010/11/19 18:42:34 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | System] -- D:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2010/11/19 18:42:30 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- D:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010/11/19 18:40:22 | 000,513,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2010/11/19 18:39:46 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2010/11/19 18:39:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2010/11/19 18:38:12 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2010/08/09 05:00:58 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010/05/20 08:10:58 | 000,067,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2010/04/19 03:12:58 | 004,806,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/04/07 04:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/02/05 10:49:06 | 000,242,992 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/13 21:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\clfs.sys -- (CLFS)
DRV - [2009/07/13 21:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2009/07/13 21:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\pciide.sys -- (pciide)
DRV - [2009/07/13 21:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/07/13 21:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2009/07/13 21:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- D:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\mouclass.sys -- (mouclass)
DRV - [2009/07/13 21:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009/07/13 21:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2009/07/13 21:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- D:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\system32\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- D:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2009/07/13 21:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\gagp30kx.sys -- (gagp30kx)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- D:\Windows\system32\DRIVERS\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\disk.sys -- (Disk)
DRV - [2009/07/13 21:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2009/07/13 21:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2009/07/13 21:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\uagp35.sys -- (uagp35)
DRV - [2009/07/13 21:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\swenum.sys -- (swenum)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\pcmcia.sys -- (pcmcia)
DRV - [2009/07/13 21:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2009/07/13 21:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:41:15 | 000,586,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2009/07/13 20:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\usbprint.sys -- (usbprint)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 20:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2009/07/13 19:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- D:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/07/13 19:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/07/13 19:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2009/07/13 19:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2009/07/13 19:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2009/07/13 19:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2009/07/13 19:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2009/07/13 19:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2009/07/13 19:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2009/07/13 19:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2009/07/13 19:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV - [2009/07/13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [File_System | System] -- D:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/07/13 19:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2009/07/13 19:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2009/07/13 19:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2009/07/13 19:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 19:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bthmodem.sys -- (BTHMODEM)
DRV - [2009/07/13 19:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\hidbth.sys -- (HidBth)
DRV - [2009/07/13 19:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\ohci1394.sys -- (ohci1394) OHCI-konformer 1394-Hostcontroller (alt)
DRV - [2009/07/13 19:51:18 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome-Infrarotempfänger (USBCIR)
DRV - [2009/07/13 19:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\circlass.sys -- (circlass)
DRV - [2009/07/13 19:51:14 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\usbohci.sys -- (usbohci)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\hidir.sys -- (HidIr)
DRV - [2009/07/13 19:50:57 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\wacompen.sys -- (WacomPen)
DRV - [2009/07/13 19:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\sfloppy.sys -- (sfloppy)
DRV - [2009/07/13 19:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2009/07/13 19:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2009/07/13 19:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\fdc.sys -- (fdc)
DRV - [2009/07/13 19:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\flpydisk.sys -- (flpydisk)
DRV - [2009/07/13 19:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\parport.sys -- (Parport)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 19:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\system32\DRIVERS\parvdm.sys -- (Parvdm)
DRV - [2009/07/13 19:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\serenum.sys -- (Serenum)
DRV - [2009/07/13 19:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\mouhid.sys -- (mouhid)
DRV - [2009/07/13 19:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\sermouse.sys -- (sermouse)
DRV - [2009/07/13 19:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009/07/13 19:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2009/07/13 19:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009/07/13 19:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009/07/13 19:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2009/07/13 19:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2009/07/13 19:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/13 19:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\errdev.sys -- (ErrDev)
DRV - [2009/07/13 19:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2009/07/13 19:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/13 19:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- D:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2009/07/13 19:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2009/07/13 19:14:03 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/07/13 19:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/07/13 19:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009/07/13 19:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System] -- D:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/07/13 19:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System] -- D:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2009/07/13 19:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- D:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/13 19:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2009/07/13 19:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdk8.sys -- (AmdK8)
