| |
| |||||||
Log-Analyse und Auswertung: 3 Infektionen mit Malwarebytes gefunden. Noch mehr?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
07.05.2012, 13:08
| #16 |
 |  3 Infektionen mit Malwarebytes gefunden. Noch mehr? Hier das OTL logfile OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.05.2012 13:02:52 - Run 2 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Bro\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,25% Memory free 9,72 Gb Paging File | 7,69 Gb Available in Paging File | 79,14% Paging File free Paging file location(s): c:\pagefile.sys 6000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,59 Gb Total Space | 8,23 Gb Free Space | 14,04% Space Free | Partition Type: NTFS Drive D: | 397,30 Gb Total Space | 235,69 Gb Free Space | 59,32% Space Free | Partition Type: NTFS Drive X: | 48,98 Gb Total Space | 27,70 Gb Free Space | 56,56% Space Free | Partition Type: FAT32 Drive Y: | 96,00 Gb Total Space | 71,21 Gb Free Space | 74,18% Space Free | Partition Type: NTFS Drive Z: | 6,99 Gb Total Space | 0,15 Gb Free Space | 2,13% Space Free | Partition Type: FAT32 Computer Name: DELL | User Name: Bro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.03 09:56:49 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Bro\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- D:\Programms on D\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.07.31 11:55:25 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- D:\Programms on D\TrueCrypt.exe PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.12.09 11:42:32 | 000,073,728 | ---- | M] (Elo Touchsystems) -- C:\Windows\SysWOW64\EloSrvce.exe PRC - [2009.09.30 18:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 18:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.23 11:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2007.12.06 19:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.20 14:08:56 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV) SRV:64bit: - [2012.04.20 14:08:20 | 000,075,384 | ---- | M] (Bitdefender) [On_Demand | Stopped] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox) SRV:64bit: - [2012.04.20 14:07:44 | 001,956,616 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV) SRV:64bit: - [2012.04.20 14:07:18 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV:64bit: - [2011.01.12 09:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV:64bit: - [2011.01.12 09:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV:64bit: - [2010.02.22 07:47:37 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2010.01.22 08:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.11.17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009.11.02 10:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.08.17 19:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009.07.17 07:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012.04.14 16:08:02 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programms on D\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- D:\Programms on D\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011.11.03 13:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.12.09 11:42:32 | 000,073,728 | ---- | M] (Elo Touchsystems) [Auto | Running] -- C:\Windows\SysWOW64\EloSrvce.exe -- (EloSystemService) SRV - [2010.03.18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.22 07:44:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.09.30 18:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 18:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.23 11:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.09.08 09:51:24 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.12.06 19:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.20 14:10:10 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV:64bit: - [2012.04.20 14:10:03 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:64bit: - [2012.04.20 14:09:56 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:64bit: - [2012.04.20 14:09:37 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos) DRV:64bit: - [2012.04.20 14:07:57 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV:64bit: - [2012.04.20 14:07:44 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv) DRV:64bit: - [2012.04.20 14:07:29 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox) DRV:64bit: - [2012.04.20 14:07:16 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.11.03 13:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.07.31 11:55:25 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.06 11:29:18 | 000,151,312 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ncplelhp.sys -- (ncplelhp) DRV:64bit: - [2010.06.25 14:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.05.25 07:14:34 | 000,031,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys -- (OXUDIDRV) DRV:64bit: - [2010.04.13 23:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010.04.09 09:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.03.20 05:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010.03.09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.02.26 21:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.22 06:26:13 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.01.22 08:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.01.22 08:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.01.22 07:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.01.19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK) DRV:64bit: - [2010.01.09 01:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2009.11.02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.11.01 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.09.28 07:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64) Oxford Semi eSATA Filter (x64) DRV:64bit: - [2009.09.17 22:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.09.16 16:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.07.17 09:14:12 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.17 07:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009.07.17 07:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan) DRV:64bit: - [2009.07.01 10:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.01 10:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.01 10:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.15 21:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.07 13:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008.06.27 05:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.14 05:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2006.07.24 14:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7FFF0F11-9689-4332-9A94-D052D5611BC8} IE:64bit: - HKLM\..\SearchScopes\{7FFF0F11-9689-4332-9A94-D052D5611BC8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {F140DA4C-B876-480E-ADB2-20C59AE72724} IE - HKLM\..\SearchScopes\{F140DA4C-B876-480E-ADB2-20C59AE72724}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {7FFF0F11-9689-4332-9A94-D052D5611BC8} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {7FFF0F11-9689-4332-9A94-D052D5611BC8} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Bro\Desktop IE - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\..\SearchScopes,DefaultScope = {0178DB44-AD3E-478E-BED6-DA9D39AF251C} IE - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\..\SearchScopes\{0178DB44-AD3E-478E-BED6-DA9D39AF251C}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "TO-Search-Engine-world Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2393657&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google Deutschland" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 4444 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 4444 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 4444 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 4444 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 4444 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 4444 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 4444 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programms on D\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012.04.20 14:12:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.17 15:35:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.22 10:37:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\Programms on D\Thunderbird\components [2012.02.24 12:50:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\Programms on D\Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012.04.20 14:12:52 | 000,000,000 | ---D | M] [2010.02.11 18:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Extensions [2011.08.22 17:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\0jlqn9ab.I2P\extensions [2011.08.22 17:41:13 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\0jlqn9ab.I2P\extensions\de-DE@dictionaries.addons.mozilla.org [2012.05.05 16:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\23a5mxjj.Tor2\extensions [2011.10.13 10:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions [2011.10.13 10:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2012.05.05 16:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\mx8f5eqw.default\extensions [2011.08.22 17:40:03 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\mx8f5eqw.