Startfenster.com Trotz AdwCleaner immernoch vorhanden!
Hallo zusammen,
Ich habe mir auch auf vlc.de den berühmten startfenster.com "nerver" eingefangen... Mittlerweile hab ich auch gemerkt das die vlc-Seite eigentlich nicht vlc.de heißt... mist!
Ich bin diesem( http://www.trojaner-board.de/126470-...kein-ende.html) Beitrag hier gefolgt und habe zunächst nur ADW Cleaner und die Rootkitsuche über Kaspersky laufen lassen was reperaturen angeht. Ansonsten habe ich alle Logs mit den Programmen erstellen lassen die im Beitrag gepostet wurden. Diese findet ihre weiter unten. Allerdings scheint dieses startfenster-Ding immernoch da zu sein... Es wurde ja immer darauf hingewiesen bei allen anderen Programmen nicht ohne Anweisung auf "Fix" zu klicken also warte ich damit noch.
Weiß jemand was ich noch tuen kann?
Ich lasse gerade noch den ESET Online Scanner laufen, seinen Log, werde ich dann auchnocheinmal posten.
ADW Scan Code:
# AdwCleaner v2.009 - Datei am 27/11/2012 um 21:48:47 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : TentGXNotebook - JU8
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\TentGXNotebook\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\searchplugins\icqplugin.xml
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\Conduit
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v14.0.1 (de)
Profilname : default
Datei : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1044 octets] - [27/11/2012 21:48:47]
########## EOF - C:\AdwCleaner[R1].txt - [1104 octets] ##########
ADW Löschen Code:
# AdwCleaner v2.009 - Datei am 27/11/2012 um 21:49:50 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : TentGXNotebook - JU8
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\TentGXNotebook\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\searchplugins\icqplugin.xml
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Gelöscht mit Neustart : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\Conduit
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v14.0.1 (de)
Profilname : default
Datei : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1173 octets] - [27/11/2012 21:48:47]
AdwCleaner[S1].txt - [1118 octets] - [27/11/2012 21:49:50]
########## EOF - C:\AdwCleaner[S1].txt - [1178 octets] ##########
OTL Scan Code:
OTL logfile created on: Di. 27.11.2012 21:55:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TentGXNotebook\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: ddd. dd.MM.yyyy
3,74 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 61,77% Memory free
7,48 Gb Paging File | 5,91 Gb Available in Paging File | 79,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 143,06 Gb Total Space | 77,94 Gb Free Space | 54,48% Space Free | Partition Type: NTFS
Drive D: | 141,93 Gb Total Space | 5,97 Gb Free Space | 4,21% Space Free | Partition Type: NTFS
Drive E: | 7,84 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 7,41 Gb Total Space | 3,10 Gb Free Space | 41,85% Space Free | Partition Type: FAT32
Computer Name: JU8 | User Name: TentGXNotebook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\TentGXNotebook\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AFLICS\AfterFLICS.exe ()
PRC - C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AfterFLICS v3) -- C:\Program Files (x86)\AFLICS\AfterFLICS.exe ()
SRV - (mi-raysat_3dsmax2012_64) -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 B4 81 60 00 A4 CD 01 [binary data]
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: contact@searchfiles.de:1.3
FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.5
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.8.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.15
FF - prefs.js..extensions.enabledItems: contact@searchfiles.de:1.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:3.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?hl=de&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\Niko\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/29 13:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/29 13:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/29 13:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/28 18:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/07 21:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2012/08/27 20:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Extensions
[2012/11/27 21:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions
[2012/10/06 09:48:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/08/27 20:34:10 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2012/08/27 20:34:10 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions\add-to-searchbox@maltekraus.de
[2012/08/27 20:34:10 | 000,000,000 | ---D | M] (File Search) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions\contact@searchfiles.de
[2012/09/30 10:06:35 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions\ich@maltegoetz.de
[2012/11/27 21:40:45 | 000,234,741 | ---- | M] () (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\extensions\artur.dubovoy@gmail.com.xpi
[2012/10/31 22:21:14 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\extensions\firebug@software.joehewitt.com.xpi
[2012/11/24 13:09:56 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/27 21:40:45 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011/11/15 19:53:00 | 000,001,650 | ---- | M] () -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\searchplugins\5-built-in-types--python-v272-documentation.xml
[2010/08/05 21:23:52 | 000,001,976 | ---- | M] () -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\searchplugins\rapidshare-google-arama.xml
[2012/08/27 20:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/14 01:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/14 01:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012/08/28 20:33:47 | 000,001,699 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 209.34.83.73:443
O1 - Hosts: 127.0.0.1 209.34.83.73:43
O1 - Hosts: 127.0.0.1 209.34.83.73
O1 - Hosts: 127.0.0.1 209.34.83.67:443
O1 - Hosts: 127.0.0.1 209.34.83.67:43
O1 - Hosts: 127.0.0.1 209.34.83.67
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET
O1 - Hosts: 127.0.0.1 199.7.52.190:80
O1 - Hosts: 5 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7569DF90-088F-4ED9-ABD1-73C9E9264907}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/24 22:52:32 | 000,176,128 | ---- | M] () - F:\autoexec.bin -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/27 21:53:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TentGXNotebook\Desktop\OTL.exe