DRV - [2009/07/13 19:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\viac7.sys -- (ViaC7)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 19:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\processr.sys -- (Processor)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 17:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- D:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2009/07/13 16:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- D:\Windows\System32\drivers\secdrv.sys -- (secdrv)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\baby_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\baby_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\baby_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.speedbit.com/?s=D3La205
IE - HKU\baby_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\baby_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\baby_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 45 32 B3 F4 54 CC 01 [binary data]
IE - HKU\baby_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\baby_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\baby_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\LocalService_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\NetworkService_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\Windows\System32\ieframe.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: D:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013/06/27 06:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/06/05 13:50:47 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 07:09:06 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/19 10:23:53 | 000,003,714 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O1 HOSTS File: ([2013/01/29 16:16:58 | 000,000,826 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - D:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - D:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKU\baby_ON_D\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] D:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] D:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\baby_ON_D..\Run: [Google Update] D:\Users\baby\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - D:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 80.69.100.206
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - D:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - D:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\baby_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\baby_ON_D Winlogon: Shell - (C:\Users\baby\AppData\Roaming\cache.dat) - D:\Users\baby\AppData\Roaming\cache.dat ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - D:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - D:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - D:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - D:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - D:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - D:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - D:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - D:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - D:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 11:36:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/07/11 07:30:09 | 000,000,000 | -HSD | C] -- D:\Config.Msi
========== Files - Modified Within 30 Days ==========
[2013/07/11 19:53:59 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/07/11 19:53:57 | 000,000,004 | ---- | M] () -- D:\Users\baby\AppData\Roaming\cache.ini
[2013/07/11 19:53:09 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/07/11 19:53:09 | 000,000,350 | ---- | M] () -- D:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/07/11 19:52:54 | 796,729,344 | -HS- | M] () -- D:\hiberfil.sys
[2013/07/11 19:35:49 | 000,001,116 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-215916730-751059691-4154418692-1000UA.job
[2013/07/11 19:35:38 | 000,001,064 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-215916730-751059691-4154418692-1000Core.job
[2013/07/10 11:57:30 | 000,017,360 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/10 11:57:30 | 000,017,360 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/09 15:19:13 | 000,000,328 | ---- | M] () -- D:\Users\baby\Desktop\DanhAddy.csv
[2013/07/09 10:45:30 | 000,140,432 | ---- | M] () -- D:\Users\baby\Desktop\visumhn.pdf
[2013/07/09 10:30:06 | 000,081,652 | ---- | M] () -- D:\Users\baby\Desktop\visum.pdf
[2013/07/01 07:03:10 | 000,654,166 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/07/01 07:03:10 | 000,616,008 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/07/01 07:03:10 | 000,130,006 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/07/01 07:03:10 | 000,106,388 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/06/27 06:18:10 | 000,003,716 | ---- | M] () -- D:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/27 06:16:36 | 000,037,664 | ---- | M] (AVG Technologies) -- D:\Windows\System32\drivers\avgtpx86.sys
========== Files Created - No Company Name ==========
[2013/07/11 19:42:00 | 000,000,004 | ---- | C] () -- D:\Users\baby\AppData\Roaming\cache.ini
[2013/07/09 15:19:12 | 000,000,328 | ---- | C] () -- D:\Users\baby\Desktop\DanhAddy.csv
[2013/07/09 10:45:29 | 000,140,432 | ---- | C] () -- D:\Users\baby\Desktop\visumhn.pdf
[2013/07/09 10:29:59 | 000,081,652 | ---- | C] () -- D:\Users\baby\Desktop\visum.pdf
[2013/06/06 02:41:24 | 000,003,716 | ---- | C] () -- D:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/04/01 18:12:09 | 000,002,560 | ---- | C] () -- D:\Windows\_MSRSTRT.EXE
[2012/01/11 08:20:11 | 000,055,296 | ---- | C] () -- D:\Users\baby\AppData\Roaming\cache.dat
[2011/08/26 10:22:05 | 000,361,808 | ---- | C] () -- D:\Windows\EMCRI_E.dll
[2011/08/07 08:52:19 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2011/08/07 08:52:11 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2011/08/07 08:52:05 | 000,080,896 | ---- | C] () -- D:\Windows\System32\RDVGHelper.exe
[2009/07/14 04:47:43 | 000,654,166 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,006 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,293,344 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,008 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,388 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
========== LOP Check ==========
[2013/01/29 15:03:48 | 000,000,000 | ---D | M] -- D:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/08/07 06:50:14 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2013/01/21 05:16:03 | 000,000,000 | ---D | M] -- D:\ProgramData\AVG January 2013 Campaign
[2013/06/27 06:17:03 | 000,000,000 | ---D | M] -- D:\ProgramData\AVG Secure Search
[2013/01/21 06:32:27 | 000,000,000 | ---D | M] -- D:\ProgramData\AVG Security Toolbar
[2012/12/11 15:22:42 | 000,000,000 | ---D | M] -- D:\ProgramData\AVG2013
[2011/08/07 12:08:16 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2011/08/07 16:41:03 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/08/07 06:50:14 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/08/07 06:50:14 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/08/07 11:00:17 | 000,000,000 | ---D | M] -- D:\ProgramData\launcher
[2013/07/11 19:40:34 | 000,000,000 | ---D | M] -- D:\ProgramData\MFAData