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.03.28 16:13:44 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\mx8f5eqw.default\extensions\foxyproxy@eric.h.jung [2011.05.09 11:42:21 | 000,002,454 | ---- | M] () -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\mx8f5eqw.default\searchplugins\google-deutschland.xml [2011.05.09 11:42:21 | 000,002,060 | ---- | M] () -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\mx8f5eqw.default\searchplugins\google-uae.xml [2012.01.06 14:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions () (No name found) -- C:\USERS\BRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX8F5EQW.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\BRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX8F5EQW.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\USERS\BRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX8F5EQW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\BRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX8F5EQW.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.03.17 15:35:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.30 14:32:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.30 14:32:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.30 14:32:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.30 14:32:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.30 14:32:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.30 14:32:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.22 08:17:46 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programms on D\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000..\Run: [TrueCrypt] D:\Programms on D\TrueCrypt.exe (TrueCrypt Foundation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\AMS User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.42.3.33 141.42.2.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6B3A2C-EFE6-492F-8773-D271A4153DA8}: DhcpNameServer = 141.42.3.33 141.42.2.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29694DF3-1B17-4DB2-9273-B537D9C77A5D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAC49198-987D-4635-8C67-51AC97FDA001}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC985235-42D8-4DCD-A170-B21049B42ED3}: DhcpNameServer = 80.227.2.2 80.227.2.3 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1715cc3e-7b88-11e0-98d9-ece866e31532}\Shell - "" = AutoRun O33 - MountPoints2\{1715cc4d-7b88-11e0-98d9-ece866e31532}\Shell - "" = AutoRun O33 - MountPoints2\{1715cc4d-7b88-11e0-98d9-ece866e31532}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{20b11de5-78b9-11e0-8ad1-e3bf5428e8cd}\Shell - "" = AutoRun O33 - MountPoints2\{48c57852-7a1d-11e0-af5d-f3d0ebe0ff2d}\Shell - "" = AutoRun O33 - MountPoints2\{48c57861-7a1d-11e0-af5d-f3d0ebe0ff2d}\Shell - "" = AutoRun O33 - MountPoints2\{70eb0b0f-78d2-11e0-94c4-d71f93b3bcc5}\Shell - "" = AutoRun O33 - MountPoints2\{8c28c940-7ad6-11e0-8bca-81f349cb987d}\Shell - "" = AutoRun O33 - MountPoints2\{8c28c948-7ad6-11e0-8bca-81f349cb987d}\Shell - "" = AutoRun O33 - MountPoints2\{94ad5164-78d0-11e0-8741-ed858143fe36}\Shell - "" = AutoRun O33 - MountPoints2\{9d89f51b-7a05-11e0-a29f-ebc4339abb22}\Shell - "" = AutoRun O33 - MountPoints2\{9d89f529-7a05-11e0-a29f-ebc4339abb22}\Shell - "" = AutoRun O33 - MountPoints2\{a4e62c6d-1ee9-11e0-ba9c-a4862506527b}\Shell - "" = AutoRun O33 - MountPoints2\{a6a975a5-7acb-11e0-8b85-88760c880a3b}\Shell - "" = AutoRun O33 - MountPoints2\{a6a975cd-7acb-11e0-8b85-88760c880a3b}\Shell - "" = AutoRun O33 - MountPoints2\{a6a975dc-7acb-11e0-8b85-88760c880a3b}\Shell - "" = AutoRun O33 - MountPoints2\{c10be5b1-a68f-11df-b4b9-0026b920e068}\Shell - "" = AutoRun O33 - MountPoints2\{c7dd1578-7a75-11e0-86cf-b7384ae2f7c7}\Shell - "" = AutoRun O33 - MountPoints2\{c7dd1588-7a75-11e0-86cf-b7384ae2f7c7}\Shell - "" = AutoRun O33 - MountPoints2\{d4dc76cd-5ec1-11e0-87a6-cfb768120c1c}\Shell - "" = AutoRun O33 - MountPoints2\{de3f1975-7e31-11e1-b35d-0026b920e068}\Shell - "" = AutoRun O33 - MountPoints2\{de3f1975-7e31-11e1-b35d-0026b920e068}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\hbm2008/index.htm O33 - MountPoints2\{f7d47cab-7e0c-11e0-8b76-f913fbf6b82b}\Shell - "" = AutoRun O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\hbm2008/index.htm O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^Users^Bro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Bro\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpReg: Apoint - hkey= - key= - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - Service SafeBootMin:64bit: MCODS - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: prwntdrv - Reg Error: Value error. SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: prwntdrv - Reg Error: Value error. SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: mcmscsvc - Service SafeBootNet:64bit: MCODS - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: prwntdrv - Reg Error: Value error. SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: prwntdrv - Reg Error: Value error. SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.07 12:58:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Bro\Desktop\OTL.exe [2012.05.06 14:44:35 | 000,000,000 | ---D | C] -- C:\Users\Bro\Desktop\Trojaner [2012.05.04 09:03:56 | 000,000,000 | ---D | C] -- C:\Users\Bro\Desktop\Paper Guidelines [2012.05.03 09:47:07 | 000,000,000 | ---D | C] -- C:\Users\Bro\AppData\Roaming\Malwarebytes [2012.05.03 09:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.03 09:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.03 09:46:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.04.29 10:25:07 | 000,000,000 | ---D | C] -- C:\Users\Bro\AppData\Roaming\tor [2012.04.29 10:24:45 | 000,000,000 | ---D | C] -- C:\Users\Bro\AppData\Local\Vidalia [2012.04.25 17:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN [2012.04.25 16:47:33 | 000,000,000 | ---D | C] -- C:\Users\Bro\Desktop\tests [2012.04.20 14:25:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.04.20 14:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2012.04.20 14:10:03 | 000,691,896 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2012.04.20 14:09:56 | 000,545,064 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys [2012.04.20 14:09:37 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys [2012.04.20 14:07:44 | 000,258,736 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys [2012.04.20 14:07:39 | 000,090,192 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys [2012.04.20 14:07:29 | 000,079,952 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys [2012.04.20 14:07:16 | 000,442,088 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys [2012.04.20 13:39:02 | 000,000,000 | ---D | C] -- C:\BDLOGS [2012.04.20 13:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012 [2012.04.20 13:35:24 | 000,000,000 | ---D | C] -- C:\Users\Bro\AppData\Roaming\Bitdefender [2012.04.20 13:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2012.04.20 13:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2012.04.17 10:58:09 | 000,000,000 | ---D | C] -- C:\Users\Bro\AppData\Roaming\vlc [2012.04.17 10:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Bro\Desktop\*.tmp files -> C:\Users\Bro\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.07 12:59:57 | 000,029,889 | ---- | M] () -- C:\Users\Bro\Desktop\Capture.JPG [2012.05.07 12:59:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.07 12:50:36 | 000,525,547 | ---- | M] () -- C:\Users\Bro\Desktop\aaaa.pdf [2012.05.07 12:25:32 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.05.07 11:55:08 | 000,095,024 | ---- | M] () -- C:\Users\Bro\Desktop\Wunschkennzeichen Berlin.JPG [2012.05.07 09:33:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.07 09:33:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.07 09:24:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.07 09:24:11 | 3111,514,112 | -HS- | M] () -- C:\hiberfil.sys [2012.05.07 09:10:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.05.07 09:10:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.05.06 13:23:15 | 000,798,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.06 13:23:15 | 000,675,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.06 13:23:15 | 000,125,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.03 09:56:49 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Bro\Desktop\OTL.exe [2012.04.29 14:41:01 | 000,011,207 | ---- | M] () -- C:\Users\Bro\Desktop\DATA_MCMC_WIL.spv [2012.04.29 14:34:40 | 000,012,788 | ---- | M] () -- C:\Users\Bro\Desktop\DATA_MCMC.sav [2012.04.26 16:01:41 | 000,659,511 | ---- | M] () -- C:\Users\Bro\Desktop\DATA_MCMC_NV.spv [2012.04.20 14:10:03 | 000,691,896 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2012.04.20 14:09:56 | 000,545,064 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys [2012.04.20 14:09:37 | 000,329,800 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys [2012.04.20 14:07:44 | 000,258,736 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys [2012.04.20 14:07:39 | 000,090,192 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys [2012.04.20 14:07:29 | 