[2012/11/27 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\TentGXNotebook\AppData\Roaming\vlc
[2012/11/27 21:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/11/09 14:42:48 | 000,000,000 | ---D | C] -- C:\Users\TentGXNotebook\AppData\Roaming\OpenOffice.org
[2012/11/09 14:38:05 | 000,000,000 | --SD | C] -- C:\Users\TentGXNotebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/11/09 14:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/11/09 14:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\OPenoffice
[2012/11/02 17:31:32 | 000,000,000 | ---D | C] -- C:\Users\TentGXNotebook\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/10/29 11:47:09 | 000,000,000 | ---D | C] -- C:\Users\TentGXNotebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/10/29 11:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/10/29 11:47:05 | 000,000,000 | ---D | C] -- C:\Users\TentGXNotebook\AppData\Roaming\Notepad++
[2012/10/29 11:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
========== Files - Modified Within 30 Days ==========
[2012/11/27 21:58:08 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/27 21:58:08 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/11/27 21:58:08 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/27 21:58:08 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/11/27 21:58:08 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/27 21:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TentGXNotebook\Desktop\OTL.exe
[2012/11/27 21:51:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/27 21:51:17 | 3010,842,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/27 21:48:47 | 000,480,125 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\adwcleaner.exe
[2012/11/27 21:40:43 | 000,001,198 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\Startfenster.lnk
[2012/11/27 21:40:08 | 023,053,640 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\vlc-2.0.4-win32.exe
[2012/11/24 13:34:44 | 000,015,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 13:34:44 | 000,015,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 13:37:29 | 159,671,222 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\Children of Men - Uprising scene (HD).mp4
[2012/11/17 10:22:29 | 001,311,118 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\passbild_neu.psd
[2012/11/15 19:08:33 | 004,909,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/09 14:38:06 | 000,001,248 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\OpenOffice.org 3.4.1.lnk
[2012/11/05 20:43:32 | 000,026,759 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\R2011-01_Junge-Niko_pixomondo_20110307.pdf
[2012/11/02 17:30:35 | 000,359,185 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\Logo_FINAL_1.eps
[2012/11/02 12:18:23 | 000,024,155 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\RotAE1.1.jsx
[2012/10/29 13:23:40 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
========== Files Created - No Company Name ==========
[2012/11/27 21:48:28 | 000,480,125 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\adwcleaner.exe
[2012/11/27 21:40:43 | 000,001,198 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\Startfenster.lnk
[2012/11/27 21:40:06 | 023,053,640 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\vlc-2.0.4-win32.exe
[2012/11/18 13:23:49 | 159,671,222 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\Children of Men - Uprising scene (HD).mp4
[2012/11/17 10:22:28 | 001,311,118 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\passbild_neu.psd
[2012/11/09 14:38:06 | 000,001,248 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\OpenOffice.org 3.4.1.lnk
[2012/11/05 20:43:31 | 000,026,759 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\R2011-01_Junge-Niko_pixomondo_20110307.pdf
[2012/11/02 17:30:35 | 000,359,185 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\Logo_FINAL_1.eps
[2012/11/02 12:18:21 | 000,024,155 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\RotAE1.1.jsx
[2012/09/04 19:16:48 | 000,000,132 | ---- | C] () -- C:\Users\TentGXNotebook\AppData\Roaming\Adobe CS6-OpenEXR-Format - Voreinstellungen
[2012/08/29 18:38:18 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/27 21:13:22 | 000,017,408 | ---- | C] () -- C:\Users\TentGXNotebook\AppData\Local\WebpageIcons.db
[2012/08/27 19:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/27 18:57:48 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/08/27 18:57:17 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
ASWMBR Scan Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-27 22:07:35
-----------------------------
22:07:35.532 OS Version: Windows x64 6.1.7600
22:07:35.532 Number of processors: 4 586 0x2502
22:07:35.532 ComputerName: JU8 UserName:
22:07:36.542 Initialize success
22:08:48.730 AVAST engine defs: 12112701
22:09:41.115 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:09:41.115 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
22:09:41.146 Disk 0 MBR read successfully
22:09:41.162 Disk 0 MBR scan
22:09:41.162 Disk 0 Windows 7 default MBR code
22:09:41.178 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
22:09:41.193 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
22:09:41.193 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 146492 MB offset 27469824
22:09:41.193 Disk 0 Partition - 00 0F Extended LBA 145339 MB offset 327485440
22:09:41.224 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 145338 MB offset 327487488
22:09:41.256 Disk 0 scanning C:\Windows\system32\drivers
22:09:49.617 Service scanning
22:10:16.278 Modules scanning
22:10:16.278 Disk 0 trace - called modules:
22:10:16.325 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:10:16.325 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007025060]
22:10:16.325 3 CLASSPNP.SYS[fffff880022f743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fee050]
22:10:17.105 AVAST engine scan C:\Windows
22:10:18.696 AVAST engine scan C:\Windows\system32
22:13:08.128 AVAST engine scan C:\Windows\system32\drivers
22:13:17.488 AVAST engine scan C:\Users\TentGXNotebook
22:19:08.161 AVAST engine scan C:\ProgramData
22:22:48.511 Scan finished successfully
22:23:50.084 Disk 0 MBR has been saved successfully to "C:\Users\TentGXNotebook\Desktop\MBR.dat"
22:23:50.084 The log file has been saved successfully to "C:\Users\TentGXNotebook\Desktop\aswMBR.txt"
|