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/08/07 06:50:14 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2013/03/21 17:45:54 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/08/07 06:50:14 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/08/11 06:36:44 | 000,000,000 | ---D | M] -- D:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/07/11 19:53:09 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/07/11 19:53:09 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/01/21 11:02:20 | 000,000,298 | ---- | M] () -- D:\Windows\Tasks\ROC_REG_JAN_DELETE.job
[2013/06/04 17:54:07 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\WdfCoInstaller01009.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\SynTPCo4.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\SynTPAPI.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\SynCtrl.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\SynCOM.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\oemdspif.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igxpun.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\iglhxs32.vp:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\iglhxo32.vp:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\iglhxg32.vp:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\iglhxc32.vp:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\iglhxa32.vp:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\iglhxa32.cpa:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxtray.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxTMM.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxsrvc.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxsrvc.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrtrk.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrtha.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrsve.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrslv.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrsky.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrrus.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrptg.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrptb.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrplk.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrnor.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrnld.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrkor.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrjpn.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrita.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrhun.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrheb.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrfra.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrfin.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxress.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxresp.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrenu.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrell.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrdeu.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrdan.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrcsy.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrcht.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrchs.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxrara.lrc:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxpph.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxpers.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxext.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxexps.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxdo.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxdev.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxcpl.cpl:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxCoIn_v2117.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igfxcfg.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igdumdx32.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\igdumd32.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\ig4icd32.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\ig4dev32.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\hkcmd.exe:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\hccutils.dll:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\drivers\SynTP.sys:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\drivers\L1C60x86.sys:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\drivers\igdkmd32.sys:Mac_Metadata
@Alternate Data Stream - 20 bytes -> D:\Windows\System32\drivers\athr.sys:Mac_Metadata
@Alternate Data Stream - 109 bytes -> D:\ProgramData\TEMP:010ADD2C
< End of report >
EXTRAS.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/22/2013 12:08:40 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,013.00 Mb Total Physical Memory | 764.00 Mb Available Physical Memory | 75.00% Memory free
901.00 Mb Paging File | 808.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 65.60 Mb Free Space | 65.60% Space Free | Partition Type: NTFS
Drive D: | 78.03 Gb Total Space | 16.47 Gb Free Space | 21.11% Space Free | Partition Type: NTFS
Drive E: | 154.76 Gb Total Space | 18.91 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive X: | 960.70 Mb Total Space | 642.14 Mb Free Space | 66.84% Space Free | Partition Type: FAT
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- D:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- D:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- D:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- D:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- D:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- D:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- D:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- D:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- D:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- D:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- D:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- D:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- D:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- D:\Windows\System32\WScript.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{6EA78F57-89F2-4B2E-8ADB-3FA6865D32EF}" = AVG 2013
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2AF05E3-4B0C-44A6-B146-322219BF3562}_is1" = Wondershare Dr.Fone(Build 2.0.1.3)
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 (Advanced) Free
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D9D3133E-6584-4FB2-93B6-37A460ED5023}" = PhotoSync
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.2.7.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nonoh_is1" = Nonoh
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR archiver
< End of report >
Geändert von sosoflex (21.07.2013 um 22:50 Uhr) |
|
22.07.2013, 06:47
| #2 |
| /// the machine /// TB-Ausbilder    | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden hi,
__________________Fixen mit OTL
Code:
ATTFilter :OTL
O20 - HKU\baby_ON_D Winlogon: Shell - (C:\Users\baby\AppData\Roaming\cache.dat) - D:\Users\baby\AppData\Roaming\cache.dat ()
:files
D:\Users\baby\AppData\Roaming\cache.dat
D:\Users\baby\AppData\Roaming\cache.ini
neu booten, freuen 
__________________ |
|
22.07.2013, 18:38
| #3 |
| | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden hi schrauber,
__________________habe es so ausgeführt, wie du es beschrieben hast. hier ist der inhalt der datei: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\baby_ON_D\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\baby\AppData\Roaming\cache.dat deleted successfully.
D:\Users\baby\AppData\Roaming\cache.dat moved successfully.
========== FILES ==========
File\Folder D:\Users\baby\AppData\Roaming\cache.dat not found.
D:\Users\baby\AppData\Roaming\cache.ini moved successfully.