000,079,952 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys [2012.04.20 14:07:16 | 000,442,088 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys [2012.04.20 13:58:25 | 000,307,684 | ---- | M] () -- C:\ProgramData\1334921041.bdinstall.bin [2012.04.20 13:37:02 | 000,000,262 | -H-- | M] () -- C:\bdr-conf [2012.04.20 13:35:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2012.04.20 13:15:17 | 000,552,497 | ---- | M] () -- C:\ProgramData\bdinstall.bin [2012.04.19 11:45:06 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.04.19 11:45:05 | 000,000,728 | ---- | M] () -- C:\Users\Bro\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Bro\Desktop\*.tmp files -> C:\Users\Bro\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.07 12:59:44 | 000,029,889 | ---- | C] () -- C:\Users\Bro\Desktop\Capture.JPG [2012.05.07 12:50:36 | 000,525,547 | ---- | C] () -- C:\Users\Bro\Desktop\aaaa.pdf [2012.05.07 11:55:08 | 000,095,024 | ---- | C] () -- C:\Users\Bro\Desktop\Wunschkennzeichen Berlin.JPG [2012.05.07 09:25:49 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.04.29 14:41:01 | 000,011,207 | ---- | C] () -- C:\Users\Bro\Desktop\DATA_MCMC_WIL.spv [2012.04.26 16:02:55 | 000,012,788 | ---- | C] () -- C:\Users\Bro\Desktop\DATA_MCMC.sav [2012.04.26 16:01:39 | 000,659,511 | ---- | C] () -- C:\Users\Bro\Desktop\DATA_MCMC_NV.spv [2012.04.20 13:58:25 | 000,307,684 | ---- | C] () -- C:\ProgramData\1334921041.bdinstall.bin [2012.04.20 13:37:02 | 000,000,262 | -H-- | C] () -- C:\bdr-conf [2012.04.20 13:37:01 | 026,550,299 | -H-- | C] () -- C:\bdrescue.gz [2012.04.20 13:37:01 | 002,510,608 | -H-- | C] () -- C:\bdrescue.vm [2012.04.20 13:37:01 | 000,217,769 | -H-- | C] () -- C:\bdrescue [2012.04.20 13:37:01 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr [2012.04.20 13:35:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2012.04.07 16:11:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.04 11:37:21 | 000,013,600 | ---- | C] () -- C:\Windows\SysWow64\sasperf.dll [2012.01.03 17:05:25 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\EloSetOptions.exe [2012.01.03 16:54:55 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\H264VDEC.dll [2012.01.03 16:54:55 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\fileconvert.exe [2011.12.25 19:33:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011.09.26 08:37:02 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2011.09.26 08:37:02 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2011.06.24 18:57:03 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.06.24 18:57:03 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2011.05.31 14:53:28 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI [2011.04.25 08:19:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.04.25 08:19:06 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.04.23 08:57:25 | 000,552,497 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.04.18 08:58:42 | 000,143,055 | ---- | C] () -- C:\Windows\hpwins28.dat [2011.04.18 08:58:42 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat [2011.04.04 16:35:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2011.03.24 16:23:04 | 000,006,577 | ---- | C] () -- C:\Users\Bro\AppData\Roaming\Microsoft Excel 97-2003.EML [2010.08.04 09:19:56 | 000,192,808 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat ========== LOP Check ========== [2010.10.02 09:54:11 | 000,000,000 | -HSD | M] -- C:\Users\Bro\AppData\Roaming\.# [2011.09.12 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\.purple [2011.03.24 13:37:15 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\1&1 [2012.04.20 13:39:03 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Bitdefender [2011.06.29 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\DAEMON Tools Pro [2012.04.27 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Dropbox [2012.03.16 09:15:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\elsterformular [2012.05.04 11:04:12 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\EndNote [2011.12.25 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Epson [2010.12.12 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Feedreader [2011.08.16 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\FRITZ! [2011.09.02 12:35:28 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\GlarySoft [2011.08.15 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\gnupg [2012.01.21 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\HTC [2011.02.26 09:39:33 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.05.06 14:16:29 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\i2p [2011.08.10 17:32:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\JonDo [2011.06.26 16:52:15 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\LANCOM [2010.02.13 13:51:57 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Lexmark [2010.07.01 17:07:53 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Mp3tag [2010.10.21 08:54:36 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Nokia [2010.10.21 08:19:58 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Nokia Ovi Suite [2011.11.15 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Outlook [2010.10.21 08:18:30 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PC Suite [2011.05.25 10:05:47 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PCDr [2011.10.18 09:04:14 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PersBackup5 [2011.04.23 09:12:13 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\QuickScan [2010.02.12 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Samsung [2012.04.04 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\SAS [2011.10.05 08:29:38 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\SPSSInc [2011.05.02 07:07:22 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Stardock [2010.12.19 17:02:03 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\TeamViewer [2011.05.11 06:41:14 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Telefónica [2011.09.17 15:06:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Thunderbird [2011.11.01 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\TrueCrypt [2012.05.07 12:25:32 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.04.19 11:45:06 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012.03.03 12:25:35 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.10.02 09:54:11 | 000,000,000 | -HSD | M] -- C:\Users\Bro\AppData\Roaming\.# [2011.09.12 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\.purple [2011.03.24 13:37:15 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\1&1 [2010.02.16 11:28:39 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\ABBYY [2012.04.09 16:00:45 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Adobe [2010.02.11 01:37:21 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\ATI [2012.04.20 13:39:03 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Bitdefender [2010.02.14 19:20:40 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Creative [2011.06.29 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\DAEMON Tools Pro [2011.05.25 10:15:23 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Dell [2012.04.27 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Dropbox [2010.11.21 22:33:24 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\dvdcss [2012.03.16 09:15:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\elsterformular [2012.05.04 11:04:12 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\EndNote [2011.12.25 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Epson [2010.12.12 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Feedreader [2011.08.16 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\FRITZ! [2011.09.02 12:35:28 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\GlarySoft [2011.08.15 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\gnupg [2011.04.18 09:07:33 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\HP [2012.01.21 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\HTC [2011.02.26 09:39:33 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.05.06 14:16:29 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\i2p [2010.02.11 01:36:46 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Identities [2010.04.24 10:55:08 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\InstallShield [2011.08.10 17:32:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\JonDo [2011.06.26 16:52:15 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\LANCOM [2010.02.13 13:51:57 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Lexmark [2011.07.07 09:30:23 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Logishrd [2011.07.07 09:30:23 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Logitech [2012.05.07 10:13:18 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Macromedia [2012.05.03 09:47:07 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Media Center Programs [2010.12.13 14:09:58 | 000,000,000 | --SD | M] -- C:\Users\Bro\AppData\Roaming\Microsoft [2010.02.11 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Mozilla [2010.07.01 17:07:53 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Mp3tag [2010.05.03 12:32:44 