OTLPE by OldTimer - Version 3.1.48.0 log created on 07222013_201626
|
|
22.07.2013, 20:22
| #4 |
| /// the machine /// TB-Ausbilder | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden Wenn Du magst, wir können aber auch fertig bereinigen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2013, 21:16
| #5 |
| | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden hi, dachte es wäre damit getan... hm...es könnte noch eine weile dauern, bis ich das netbook wieder neu installiere...ok, dann machen wir das mal zu ende... was habe ich im anschluss noch gemacht? habe Flashplayer aktualisiert habe java aktualisiert das warst dann fürs erste...was soll ich noch machen? |
|
23.07.2013, 09:01
| #6 |
| /// the machine /// TB-Ausbilder | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden Ab jetzt bitte nur das was ich ansage, sonst kommen wir durcheinander Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden |
|
23.07.2013, 18:07
| #7 |
| | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden Hi schrauber, hier sind die 4 dateien, wie in deiner anleitung beschrieben: AdwCleaner[S1] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 23/07/2013 um 18:28:00 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : baby - BABY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\baby\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Common Files\Wondershare
Ordner Gelöscht : C:\Program Files\Wondershare
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Ordner Gelöscht : C:\Users\baby\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\baby\AppData\Local\Wondershare
Ordner Gelöscht : C:\Users\baby\AppData\LocalLow\AVG Secure Search
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\SpeedBit
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\SpeedBit
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.speedbit.com/?s=D3La205 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://home.speedbit.com/tab/?s=D3La205 --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\baby\AppData\Roaming\Mozilla\Firefox\Profiles\13my0cz4.default\prefs.js
C:\Users\baby\AppData\Roaming\Mozilla\Firefox\Profiles\13my0cz4.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://home.speedbit.com/?s=D3La205");
Gelöscht : user_pref("keyword.URL", "hxxp://home.speedbit.com/search.aspx?s=D3La206&q=");
*************************
AdwCleaner[S1].txt - [7338 octets] - [23/07/2013 18:28:00]
########## EOF - C:\AdwCleaner[S1].txt - [7398 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Ultimate x86
Ran by baby on 23.07.2013 at 18:37:57,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2073000D-573C-4b18-9B67-43213DECA7C1}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\baby\AppData\Roaming\mozilla\firefox\profiles\13my0cz4.default\minidumps [286 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at 18:43:35,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013
Ran by baby (administrator) on 23-07-2013 18:50:01
Running from C:\Users\baby\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Google Update] - C:\Users\baby\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-30] (Google Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.198 80.69.100.206
FireFox:
========
FF ProfilePath: C:\Users\baby\AppData\Roaming\Mozilla\Firefox\Profiles\13my0cz4.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\baby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\baby\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\baby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\baby\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\baby\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-06-27] (AVG Technologies)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-08-07] (DT Soft Ltd)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-08-09] (ENE Technology Inc.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [57112 2011-01-21] (Paragon Software Group)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [67184 2010-05-20] (Atheros Communications, Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [40824 2011-01-21] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [381032 2011-01-21] (Paragon)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-23 18:47 - 2013-07-23 18:47 - 00000000 ____D C:\FRST
2013-07-23 18:43 - 2013-07-23 18:43 - 00000899 _____ C:\Users\baby\Desktop\JRT.txt
2013-07-23 18:37 - 2013-07-23 18:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 18:28 - 2013-07-23 18:29 - 00007467 _____ C:\AdwCleaner[S1].txt
2013-07-23 18:28 - 2013-07-23 18:29 - 00000115 _____ C:\Windows\DeleteOnReboot.bat
2013-07-23 18:04 - 2013-07-23 18:04 - 01220240 _____ (Farbar) C:\Users\baby\Desktop\FRST.exe
2013-07-23 18:01 - 2013-07-23 18:01 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\baby\Desktop\JRT.exe
2013-07-23 18:00 - 2013-07-23 18:00 - 00666633 _____ C:\Users\baby\Desktop\adwcleaner.exe
2013-07-23 17:59 - 2013-07-23 18:15 - 396675076 _____ C:\Users\baby\Downloads\5156share.com.2013.YeWen.SY.EP47.mkv
2013-07-23 02:16 - 2013-07-23 02:16 - 00000000 ____D C:\_OTL
2013-07-22 20:58 - 2013-07-22 20:58 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-22 20:58 - 2013-07-22 20:56 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-22 20:58 - 2013-07-22 20:56 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-22 20:57 - 2013-07-22 20:56 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-22 20:57 - 2013-07-22 20:56 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-22 20:57 - 2013-07-22 20:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-22 20:54 - 2013-07-22 20:54 - 00903080 _____ (Oracle Corporation) C:\Users\baby\Downloads\jxpiinstall.exe
2013-07-22 19:46 - 2013-07-23 18:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 19:41 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-22 19:41 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-22 19:40 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-22 19:40 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-22 19:40 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-22 19:40 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-22 19:40 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-22 19:40 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-22 19:40 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-22 19:40 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-22 06:10 - 2013-07-22 06:10 - 00026916 _____ C:\Extras.Txt
2013-07-22 06:02 - 2013-07-22 06:10 - 00192864 _____ C:\OTL.Txt
2013-07-11 13:28 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 13:28 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 13:28 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 13:28 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 21:19 - 2013-07-09 21:19 - 00000328 _____ C:\Users\baby\Desktop\DanhAddy.csv
==================== One Month Modified Files and Folders =======
2013-07-23 18:47 - 2013-07-23 18:47 - 00000000 ____D C:\FRST
2013-07-23 18:46 - 2012-04-30 09:07 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215916730-751059691-4154418692-1000UA.job
2013-07-23 18:46 - 2012-04-30 09:07 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215916730-751059691-4154418692-1000Core.job
2013-07-23 18:43 - 2013-07-23 18:43 - 00000899 _____ C:\Users\baby\Desktop\JRT.txt
2013-07-23 18:43 - 2011-08-07 12:50 - 00000000 ___RD C:\Users\baby\Desktop
2013-07-23 18:38 - 2009-07-14 06:34 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 18:38 - 2009-07-14 06:34 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 18:37 - 2013-07-23 18:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 18:31 - 2013-06-09 21:56 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-07-23 18:31 - 2013-06-04 23:55 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-23 18:31 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 18:31 - 2009-07-14 06:39 - 00042139 _____ C:\Windows\setupact.log
2013-07-23 18:30 - 2011-08-07 12:46 - 01838532 _____ C:\Windows\WindowsUpdate.log
2013-07-23 18:29 - 2013-07-23 18:28 - 00007467 _____ C:\AdwCleaner[S1].txt
2013-07-23 18:29 - 2013-07-23 18:28 - 00000115 _____ C:\Windows\DeleteOnReboot.bat
2013-07-23 18:28 - 2013-01-21 12:31 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-07-23 18:23 - 2013-07-22 19:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 18:15 - 2013-07-23 17:59 - 396675076 _____ C:\Users\baby\Downloads\5156share.com.2013.YeWen.SY.EP47.mkv
2013-07-23 18:04 - 2013-07-23 18:04 - 01220240 _____ (Farbar) C:\Users\baby\Desktop\FRST.exe
2013-07-23 18:01 - 2013-07-23 18:01 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\baby\Desktop\JRT.exe
2013-07-23 18:00 - 2013-07-23 18:00 - 00666633 _____ C:\Users\baby\Desktop\adwcleaner.exe
2013-07-23 17:55 - 2011-08-07 18:02 - 00000000 ____D C:\ProgramData\MFAData
2013-07-23 11:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-23 09:13 - 2011-08-07 12:56 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 02:16 - 2013-07-23 02:16 - 00000000 ____D C:\_OTL
2013-07-23 00:37 - 2013-04-07 14:12 - 00000000 ____D C:\Users\baby\AppData\Roaming\vlc
2013-07-22 21:02 - 2012-04-06 10:59 - 00000000 ____D C:\Users\baby\Desktop\vn 2012
2013-07-22 20:58 - 2013-07-22 20:58 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-22 20:56 - 2013-07-22 20:58 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-22 20:56 - 2013-07-22 20:58 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-22 20:56 - 2013-07-22 20:57 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-22 20:56 - 2013-07-22 20:57 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-22 20:56 - 2013-07-22 20:57 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-22 20:56 - 2011-08-14 22:06 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-22 20:56 - 2011-08-14 22:05 - 00000000 ____D C:\Program Files\Java
2013-07-22 20:54 - 2013-07-22 20:54 - 00903080 _____ (Oracle Corporation) C:\Users\baby\Downloads\jxpiinstall.exe
2013-07-22 20:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-07-22 20:23 - 2013-01-13 01:51 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-22 20:23 - 2011-08-07 14:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-22 20:02 - 2009-07-14 06:33 - 00293344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 19:59 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-22 19:59 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-22 19:43 - 2011-08-07 22:28 - 00000000 ____D C:\Users\baby\AppData\Local\Adobe
2013-07-22 06:10 - 2013-07-22 06:10 - 00026916 _____ C:\Extras.Txt
2013-07-22 06:10 - 2013-07-22 06:02 - 00192864 _____ C:\OTL.Txt
2013-07-22 05:57 - 2011-08-07 12:50 - 00000000 ____D C:\Users\baby
2013-07-11 13:30 - 2011-08-07 13:29 - 00000000 ____D C:\Users\baby\AppData\Roaming\Mozilla
2013-07-09 21:19 - 2013-07-09 21:19 - 00000328 _____ C:\Users\baby\Desktop\DanhAddy.csv
2013-07-06 11:53 - 2012-05-07 20:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 13:09 - 2013-06-05 19:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-27 12:18 - 2013-06-06 08:41 - 00003716 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-06-27 12:16 - 2013-01-21 12:32 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-22 20:44
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-07-2013
Ran by baby at 2013-07-23 18:52:52
Running from C:\Users\baby\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI - Deutsch (Version: 11.0.00)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 2013.0.2904)
Bonjour (Version: 3.0.0.10)
DAEMON Tools Lite (Version: 4.41.3.0173)
Definition update for Microsoft Office 2010 (KB982726)
FileZilla Client 3.2.7.1 (Version: 3.2.7.1)
Google Talk Plugin (Version: 4.2.1.14031)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117)
iTunes (Version: 11.0.1.12)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 26 (Version: 6.0.260)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Nonoh (Version: 4.09 build 660)
Paragon Backup & Recovery™ 2011 (Advanced) Free (Version: 90.00.0003)
PhotoSync (Version: 1.6.4)
Skype™ 5.5 (Version: 5.5.113)
Synaptics Pointing Device Driver (Version: 15.0.7.0)
TeamViewer 8 (Version: 8.0.16642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
VLC media player 2.0.5 (Version: 2.0.5)
Windows 7 USB/DVD Download Tool (Version: 1.0.30)
WinRAR archiver
Wondershare Dr.Fone(Build 2.0.1.3) (Version: 2.0.1.3)
==================== Restore Points =========================
22-07-2013 17:36:42 Windows Update
22-07-2013 18:56:00 Installed Java 7 Update 25
23-07-2013 05:36:51 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2013-01-29 22:16 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0025FE6E-63E5-4522-AE9E-724A10F016B5} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3BB77E42-AA4E-4A3E-AD2A-3BFACC4A4C39}.exe No File
Task: {3D025F81-44D5-4E05-BF0D-6A1BE0AA0B64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-215916730-751059691-4154418692-1000Core => C:\Users\baby\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-30] (Google Inc.)