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Nero [2010.10.21 08:54:36 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Nokia [2010.10.21 08:19:58 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Nokia Ovi Suite [2011.11.15 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Outlook [2010.10.21 08:18:30 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PC Suite [2011.05.25 10:05:47 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PCDr [2011.10.18 09:04:14 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PersBackup5 [2011.04.23 09:12:13 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\QuickScan [2010.02.14 19:22:09 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Reallusion [2010.02.11 01:37:27 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Roxio [2010.02.20 19:12:31 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Roxio Log Files [2010.02.12 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Samsung [2012.04.04 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\SAS [2012.03.22 18:09:03 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Skype [2010.08.13 14:00:32 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\skypePM [2011.10.05 08:29:38 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\SPSSInc [2011.05.02 07:07:22 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Stardock [2010.12.19 17:02:03 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\TeamViewer [2011.05.11 06:41:14 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Telefónica [2011.09.17 15:06:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Thunderbird [2012.04.29 10:25:39 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\tor [2011.11.01 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\TrueCrypt [2010.08.13 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\U3 [2012.04.17 11:06:43 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\vlc [2011.05.05 15:48:18 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\VMware [2012.05.07 09:18:51 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Winamp [2010.02.11 20:06:44 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bro\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bro\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.03.16 09:42:13 | 006,232,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bro\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur11.exe [2012.01.17 17:03:35 | 054,303,944 | ---- | M] (Dell Inc) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_16_64_02.exe [2012.02.10 14:04:17 | 055,252,360 | ---- | M] (Dell Inc) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_23_64_01.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\018a0687-7541-45a7-85d6-0e7c83c0ec2e\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\13635bc9-9c22-49d5-9123-e3babc046dc7\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\41c51aca-4f44-406f-a40a-ed48026bface\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\4785ee4d-388a-4f61-9575-bdd209ee1f01\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\4b578d8f-44cf-457a-9198-0cee61b9ed71\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\54e1cb35-ad90-4d36-ba96-9f2049d62a7c\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\593ce758-d828-4be0-9c22-c5b7b2e27909\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\63e26ee6-2818-4c65-a696-83aa77aaeab5\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\6fa49e2a-450c-4dcc-bf0a-cf4f240b96d9\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\8179cbe7-daa1-48b0-a20f-ab343fe80889\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\85216421-7966-4aa3-b6ca-87c3dd9f07e4\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\919870c9-5eb7-4ead-800d-2402359c1128\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\92ed900e-d09a-4df7-b3fb-34b68f95f6fd\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\a3fe7807-1d07-4843-ba48-c29fc28f325d\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\a6cd0136-c12e-4efe-90bb-4a318abd6d06\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\bd8cd5b5-fbab-4709-a26d-0c31d692a01b\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\d0275b76-9580-4b10-9c65-78009d835e9e\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\dfe4fe48-09d5-4eed-b238-a9fad91dfcfe\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\fb440c28-ff06-46ca-b097-063ee7caf030\au_5899_rules\AddCertificate.exe [2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\ff8d9117-b3f7-46df-ac13-13d1f3b343ff\au_5899_rules\AddCertificate.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2012.04.20 14:09:56 | 000,007,840 | ---- | M] () MD5=A8B15EC290C2F28AF39A6FE02F0ACF0D -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Files - Unicode (All) ========== [2011.04.23 09:20:22 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 [2011.04.23 09:20:22 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 < End of report > |
|
07.05.2012, 13:12
| #17 |
| | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Ich hatte noch etwas vergessen: Seitdem ich den neuen Bitdefender installiert habe bekomme ich immer die Meldung "searchprotocolhost.exe baut Verbindung zum Remote-Server auf" siehe sreenshot im Anhang. Ich weiss nicht, ob das irgendwie zusammen haengt... Geändert von edlarge (07.05.2012 um 13:23 Uhr) |
|
07.05.2012, 14:06
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 4444
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 4444
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 4444
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4444
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4444
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 4444
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4444
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - prefs.js..browser.search.defaultthis.engineName: "TO-Search-Engine-world Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2393657&SearchSource=3&q={searchTerms}"
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\AMS User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1715cc3e-7b88-11e0-98d9-ece866e31532}\Shell - "" = AutoRun
O33 - MountPoints2\{1715cc4d-7b88-11e0-98d9-ece866e31532}\Shell - "" = AutoRun
O33 - MountPoints2\{1715cc4d-7b88-11e0-98d9-ece866e31532}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{20b11de5-78b9-11e0-8ad1-e3bf5428e8cd}\Shell - "" = AutoRun
O33 - MountPoints2\{48c57852-7a1d-11e0-af5d-f3d0ebe0ff2d}\Shell - "" = AutoRun
O33 - MountPoints2\{48c57861-7a1d-11e0-af5d-f3d0ebe0ff2d}\Shell - "" = AutoRun
O33 - MountPoints2\{70eb0b0f-78d2-11e0-94c4-d71f93b3bcc5}\Shell - "" = AutoRun
O33 - MountPoints2\{8c28c940-7ad6-11e0-8bca-81f349cb987d}\Shell - "" = AutoRun
O33 - MountPoints2\{8c28c948-7ad6-11e0-8bca-81f349cb987d}\Shell - "" = AutoRun
O33 - MountPoints2\{94ad5164-78d0-11e0-8741-ed858143fe36}\Shell - "" = AutoRun
O33 - MountPoints2\{9d89f51b-7a05-11e0-a29f-ebc4339abb22}\Shell - "" = AutoRun
O33 - MountPoints2\{9d89f529-7a05-11e0-a29f-ebc4339abb22}\Shell - "" = AutoRun
O33 - MountPoints2\{a4e62c6d-1ee9-11e0-ba9c-a4862506527b}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a975a5-7acb-11e0-8b85-88760c880a3b}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a975cd-7acb-11e0-8b85-88760c880a3b}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a975dc-7acb-11e0-8b85-88760c880a3b}\Shell - "" = AutoRun
O33 - MountPoints2\{c10be5b1-a68f-11df-b4b9-0026b920e068}\Shell - "" = AutoRun
O33 - MountPoints2\{c7dd1578-7a75-11e0-86cf-b7384ae2f7c7}\Shell - "" = AutoRun
O33 - MountPoints2\{c7dd1588-7a75-11e0-86cf-b7384ae2f7c7}\Shell - "" = AutoRun
O33 - MountPoints2\{d4dc76cd-5ec1-11e0-87a6-cfb768120c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{de3f1975-7e31-11e1-b35d-0026b920e068}\Shell - "" = AutoRun
O33 - MountPoints2\{de3f1975-7e31-11e1-b35d-0026b920e068}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\hbm2008/index.htm
O33 - MountPoints2\{f7d47cab-7e0c-11e0-8b76-f913fbf6b82b}\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\hbm2008/index.htm
[2010.10.02 09:54:11 | 000,000,000 | -HSD | M] -- C:\Users\Bro\AppData\Roaming\.#
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
07.05.2012, 14:37
| #19 |
| | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? So, alles gemacht: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp
Prefs.js: 4444 removed from network.proxy.backup.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.socks
Prefs.js: 4444 removed from network.proxy.backup.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ssl
Prefs.js: 4444 removed from network.proxy.backup.ssl_port