Task: {40F3D251-F4AC-43BF-804F-EF486CC8FCE0} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{5C03C652-64D9-4581-842B-7AFA8E1B3FFD}.exe No File
Task: {758EF229-5B5F-4C60-AF01-556E92AB36E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-215916730-751059691-4154418692-1000UA => C:\Users\baby\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-30] (Google Inc.)
Task: {A5BD61DC-1B8B-4F61-805E-60D67286E75F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22] (Adobe Systems Incorporated)
Task: {CC523B0A-C114-4337-AAEF-6894F512E06D} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{5C03C652-64D9-4581-842B-7AFA8E1B3FFD}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3BB77E42-AA4E-4A3E-AD2A-3BFACC4A4C39}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215916730-751059691-4154418692-1000Core.job => C:\Users\baby\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215916730-751059691-4154418692-1000UA.job => C:\Users\baby\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 1013.09 MB
Available physical RAM: 444.37 MB
Total Pagefile: 2037.09 MB
Available Pagefile: 1254.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.33 MB
==================== Drives ================================
Drive c: (Win7) (Fixed) (Total:78.03 GB) (Free:23.85 GB) NTFS
Drive d: (Sicherung) (Fixed) (Total:154.76 GB) (Free:28.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0ADBF842)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=155 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.07.2013, 19:09
| #8 |
| /// the machine /// TB-Ausbilder | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden Supi, Onlinescan und wir sollten durch sein ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2013, 22:16
| #9 |
| | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden hi schrauber... oh man, der online scan hat ja richtig lange gedauert.... wie dem auch sei, hier die beiden files: log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c204ec4f98ec4b40b53c249f38427065
# engine=14506
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 09:01:44
# local_time=2013-07-23 11:01:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1039 16777213 100 98 18315 61747288 0 0
# compatibility_mode=5893 16776574 100 94 97336 126244495 0 0
# scanned=130672
# found=6
# cleaned=6
# scan_time=7673
sh=F5474DDAC96123E3EB2E70BAE27F386A5D7937F0 ft=1 fh=77dfddb68d94011a vn="Win32/Adware.1ClickDownload.AM application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\baby\AppData\Local\Temp\0Gh8w4Nw.exe.part"
sh=834D383570DF1C4F4862B83EBFDEACC4A0F3B7B5 ft=1 fh=4aff925c2fe04a33 vn="Win32/Adware.1ClickDownload.AM application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\baby\AppData\Local\Temp\4el3OQaG.exe.part"
sh=D68673CFC7D2BC86CFEBABF3D5DD24C65EC9F6D4 ft=1 fh=d5abe4bf2e4b36d5 vn="Win32/LockScreen.AQD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\baby\AppData\Local\Temp\ildhnf"
sh=46A9022CD0954A95E72EA15180A47648D1BC2928 ft=1 fh=7c6916ee4bf941d1 vn="Win32/Adware.1ClickDownload.AM application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\baby\AppData\Local\Temp\JqLigCZe.exe.part"
sh=F39A37285C12BE712F3218D92C5446061AEBB942 ft=1 fh=3c64bbd978de3558 vn="Win32/Adware.1ClickDownload.AM application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\baby\AppData\Local\Temp\JTXH3XTY.exe.part"
sh=D68673CFC7D2BC86CFEBABF3D5DD24C65EC9F6D4 ft=1 fh=d5abe4bf2e4b36d5 vn="Win32/LockScreen.AQD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\07222013_201626\D_Users\baby\AppData\Roaming\cache.dat"
Code:
ATTFilter Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 26
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
24.07.2013, 11:07
| #10 |
| /// the machine /// TB-Ausbilder | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden Frisches FRST log bitte noch. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Noch probleme mit dem Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.07.2013, 17:24
| #11 |
| | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden hi, so, hier ein frisches FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013
Ran by baby (administrator) on 24-07-2013 17:48:12
Running from C:\Users\baby\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgmfapx.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Google Update] - C:\Users\baby\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-30] (Google Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.198 80.69.100.206
FireFox:
========