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 4444 removed from network.proxy.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 4444 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 4444 removed from network.proxy.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 4444 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "TO-Search-Engine-world Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2393657&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\AMS User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1715cc3e-7b88-11e0-98d9-ece866e31532}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1715cc3e-7b88-11e0-98d9-ece866e31532}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1715cc4d-7b88-11e0-98d9-ece866e31532}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1715cc4d-7b88-11e0-98d9-ece866e31532}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1715cc4d-7b88-11e0-98d9-ece866e31532}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1715cc4d-7b88-11e0-98d9-ece866e31532}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20b11de5-78b9-11e0-8ad1-e3bf5428e8cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20b11de5-78b9-11e0-8ad1-e3bf5428e8cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48c57852-7a1d-11e0-af5d-f3d0ebe0ff2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48c57852-7a1d-11e0-af5d-f3d0ebe0ff2d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48c57861-7a1d-11e0-af5d-f3d0ebe0ff2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48c57861-7a1d-11e0-af5d-f3d0ebe0ff2d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70eb0b0f-78d2-11e0-94c4-d71f93b3bcc5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70eb0b0f-78d2-11e0-94c4-d71f93b3bcc5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c28c940-7ad6-11e0-8bca-81f349cb987d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c28c940-7ad6-11e0-8bca-81f349cb987d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c28c948-7ad6-11e0-8bca-81f349cb987d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c28c948-7ad6-11e0-8bca-81f349cb987d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94ad5164-78d0-11e0-8741-ed858143fe36}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94ad5164-78d0-11e0-8741-ed858143fe36}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d89f51b-7a05-11e0-a29f-ebc4339abb22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d89f51b-7a05-11e0-a29f-ebc4339abb22}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d89f529-7a05-11e0-a29f-ebc4339abb22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d89f529-7a05-11e0-a29f-ebc4339abb22}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e62c6d-1ee9-11e0-ba9c-a4862506527b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4e62c6d-1ee9-11e0-ba9c-a4862506527b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6a975a5-7acb-11e0-8b85-88760c880a3b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6a975a5-7acb-11e0-8b85-88760c880a3b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6a975cd-7acb-11e0-8b85-88760c880a3b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6a975cd-7acb-11e0-8b85-88760c880a3b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6a975dc-7acb-11e0-8b85-88760c880a3b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6a975dc-7acb-11e0-8b85-88760c880a3b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c10be5b1-a68f-11df-b4b9-0026b920e068}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c10be5b1-a68f-11df-b4b9-0026b920e068}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7dd1578-7a75-11e0-86cf-b7384ae2f7c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7dd1578-7a75-11e0-86cf-b7384ae2f7c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7dd1588-7a75-11e0-86cf-b7384ae2f7c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7dd1588-7a75-11e0-86cf-b7384ae2f7c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4dc76cd-5ec1-11e0-87a6-cfb768120c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4dc76cd-5ec1-11e0-87a6-cfb768120c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de3f1975-7e31-11e1-b35d-0026b920e068}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de3f1975-7e31-11e1-b35d-0026b920e068}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de3f1975-7e31-11e1-b35d-0026b920e068}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de3f1975-7e31-11e1-b35d-0026b920e068}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\hbm2008/index.htm not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7d47cab-7e0c-11e0-8b76-f913fbf6b82b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7d47cab-7e0c-11e0-8b76-f913fbf6b82b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\hbm2008/index.htm not found.
C:\Users\Bro\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AMS User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Bro
->Temp folder emptied: 416233 bytes
->Temporary Internet Files folder emptied: 139445 bytes
->Java cache emptied: 8806547 bytes
->FireFox cache emptied: 106491972 bytes
->Flash cache emptied: 456 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6247224 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9746007 bytes
RecycleBin emptied: 230551934 bytes
Total Files Cleaned = 346,00 mb
[EMPTYFLASH]
User: All Users
User: AMS User
User: Bro
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.2 log created on 05072012_152447
Files\Folders moved on Reboot...
C:\Users\Bro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
07.05.2012, 15:33
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2012, 15:57
| #21 |
| | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Er hat nur den OpenVPN gefunden. Den brauch ich allerdings, deshalb habe ich geskippt... Code:
ATTFilter 16:54:03.0705 4424 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:54:03.0736 4424 ============================================================
16:54:03.0736 4424 Current date / time: 2012/05/07 16:54:03.0736
16:54:03.0736 4424 SystemInfo:
16:54:03.0736 4424
16:54:03.0736 4424 OS Version: 6.1.7601 ServicePack: 1.0
16:54:03.0736 4424 Product type: Workstation
16:54:03.0736 4424 ComputerName: DELL
16:54:03.0736 4424 UserName: Bro
16:54:03.0736 4424 Windows directory: C:\Windows
16:54:03.0736 4424 System windows directory: C:\Windows
16:54:03.0736 4424 Running under WOW64
16:54:03.0736 4424 Processor architecture: Intel x64
16:54:03.0736 4424 Number of processors: 4
16:54:03.0736 4424 Page size: 0x1000
16:54:03.0736 4424 Boot type: Normal boot
16:54:03.0736 4424 ============================================================
16:54:04.0969 4424 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:54:04.0969 4424 ============================================================
16:54:04.0969 4424 \Device\Harddisk0\DR0:
16:54:04.0984 4424 MBR partitions:
16:54:04.0984 4424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
16:54:04.0984 4424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
16:54:05.0000 4424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800
16:54:05.0000 4424 ============================================================
16:54:05.0047 4424 D: <-> \Device\Harddisk0\DR0\Partition2
16:54:05.0047 4424 ============================================================
16:54:05.0047 4424 Initialize success
16:54:05.0047 4424 ============================================================
16:54:11.0552 4232 ============================================================
16:54:11.0552 4232 Scan started
16:54:11.0552 4232 Mode: Manual; SigCheck; TDLFS;
16:54:11.0552 4232 ============================================================
16:54:11.0895 4232 1394ohci - ok
16:54:11.0895 4232 ABBYY.Licensing.FineReader.Professional.9.0 - ok
16:54:11.0911 4232 ACPI - ok
16:54:11.0911 4232 AcpiPmi - ok
16:54:11.0911 4232 adfs - ok
16:54:11.0911 4232 AdobeARMservice - ok
16:54:11.0958 4232 AdobeFlashPlayerUpdateSvc - ok
16:54:11.0958 4232 adp94xx - ok
16:54:11.0958 4232 adpahci - ok
16:54:11.0973 4232 adpu320 - ok
16:54:11.0973 4232 AeLookupSvc - ok
16:54:11.0989 4232 AERTFilters - ok
16:54:11.0989 4232 AFD - ok
16:54:11.0989 4232 agp440 - ok
16:54:12.0004 4232 ALG - ok
16:54:12.0004 4232 aliide - ok
16:54:12.0004 4232 AMD External Events Utility - ok
16:54:12.0004 4232 amdide - ok
16:54:12.0004 4232 AmdK8 - ok
16:54:12.0020 4232 amdkmdag - ok
16:54:12.0020 4232 amdkmdap - ok
16:54:12.0020 4232 AmdPPM - ok
16:54:12.0020 4232 amdsata - ok
16:54:12.0020 4232 amdsbs - ok
16:54:12.0036 4232 amdxata - ok
16:54:12.0036 4232 ApfiltrService - ok
16:54:12.0036 4232 AppID - ok
16:54:12.0036 4232 AppIDSvc - ok
16:54:12.0036 4232 Appinfo - ok
16:54:12.0051 4232 arc - ok
16:54:12.0051 4232 arcsas - ok
16:54:12.0051 4232 AsyncMac - ok
16:54:12.0051 4232 atapi - ok
16:54:12.0067 4232 AtiHdmiService - ok
16:54:12.0067 4232 atikmdag - ok
16:54:12.0067 4232 AudioEndpointBuilder - ok
16:54:12.0067 4232 AudioSrv - ok
16:54:12.0098 4232 avc3 - ok
16:54:12.0114 4232 avchv - ok
16:54:12.0114 4232 avckf - ok
16:54:12.0114 4232 AxInstSV - ok
16:54:12.0114 4232 b06bdrv - ok
16:54:12.0129 4232 b57nd60a - ok
16:54:12.0129 4232 BCM42RLY - ok
16:54:12.0129 4232 BCM43XX - ok
16:54:12.0145 4232 BDESVC - ok
16:54:12.0145 4232 BdfNdisf - ok
16:54:12.0145 4232 bdfsfltr - ok
16:54:12.0160 4232 bdfwfpf - ok
16:54:12.0160 4232 bdsandbox - ok
16:54:12.0160 4232 BDVEDISK - ok
16:54:12.0160 4232 Beep - ok
16:54:12.0176 4232 BFE - ok
16:54:12.0176 4232 BITS - ok
16:54:12.0176 4232 blbdrive - ok
16:54:12.0176 4232 bowser - ok
16:54:12.0192 4232 BrFiltLo - ok
16:54:12.0192 4232 BrFiltUp - ok
16:54:12.0192 4232 Browser - ok
16:54:12.0192 4232 Brserid - ok
16:54:12.0192 4232 BrSerWdm - ok
16:54:12.0207 4232 BrUsbMdm - ok
16:54:12.0207 4232 BrUsbSer - ok
16:54:12.0207 4232 BthEnum - ok
16:54:12.0207 4232 BTHMODEM - ok
16:54:12.0207 4232 BthPan - ok