FF ProfilePath: C:\Users\baby\AppData\Roaming\Mozilla\Firefox\Profiles\13my0cz4.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\baby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\baby\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\baby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\baby\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\baby\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-06-27] (AVG Technologies)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-08-07] (DT Soft Ltd)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-08-09] (ENE Technology Inc.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [57112 2011-01-21] (Paragon Software Group)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [67184 2010-05-20] (Atheros Communications, Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [40824 2011-01-21] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [381032 2011-01-21] (Paragon)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-24 17:46 - 2013-07-24 17:46 - 01220240 _____ (Farbar) C:\Users\baby\Desktop\FRST.exe
2013-07-24 17:46 - 2013-07-24 17:46 - 00448512 _____ (OldTimer Tools) C:\Users\baby\Desktop\TFC.exe
2013-07-24 09:36 - 2013-07-24 09:37 - 73096348 _____ C:\Users\baby\Downloads\Chinh phục thiên tài Playfull kiss Tập 7.mp4
2013-07-23 23:05 - 2013-07-23 23:05 - 00891062 _____ C:\Users\baby\Downloads\SecurityCheck.exe
2013-07-23 20:51 - 2013-07-23 20:51 - 00000000 ____D C:\Program Files\ESET
2013-07-23 20:50 - 2013-07-23 20:50 - 02347384 _____ (ESET) C:\Users\baby\Downloads\esetsmartinstaller_enu.exe
2013-07-23 18:47 - 2013-07-23 18:47 - 00000000 ____D C:\FRST
2013-07-23 18:37 - 2013-07-23 18:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 18:28 - 2013-07-23 18:29 - 00007467 _____ C:\AdwCleaner[S1].txt
2013-07-23 18:28 - 2013-07-23 18:29 - 00000115 _____ C:\Windows\DeleteOnReboot.bat
2013-07-23 17:59 - 2013-07-23 18:15 - 396675076 _____ C:\Users\baby\Downloads\5156share.com.2013.YeWen.SY.EP47.mkv
2013-07-23 02:16 - 2013-07-23 02:16 - 00000000 ____D C:\_OTL
2013-07-22 20:58 - 2013-07-22 20:58 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-22 20:58 - 2013-07-22 20:56 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-22 20:58 - 2013-07-22 20:56 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-22 20:57 - 2013-07-22 20:56 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-22 20:57 - 2013-07-22 20:56 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-22 20:57 - 2013-07-22 20:56 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-22 20:54 - 2013-07-22 20:54 - 00903080 _____ (Oracle Corporation) C:\Users\baby\Downloads\jxpiinstall.exe
2013-07-22 19:46 - 2013-07-24 17:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 19:41 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-22 19:41 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-22 19:40 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-22 19:40 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-22 19:40 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-22 19:40 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-22 19:40 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-22 19:40 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-22 19:40 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-22 19:40 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-22 19:40 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-22 06:10 - 2013-07-22 06:10 - 00026916 _____ C:\Extras.Txt
2013-07-22 06:02 - 2013-07-22 06:10 - 00192864 _____ C:\OTL.Txt
2013-07-11 13:28 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 13:28 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 13:28 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 13:28 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 21:19 - 2013-07-09 21:19 - 00000328 _____ C:\Users\baby\Desktop\DanhAddy.csv
==================== One Month Modified Files and Folders =======
2013-07-24 17:48 - 2011-08-07 18:02 - 00000000 ____D C:\ProgramData\MFAData
2013-07-24 17:47 - 2011-08-07 12:50 - 00000000 ___RD C:\Users\baby\Desktop
2013-07-24 17:46 - 2013-07-24 17:46 - 01220240 _____ (Farbar) C:\Users\baby\Desktop\FRST.exe
2013-07-24 17:46 - 2013-07-24 17:46 - 00448512 _____ (OldTimer Tools) C:\Users\baby\Desktop\TFC.exe
2013-07-24 17:46 - 2012-04-30 09:07 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215916730-751059691-4154418692-1000UA.job
2013-07-24 17:44 - 2013-07-22 19:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 17:44 - 2011-08-07 12:46 - 01844494 _____ C:\Windows\WindowsUpdate.log
2013-07-24 09:37 - 2013-07-24 09:36 - 73096348 _____ C:\Users\baby\Downloads\Chinh phục thiên tài Playfull kiss Tập 7.mp4
2013-07-23 23:05 - 2013-07-23 23:05 - 00891062 _____ C:\Users\baby\Downloads\SecurityCheck.exe
2013-07-23 20:51 - 2013-07-23 20:51 - 00000000 ____D C:\Program Files\ESET
2013-07-23 20:50 - 2013-07-23 20:50 - 02347384 _____ (ESET) C:\Users\baby\Downloads\esetsmartinstaller_enu.exe