16:54:12.0223 4232 BTHPORT - ok
16:54:12.0223 4232 bthserv - ok
16:54:12.0223 4232 BTHUSB - ok
16:54:12.0223 4232 btusbflt - ok
16:54:12.0238 4232 btwaudio - ok
16:54:12.0238 4232 btwavdt - ok
16:54:12.0238 4232 btwdins - ok
16:54:12.0238 4232 btwl2cap - ok
16:54:12.0238 4232 btwrchid - ok
16:54:12.0254 4232 cdfs - ok
16:54:12.0254 4232 cdrom - ok
16:54:12.0254 4232 CertPropSvc - ok
16:54:12.0254 4232 circlass - ok
16:54:12.0254 4232 CLFS - ok
16:54:12.0270 4232 clr_optimization_v2.0.50727_32 - ok
16:54:12.0270 4232 clr_optimization_v2.0.50727_64 - ok
16:54:12.0270 4232 clr_optimization_v4.0.30319_32 - ok
16:54:12.0270 4232 clr_optimization_v4.0.30319_64 - ok
16:54:12.0285 4232 CmBatt - ok
16:54:12.0285 4232 cmdide - ok
16:54:12.0285 4232 CNG - ok
16:54:12.0285 4232 Compbatt - ok
16:54:12.0285 4232 CompositeBus - ok
16:54:12.0301 4232 COMSysApp - ok
16:54:12.0301 4232 crcdisk - ok
16:54:12.0301 4232 CryptSvc - ok
16:54:12.0301 4232 CtClsFlt - ok
16:54:12.0316 4232 DcomLaunch - ok
16:54:12.0316 4232 defragsvc - ok
16:54:12.0316 4232 DfsC - ok
16:54:12.0316 4232 Dhcp - ok
16:54:12.0332 4232 discache - ok
16:54:12.0332 4232 Disk - ok
16:54:12.0332 4232 Dnscache - ok
16:54:12.0332 4232 dot3svc - ok
16:54:12.0332 4232 Dot4 - ok
16:54:12.0348 4232 Dot4Print - ok
16:54:12.0348 4232 Dot4Scan - ok
16:54:12.0348 4232 dot4usb - ok
16:54:12.0348 4232 DPS - ok
16:54:12.0363 4232 drmkaud - ok
16:54:12.0363 4232 DXGKrnl - ok
16:54:12.0363 4232 EapHost - ok
16:54:12.0363 4232 ebdrv - ok
16:54:12.0363 4232 EFS - ok
16:54:12.0379 4232 ehRecvr - ok
16:54:12.0379 4232 ehSched - ok
16:54:12.0379 4232 EloSystemService - ok
16:54:12.0379 4232 elxstor - ok
16:54:12.0394 4232 EPSON_EB_RPCV4_04 - ok
16:54:12.0394 4232 EPSON_PM_RPCV4_04 - ok
16:54:12.0394 4232 ErrDev - ok
16:54:12.0410 4232 EventSystem - ok
16:54:12.0410 4232 ewusbnet - ok
16:54:12.0410 4232 ew_hwusbdev - ok
16:54:12.0410 4232 exfat - ok
16:54:12.0426 4232 fastfat - ok
16:54:12.0426 4232 Fax - ok
16:54:12.0426 4232 fdc - ok
16:54:12.0426 4232 fdPHost - ok
16:54:12.0441 4232 FDResPub - ok
16:54:12.0441 4232 FileInfo - ok
16:54:12.0441 4232 Filetrace - ok
16:54:12.0441 4232 FLEXnet Licensing Service - ok
16:54:12.0457 4232 FLEXnet Licensing Service 64 - ok
16:54:12.0457 4232 flpydisk - ok
16:54:12.0457 4232 FltMgr - ok
16:54:12.0457 4232 FontCache - ok
16:54:12.0457 4232 FontCache3.0.0.0 - ok
16:54:12.0472 4232 FsDepends - ok
16:54:12.0472 4232 Fs_Rec - ok
16:54:12.0472 4232 fvevol - ok
16:54:12.0472 4232 gagp30kx - ok
16:54:12.0488 4232 getPlusHelper - ok
16:54:12.0488 4232 gpsvc - ok
16:54:12.0488 4232 hcw85cir - ok
16:54:12.0488 4232 HdAudAddService - ok
16:54:12.0504 4232 HDAudBus - ok
16:54:12.0504 4232 HECIx64 - ok
16:54:12.0504 4232 HidBatt - ok
16:54:12.0504 4232 HidBth - ok
16:54:12.0519 4232 HidIr - ok
16:54:12.0519 4232 hidserv - ok
16:54:12.0519 4232 HidUsb - ok
16:54:12.0519 4232 hkmsvc - ok
16:54:12.0535 4232 HomeGroupListener - ok
16:54:12.0535 4232 HomeGroupProvider - ok
16:54:12.0535 4232 HpSAMD - ok
16:54:12.0535 4232 HPSLPSVC - ok
16:54:12.0550 4232 HTCAND64 - ok
16:54:12.0550 4232 htcnprot - ok
16:54:12.0550 4232 HTTP - ok
16:54:12.0550 4232 Huawei - ok
16:54:12.0566 4232 huawei_enumerator - ok
16:54:12.0566 4232 hwdatacard - ok
16:54:12.0566 4232 hwpolicy - ok
16:54:12.0582 4232 hwusbdev - ok
16:54:12.0582 4232 i8042prt - ok
16:54:12.0582 4232 iaStorV - ok
16:54:12.0582 4232 idsvc - ok
16:54:12.0597 4232 iirsp - ok
16:54:12.0597 4232 IKEEXT - ok
16:54:12.0597 4232 Impcd - ok
16:54:12.0613 4232 IntcAzAudAddService - ok
16:54:12.0613 4232 intelide - ok
16:54:12.0613 4232 intelppm - ok
16:54:12.0613 4232 IPBusEnum - ok
16:54:12.0628 4232 IpFilterDriver - ok
16:54:12.0628 4232 iphlpsvc - ok
16:54:12.0628 4232 IPMIDRV - ok
16:54:12.0644 4232 IPNAT - ok
16:54:12.0644 4232 IRENUM - ok
16:54:12.0644 4232 isapnp - ok
16:54:12.0644 4232 iScsiPrt - ok
16:54:12.0660 4232 kbdclass - ok
16:54:12.0660 4232 kbdhid - ok
16:54:12.0660 4232 KeyIso - ok
16:54:12.0660 4232 KSecDD - ok
16:54:12.0675 4232 KSecPkg - ok
16:54:12.0675 4232 ksthunk - ok
16:54:12.0675 4232 KtmRm - ok
16:54:12.0691 4232 LanmanServer - ok
16:54:12.0691 4232 LanmanWorkstation - ok
16:54:12.0691 4232 Lavasoft Ad-Aware Service - ok
16:54:12.0691 4232 Lbd - ok
16:54:12.0706 4232 lltdio - ok
16:54:12.0706 4232 lltdsvc - ok
16:54:12.0722 4232 lmhosts - ok
16:54:12.0722 4232 LMS - ok
16:54:12.0722 4232 LSI_FC - ok
16:54:12.0738 4232 LSI_SAS - ok
16:54:12.0738 4232 LSI_SAS2 - ok
16:54:12.0738 4232 LSI_SCSI - ok
16:54:12.0738 4232 luafv - ok
16:54:12.0753 4232 MBAMProtector - ok
16:54:12.0878 4232 MBAMService (ba400ed640bca1eae5c727ae17c10207) D:\Programms on D\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
16:54:13.0018 4232 MBAMService - ok
16:54:13.0018 4232 Mcx2Svc - ok
16:54:13.0034 4232 megasas - ok
16:54:13.0050 4232 MegaSR - ok
16:54:13.0050 4232 Microsoft Office Groove Audit Service - ok
16:54:13.0050 4232 MMCSS - ok
16:54:13.0050 4232 Modem - ok
16:54:13.0065 4232 monitor - ok
16:54:13.0065 4232 mouclass - ok
16:54:13.0065 4232 mouhid - ok
16:54:13.0065 4232 mountmgr - ok
16:54:13.0081 4232 mpio - ok
16:54:13.0081 4232 mpsdrv - ok
16:54:13.0081 4232 MpsSvc - ok
16:54:13.0096 4232 MRxDAV - ok
16:54:13.0096 4232 mrxsmb - ok
16:54:13.0096 4232 mrxsmb10 - ok
16:54:13.0096 4232 mrxsmb20 - ok
16:54:13.0112 4232 msahci - ok
16:54:13.0112 4232 msdsm - ok
16:54:13.0112 4232 MSDTC - ok
16:54:13.0128 4232 Msfs - ok
16:54:13.0128 4232 mshidkmdf - ok
16:54:13.0128 4232 msisadrv - ok
16:54:13.0143 4232 MSiSCSI - ok
16:54:13.0143 4232 msiserver - ok
16:54:13.0143 4232 MSKSSRV - ok
16:54:13.0159 4232 MSPCLOCK - ok
16:54:13.0159 4232 MSPQM - ok
16:54:13.0159 4232 MsRPC - ok
16:54:13.0174 4232 mssmbios - ok
16:54:13.0174 4232 MSSQLServerADHelper - ok
16:54:13.0174 4232 MSTEE - ok
16:54:13.0174 4232 MTConfig - ok
16:54:13.0190 4232 Mup - ok
16:54:13.0190 4232 napagent - ok
16:54:13.0190 4232 NativeWifiP - ok
16:54:13.0206 4232 ncplelhp - ok
16:54:13.0206 4232 NDIS - ok
16:54:13.0206 4232 NdisCap - ok
16:54:13.0221 4232 NdisTapi - ok
16:54:13.0221 4232 Ndisuio - ok
16:54:13.0221 4232 NdisWan - ok
16:54:13.0221 4232 NDProxy - ok
16:54:13.0237 4232 Nero BackItUp Scheduler 4.0 - ok
16:54:13.0237 4232 Net Driver HPZ12 - ok
16:54:13.0237 4232 NetBIOS - ok
16:54:13.0252 4232 NetBT - ok
16:54:13.0252 4232 Netlogon - ok
16:54:13.0252 4232 Netman - ok
16:54:13.0252 4232 netprofm - ok
16:54:13.0268 4232 NetTcpPortSharing - ok
16:54:13.0268 4232 nfrd960 - ok
16:54:13.0268 4232 NlaSvc - ok
16:54:13.0284 4232 Npfs - ok
16:54:13.0284 4232 nsi - ok
16:54:13.0284 4232 nsiproxy - ok
16:54:13.0299 4232 Ntfs - ok
16:54:13.0299 4232 Null - ok
16:54:13.0299 4232 nvraid - ok
16:54:13.0315 4232 nvstor - ok
16:54:13.0315 4232 nv_agp - ok
16:54:13.0330 4232 odserv - ok
16:54:13.0330 4232 ohci1394 - ok
16:54:13.0393 4232 OpenVPNService (ec322186d8fce3d632f3f597d67747dd) D:\Programms on D\OpenVPN\bin\openvpnserv.exe
16:54:13.0440 4232 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
16:54:13.0440 4232 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
16:54:13.0440 4232 ose - ok
16:54:13.0455 4232 OXSDIDRV_x64 - ok
16:54:13.0471 4232 OXUDIDRV - ok
16:54:13.0471 4232 p2pimsvc - ok
16:54:13.0471 4232 p2psvc - ok
16:54:13.0486 4232 Parport - ok
16:54:13.0486 4232 partmgr - ok
16:54:13.0486 4232 PassThru Service - ok
16:54:13.0502 4232 PcaSvc - ok
16:54:13.0502 4232 pci - ok
16:54:13.0502 4232 pciide - ok
16:54:13.0518 4232 pcmcia - ok
16:54:13.0518 4232 pcw - ok
16:54:13.0518 4232 PEAUTH - ok
16:54:13.0533 4232 PerfHost - ok
16:54:13.0549 4232 pla - ok
16:54:13.0549 4232 PlugPlay - ok
16:54:13.0549 4232 Pml Driver HPZ12 - ok
16:54:13.0564 4232 PNRPAutoReg - ok
16:54:13.0564 4232 PNRPsvc - ok
16:54:13.0564 4232 PolicyAgent - ok
16:54:13.0580 4232 Power - ok
16:54:13.0580 4232 PptpMiniport - ok
16:54:13.0580 4232 Processor - ok
16:54:13.0596 4232 ProfSvc - ok
16:54:13.0596 4232 ProtectedStorage - ok
16:54:13.0596 4232 Psched - ok
16:54:13.0611 4232 ql2300 - ok
16:54:13.0611 4232 ql40xx - ok
16:54:13.0611 4232 QWAVE - ok
16:54:13.0627 4232 QWAVEdrv - ok
16:54:13.0627 4232 RasAcd - ok
16:54:13.0627 4232 RasAgileVpn - ok
16:54:13.0642 4232 RasAuto - ok
16:54:13.0642 4232 Rasl2tp - ok
16:54:13.0642 4232 RasMan - ok
16:54:13.0658 4232 RasPppoe - ok
16:54:13.0658 4232 RasSstp - ok
16:54:13.0658 4232 rdbss - ok
16:54:13.0674 4232 rdpbus - ok
16:54:13.0674 4232 RDPCDD - ok
16:54:13.0674 4232 RDPENCDD - ok
16:54:13.0689 4232 RDPREFMP - ok
16:54:13.0689 4232 RDPWD - ok
16:54:13.0705 4232 rdyboost - ok
16:54:13.0720 4232 RemoteAccess - ok
16:54:13.0736 4232 RemoteRegistry - ok
16:54:13.0736 4232 RFCOMM - ok
16:54:13.0736 4232 RpcEptMapper - ok
16:54:13.0752 4232 RpcLocator - ok
16:54:13.0752 4232 RpcSs - ok
16:54:13.0752 4232 rspndr - ok
16:54:13.0767 4232 RSUSBSTOR - ok
16:54:13.0767 4232 RTL8167 - ok
16:54:13.0767 4232 RtsUIR - ok
16:54:13.0798 4232 SafeBox - ok
16:54:13.0814 4232 SamSs - ok
16:54:13.0830 4232 sbp2port - ok
16:54:13.0845 4232 SCardSvr - ok
16:54:13.0845 4232 scfilter - ok
16:54:13.0861 4232 Schedule - ok
16:54:13.0861 4232 SCPolicySvc - ok
16:54:13.0861 4232 SDRSVC - ok
16:54:13.0876 4232 secdrv - ok
16:54:13.0876 4232 seclogon - ok
16:54:13.0892 4232 SENS - ok