2013-07-23 20:48 - 2009-07-14 06:34 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 20:48 - 2009-07-14 06:34 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 20:42 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-23 20:41 - 2013-06-09 21:56 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-07-23 20:41 - 2013-06-04 23:55 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-07-23 20:41 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 20:41 - 2009-07-14 06:39 - 00042195 _____ C:\Windows\setupact.log
2013-07-23 18:47 - 2013-07-23 18:47 - 00000000 ____D C:\FRST
2013-07-23 18:46 - 2012-04-30 09:07 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215916730-751059691-4154418692-1000Core.job
2013-07-23 18:37 - 2013-07-23 18:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-23 18:29 - 2013-07-23 18:28 - 00007467 _____ C:\AdwCleaner[S1].txt
2013-07-23 18:29 - 2013-07-23 18:28 - 00000115 _____ C:\Windows\DeleteOnReboot.bat
2013-07-23 18:28 - 2013-01-21 12:31 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-07-23 18:15 - 2013-07-23 17:59 - 396675076 _____ C:\Users\baby\Downloads\5156share.com.2013.YeWen.SY.EP47.mkv
2013-07-23 11:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-23 09:13 - 2011-08-07 12:56 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-23 02:16 - 2013-07-23 02:16 - 00000000 ____D C:\_OTL
2013-07-23 00:37 - 2013-04-07 14:12 - 00000000 ____D C:\Users\baby\AppData\Roaming\vlc
2013-07-22 21:02 - 2012-04-06 10:59 - 00000000 ____D C:\Users\baby\Desktop\vn 2012
2013-07-22 20:58 - 2013-07-22 20:58 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-22 20:56 - 2013-07-22 20:58 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-22 20:56 - 2013-07-22 20:58 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-22 20:56 - 2013-07-22 20:57 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-22 20:56 - 2013-07-22 20:57 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-22 20:56 - 2013-07-22 20:57 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-22 20:56 - 2011-08-14 22:06 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-22 20:56 - 2011-08-14 22:05 - 00000000 ____D C:\Program Files\Java
2013-07-22 20:54 - 2013-07-22 20:54 - 00903080 _____ (Oracle Corporation) C:\Users\baby\Downloads\jxpiinstall.exe
2013-07-22 20:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-07-22 20:23 - 2013-01-13 01:51 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-22 20:23 - 2011-08-07 14:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-22 20:02 - 2009-07-14 06:33 - 00293344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 19:59 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-22 19:59 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-22 19:43 - 2011-08-07 22:28 - 00000000 ____D C:\Users\baby\AppData\Local\Adobe
2013-07-22 06:10 - 2013-07-22 06:10 - 00026916 _____ C:\Extras.Txt
2013-07-22 06:10 - 2013-07-22 06:02 - 00192864 _____ C:\OTL.Txt
2013-07-22 05:57 - 2011-08-07 12:50 - 00000000 ____D C:\Users\baby
2013-07-11 13:30 - 2011-08-07 13:29 - 00000000 ____D C:\Users\baby\AppData\Roaming\Mozilla
2013-07-09 21:19 - 2013-07-09 21:19 - 00000328 _____ C:\Users\baby\Desktop\DanhAddy.csv
2013-07-06 11:53 - 2012-05-07 20:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 13:09 - 2013-06-05 19:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-27 12:18 - 2013-06-06 08:41 - 00003716 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-06-27 12:16 - 2013-01-21 12:32 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-24 12:17
==================== End Of Log ============================
TFC habe ich runtergeladen und gestartet....beim ersten start ist mein netbook gestürzt...aber nach dem neustart ging alles einwandfrei.. |
|
25.07.2013, 06:49
| #12 |
| /// the machine /// TB-Ausbilder | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Pobleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.07.2013, 16:46
| #13 |
| | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden here you go: fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-07-2013
Ran by baby at 2013-07-25 17:45:09 Run:1
Running from C:\Users\baby\Desktop
Boot Mode: Normal
==============================================
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully.
==== End of Fixlog ====
|
|
26.07.2013, 09:01
| #14 |
| /// the machine /// TB-Ausbilder | GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu GVU Virus auf Netbook - Auswertungsdatei per OTLPE vorhanden |
| adobe, adobe reader xi, autorun, avg security toolbar, bho, bonjour, corp./icp, defender, dllhost.exe, error, excel, firefox, flash player, fontcache, format, google, hdaudio.sys, helper, homepage, iexplore.exe, install.exe, logfile, mozilla, msiexec.exe, plug-in, policyagent, rundll, schannel.dll, secure search, security, server, system, usb, usbvideo.sys, virus, vtoolbarupdater, win32/adware.1clickdownload.am, win32/lockscreen.aqd, wscript.exe, wsearch |
Textbox. 
Linear-Darstellung