16:54:13.0892 4232 SensrSvc - ok
16:54:13.0892 4232 Serenum - ok
16:54:13.0908 4232 Serial - ok
16:54:13.0908 4232 sermouse - ok
16:54:13.0923 4232 SessionEnv - ok
16:54:13.0923 4232 sffdisk - ok
16:54:13.0939 4232 sffp_mmc - ok
16:54:13.0939 4232 sffp_sd - ok
16:54:13.0954 4232 sfloppy - ok
16:54:13.0970 4232 SharedAccess - ok
16:54:13.0970 4232 ShellHWDetection - ok
16:54:13.0986 4232 SiSRaid2 - ok
16:54:13.0986 4232 SiSRaid4 - ok
16:54:13.0986 4232 Smb - ok
16:54:14.0001 4232 SNMPTRAP - ok
16:54:14.0017 4232 spldr - ok
16:54:14.0017 4232 Spooler - ok
16:54:14.0017 4232 sppsvc - ok
16:54:14.0032 4232 sppuinotify - ok
16:54:14.0032 4232 sptd - ok
16:54:14.0048 4232 SQLBrowser - ok
16:54:14.0048 4232 SQLWriter - ok
16:54:14.0048 4232 srv - ok
16:54:14.0064 4232 srv2 - ok
16:54:14.0064 4232 srvnet - ok
16:54:14.0064 4232 SSDPSRV - ok
16:54:14.0079 4232 SstpSvc - ok
16:54:14.0079 4232 StarOpen - ok
16:54:14.0079 4232 stexstor - ok
16:54:14.0095 4232 stisvc - ok
16:54:14.0095 4232 swenum - ok
16:54:14.0110 4232 swprv - ok
16:54:14.0110 4232 SysMain - ok
16:54:14.0110 4232 TabletInputService - ok
16:54:14.0126 4232 tap0901 - ok
16:54:14.0126 4232 taphss - ok
16:54:14.0142 4232 TapiSrv - ok
16:54:14.0142 4232 TBS - ok
16:54:14.0142 4232 Tcpip - ok
16:54:14.0157 4232 TCPIP6 - ok
16:54:14.0157 4232 tcpipreg - ok
16:54:14.0173 4232 TDPIPE - ok
16:54:14.0173 4232 TDTCP - ok
16:54:14.0188 4232 tdx - ok
16:54:14.0188 4232 TeamViewer6 - ok
16:54:14.0188 4232 TermDD - ok
16:54:14.0204 4232 TermService - ok
16:54:14.0204 4232 Themes - ok
16:54:14.0220 4232 THREADORDER - ok
16:54:14.0220 4232 TrkWks - ok
16:54:14.0220 4232 truecrypt - ok
16:54:14.0235 4232 trufos - ok
16:54:14.0235 4232 TrustedInstaller - ok
16:54:14.0251 4232 tssecsrv - ok
16:54:14.0251 4232 TsUsbFlt - ok
16:54:14.0251 4232 tunnel - ok
16:54:14.0266 4232 TurboB - ok
16:54:14.0266 4232 TurboBoost - ok
16:54:14.0266 4232 uagp35 - ok
16:54:14.0282 4232 udfs - ok
16:54:14.0298 4232 UI0Detect - ok
16:54:14.0298 4232 uliagpkx - ok
16:54:14.0298 4232 umbus - ok
16:54:14.0313 4232 UmPass - ok
16:54:14.0313 4232 UNS - ok
16:54:14.0329 4232 Update Server - ok
16:54:14.0329 4232 UPDATESRV - ok
16:54:14.0329 4232 upnphost - ok
16:54:14.0344 4232 usbccgp - ok
16:54:14.0344 4232 USBCCID - ok
16:54:14.0344 4232 usbcir - ok
16:54:14.0360 4232 usbehci - ok
16:54:14.0360 4232 usbhub - ok
16:54:14.0376 4232 usbohci - ok
16:54:14.0376 4232 usbprint - ok
16:54:14.0376 4232 usbscan - ok
16:54:14.0391 4232 USBSTOR - ok
16:54:14.0391 4232 usbuhci - ok
16:54:14.0407 4232 usbvideo - ok
16:54:14.0407 4232 usb_rndisx - ok
16:54:14.0407 4232 UxSms - ok
16:54:14.0422 4232 VaultSvc - ok
16:54:14.0422 4232 vdrvroot - ok
16:54:14.0438 4232 vds - ok
16:54:14.0438 4232 vga - ok
16:54:14.0438 4232 VgaSave - ok
16:54:14.0454 4232 vhdmp - ok
16:54:14.0454 4232 viaide - ok
16:54:14.0454 4232 VMnetAdapter - ok
16:54:14.0469 4232 volmgr - ok
16:54:14.0469 4232 volmgrx - ok
16:54:14.0485 4232 volsnap - ok
16:54:14.0485 4232 vsmraid - ok
16:54:14.0485 4232 VSS - ok
16:54:14.0500 4232 VSSERV - ok
16:54:14.0500 4232 vwifibus - ok
16:54:14.0516 4232 vwififlt - ok
16:54:14.0516 4232 vwifimp - ok
16:54:14.0532 4232 W32Time - ok
16:54:14.0547 4232 WacomPen - ok
16:54:14.0547 4232 WANARP - ok
16:54:14.0563 4232 Wanarpv6 - ok
16:54:14.0563 4232 WatAdminSvc - ok
16:54:14.0578 4232 wbengine - ok
16:54:14.0578 4232 WbioSrvc - ok
16:54:14.0578 4232 wcncsvc - ok
16:54:14.0594 4232 WcsPlugInService - ok
16:54:14.0594 4232 Wd - ok
16:54:14.0610 4232 Wdf01000 - ok
16:54:14.0610 4232 WdiServiceHost - ok
16:54:14.0610 4232 WdiSystemHost - ok
16:54:14.0625 4232 WebClient - ok
16:54:14.0625 4232 Wecsvc - ok
16:54:14.0625 4232 wercplsupport - ok
16:54:14.0641 4232 WerSvc - ok
16:54:14.0641 4232 WfpLwf - ok
16:54:14.0656 4232 WIMMount - ok
16:54:14.0656 4232 WinDefend - ok
16:54:14.0672 4232 WinHttpAutoProxySvc - ok
16:54:14.0672 4232 Winmgmt - ok
16:54:14.0688 4232 WinRM - ok
16:54:14.0703 4232 WinUsb - ok
16:54:14.0703 4232 Wlansvc - ok
16:54:14.0719 4232 wltrysvc - ok
16:54:14.0719 4232 WmiAcpi - ok
16:54:14.0734 4232 wmiApSrv - ok
16:54:14.0734 4232 WMPNetworkSvc - ok
16:54:14.0750 4232 WPCSvc - ok
16:54:14.0750 4232 WPDBusEnum - ok
16:54:14.0766 4232 ws2ifsl - ok
16:54:14.0766 4232 wscsvc - ok
16:54:14.0766 4232 WSearch - ok
16:54:14.0781 4232 wuauserv - ok
16:54:14.0781 4232 WudfPf - ok
16:54:14.0797 4232 WUDFRd - ok
16:54:14.0797 4232 wudfsvc - ok
16:54:14.0812 4232 WwanSvc - ok
16:54:14.0922 4232 MBR (0x1B8) (9c58313c5dda6d94904a3d60ad87b6bb) \Device\Harddisk0\DR0
16:54:15.0374 4232 \Device\Harddisk0\DR0 - ok
16:54:15.0405 4232 Boot (0x1200) (ce5930b5af712151cfbbdaa1e8996462) \Device\Harddisk0\DR0\Partition0
16:54:15.0405 4232 \Device\Harddisk0\DR0\Partition0 - ok
16:54:15.0421 4232 Boot (0x1200) (88c00ba5a2c917a641baac3e772e9da2) \Device\Harddisk0\DR0\Partition1
16:54:15.0421 4232 \Device\Harddisk0\DR0\Partition1 - ok
16:54:15.0436 4232 Boot (0x1200) (aaf3344367bc569512b78f78128a8302) \Device\Harddisk0\DR0\Partition2
16:54:15.0436 4232 \Device\Harddisk0\DR0\Partition2 - ok
16:54:15.0436 4232 ============================================================
16:54:15.0436 4232 Scan finished
16:54:15.0436 4232 ============================================================
16:54:15.0452 4540 Detected object count: 1
16:54:15.0452 4540 Actual detected object count: 1
16:54:36.0216 4540 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:36.0216 4540 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
07.05.2012, 18:57
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2012, 09:56
| #23 |
| | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Combofix Logfile: Code:
ATTFilter ComboFix 12-05-08.01 - Bro 08.05.2012 10:29:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3956.2461 [GMT 2:00]
Running from: c:\users\Bro\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1334921041.bdinstall.bin
c:\programdata\Dell
c:\programdata\Dell\DellDock\BaseCategories.xml
c:\programdata\Dell\DellDock\ClearedDesktopShortcuts\Dell Support Center.lnk.xml
c:\programdata\Dell\DellDock\error_log.txt
c:\programdata\Dell\DellDock\images\aol_icon.jpg
c:\programdata\Dell\DellDock\images\Cozi.png
c:\programdata\Dell\DellDock\images\datasafe_32x32.jpg
c:\programdata\Dell\DellDock\images\DellSupportCenter_icon.jpg
c:\programdata\Dell\DellDock\images\dra.png
c:\programdata\Dell\DellDock\images\earthlink_icon.png
c:\programdata\Dell\DellDock\images\ebay_32x32.png
c:\programdata\Dell\DellDock\images\GDS_32x32.png
c:\programdata\Dell\DellDock\images\globe-32x32.png
c:\programdata\Dell\DellDock\images\McAfee_32x32.JPG
c:\programdata\Dell\DellDock\images\netzero_icon.png
c:\programdata\Dell\DellDock\images\norton_32x32.PNG
c:\programdata\Dell\DellDock\images\pccilin_32x32.png
c:\programdata\Dell\DellDock\images\peoplepc.PNG
c:\programdata\Dell\DellDock\images\windows_logo.png
c:\programdata\Dell\DellDock\images\wt.PNG
c:\programdata\Dell\DellDock\Shortcuts\cozi.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-livemgr.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-skype.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\Shortcuts\games-ddsgames.xml
c:\programdata\Dell\DellDock\Shortcuts\games-wtgames.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-ddshelp.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-dellsupportcenter.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-Dellmobilemanager.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-peoplepc.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-remoteaccess.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\Shortcuts\music-ddsmusic.xml
c:\programdata\Dell\DellDock\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\Shortcuts\music-sbaudigy.xml
c:\programdata\Dell\DellDock\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\Shortcuts\music-zingspot.xml
c:\programdata\Dell\DellDock\Shortcuts\office-cozical.xml
c:\programdata\Dell\DellDock\Shortcuts\office-ddsoffice.xml
c:\programdata\Dell\DellDock\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\Shortcuts\security-datalocal.xml
c:\programdata\Dell\DellDock\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\Shortcuts\security-failsafe.xml
c:\programdata\Dell\DellDock\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\Shortcuts\security-lojack.xml
c:\programdata\Dell\DellDock\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\Shortcuts\security-trendm.xml
c:\programdata\Dell\DellDock\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-cinemanowxp.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-ddsmovies.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\startup_log.txt
c:\programdata\Dell\DellDock\uninstaller.exe
c:\programdata\Dell\DellDock\uninstaller.xml
c:\programdata\Dell\DSL\DSLCheck.exe
c:\programdata\Dell\QuickSet\QSEBLSHARE
c:\programdata\Dell\RMC\DataSafeDashBoard.xml
c:\programdata\Dell\RMC\Libxml2.dll
c:\programdata\Dell\RMC\RMCCreationInfo.exe
c:\programdata\Dell\RMC\ZLib1.dll
c:\users\Bro\AppData\Roaming\1&1
c:\users\Bro\AppData\Roaming\Dell
c:\users\Bro\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\chassis.txt
c:\users\Bro\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\messagesFeed.xml
c:\users\Bro\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\status.txt
c:\users\Bro\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\tile_event.xml
c:\users\Bro\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\tile_hover_images.txt
c:\windows\IsUn0407.exe
c:\windows\SysWow64\lsprst7.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 08:36 . 2012-05-08 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 08:36 . 2012-05-08 08:36 -------- d-----w- c:\users\AMS User\AppData\Local\temp
2012-05-07 16:32 . 2012-05-07 16:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-07 16:32 . 2012-05-07 16:32 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-07 16:32 . 2012-05-07 16:32 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-07 13:24 . 2012-05-07 13:24 -------- d-----w- C:\_OTL
2012-05-03 07:47 . 2012-05-03 07:47 -------- d-----w- c:\users\Bro\AppData\Roaming\Malwarebytes
2012-05-03 07:46 . 2012-05-03 07:46 -------- d-----w- c:\programdata\Malwarebytes
2012-05-03 07:46 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 08:25 . 2012-04-29 08:25 -------- d-----w- c:\users\Bro\AppData\Roaming\tor
2012-04-29 08:24 . 2012-04-29 08:26 -------- d-----w- c:\users\Bro\AppData\Local\Vidalia
2012-04-20 12:14 . 2012-04-20 12:14 -------- d-----w- c:\programdata\BDLogging
2012-04-20 12:10 . 2012-04-20 12:10 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-04-20 12:09 . 2012-04-20 12:09 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-04-20 12:09 . 2012-04-20 12:09 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-04-20 12:07 . 2012-04-20 12:07 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-04-20 12:07 . 2012-04-20 12:07 90192 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys
2012-04-20 12:07 . 2012-04-20 12:07 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-04-20 12:07 . 2012-04-20 12:07 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-04-20 11:39 . 2012-04-20 11:39 -------- d-----w- C:\BDLOGS
2012-04-20 11:35 . 2012-04-20 11:39 -------- d-----w- c:\users\Bro\AppData\Roaming\Bitdefender
2012-04-20 11:35 . 2012-04-20 11:36 -------- d-----w- c:\programdata\Bitdefender
2012-04-20 11:24 . 2012-04-20 11:27 -------- d-----w- c:\program files\Bitdefender
2012-04-17 08:58 . 2012-05-07 13:06 -------- d-----w- c:\users\Bro\AppData\Roaming\vlc
2012-04-14 07:38 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-14 07:38 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-14 07:38 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-14 07:35 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 07:35 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 07:35 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-14 07:35 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 07:35 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 07:35 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-14 07:35 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-20 11:15 . 2011-04-23 06:57 552497 ----a-w- c:\programdata\bdinstall.bin
2012-04-14 14:08 . 2012-04-07 14:11 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 14:08 . 2011-05-21 12:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-14 12:49 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 12:49 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 12:49 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 12:49 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 12:50 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 12:50 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="d:\programms on d\TrueCrypt.exe" [2011-07-31 1496528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="d:\programms on d\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"mcagent_exe"=c:\program files (x86)\McAfee.com\Agent\mcagent.exe /runkey
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe"
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-22 1038088]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976]
R3 ncplelhp;LANCOM Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [x]
R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys [x]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-04-20 75384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2012-04-20 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-04-20 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-04-20 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-01-12 168448]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-01-12 131072]
S2 MBAMService;MBAMService;d:\programms on d\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-04-20 66096]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:08]
.
2012-04-19 c:\windows\Tasks\GlaryInitialize.job
- d:\programms on d\Glary Utilities\initialize.exe [2010-12-12 19:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Bro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-04-20 12:08 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-04-20 12:08 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-04-20 12:08 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-04-20 12:08 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-04-20 1067256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\23a5mxjj.Tor2\
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-GoToAssist - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"=hex:51,66,7a,6c,4c,1d,38,12,86,fe,0c,
3c,a6,6d,fe,0a,ce,1b,bf,21,21,fa,4b,98
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:da,80,27,27,11,51,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-08 10:39:57
ComboFix-quarantined-files.txt 2012-05-08 08:39
.
Pre-Run: 7.553.474.560 bytes free
Post-Run: 7.278.718.976 bytes free
.
- - End Of File - - 4435BA78AD5CC2C466DE51C7A12D9A42
|
|
08.05.2012, 11:25
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2012, 11:51
| #25 |
| | 3 Infektionen mit Malwarebytes gefunden. Noch mehr?Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-08 12:41:53
-----------------------------
12:41:53.420 OS Version: Windows x64 6.1.7601 Service Pack 1
12:41:53.420 Number of processors: 4 586 0x2502
12:41:53.421 ComputerName: DELL UserName: Bro
12:41:54.735 Initialize success
12:43:25.377 AVAST engine defs: 12050800
12:43:45.884 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:43:45.886 Disk 0 Vendor: WDC_WD5000BEVT-75ZAT0 01.01A01 Size: 476940MB BusType: 11
12:43:45.900 Disk 0 MBR read successfully
12:43:45.903 Disk 0 MBR scan
12:43:45.908 Disk 0 unknown MBR code
12:43:45.921 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
12:43:45.932 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
12:43:45.949 Disk 0 Partition 3 00 07 HPFS/NTFS 60000 MB offset 20686848
12:43:45.955 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848
12:43:45.993 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406837 MB offset 143568896
12:43:46.000 Disk 0 scanning C:\Windows\system32\drivers
12:43:46.003 Service scanning
12:44:12.989 Modules scanning
12:44:12.997 Disk 0 trace - called modules:
12:44:13.033 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:44:13.037 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0f060]
12:44:13.043 3 CLASSPNP.SYS[fffff88001b6943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004935060]
12:44:14.420 AVAST engine scan C:\Windows
12:44:14.440 AVAST engine scan C:\Windows\system32
12:44:14.450 AVAST engine scan C:\Windows\system32\drivers
12:44:14.458 AVAST engine scan C:\Users\Bro
12:44:14.465 AVAST engine scan C:\ProgramData
12:44:14.470 Scan finished successfully
12:44:25.848 Disk 0 MBR has been saved successfully to "C:\Users\Bro\Desktop\MBR.dat"
12:44:25.851 The log file has been saved successfully to "C:\Users\Bro\Desktop\aswMBR.txt"
|
|
08.05.2012, 12:11
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2012, 15:54
| #27 |
| | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Hi, ich habe meine Systempartition C mit Truecrypt verschluesselt, also sollte ich das besser lassen, oder? |
|
08.05.2012, 17:50
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Ja, dann lass bitte! Du hast dir aber schon die Dokumentation zu TruCrypt durchgelesen? Du musst im Falle einer Vollverschlüsselung der Systempartition auf jeden Fall für Notfälle die Trucrypt Rescue Disk da haben! TrueCrypt - Free Open-Source Disk Encryption - Documentation - Rescue Disk
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2012, 18:24
| #29 |
| | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Ja, die hab ich. Ich hab soweit versucht, allen Deinen Schritten zu folgen und alle logfiles aufmerksam gelesen. Dennoch hab ich ein paar Fragen:  1. Ist die "Saeuberung" damit jetzt abgeschlossen? 2. Soweit ich es verstanden habe, war der Rechner mit 3 Objekten infiziert (PUM.Hijack.StartMenu und 2xPUP.MyWebSearch). Ich hab viel gegoogled und hier im Forum geschaut, aber bin nicht schlau daraus geworden, was die Dinger machen??? Jeder hat von anderen Symptomen berichtet. Kannst Du mir sagen, was genau die mit meinem Rechner angestellt haben koennten?? Screenshots oder Tasteneingabe uebertragen oder so was? 3. Soll ich die Objekte in der Malwarebytes-Quarantaene lassen, oder loeschen? 4. Kann ich mir sicher sein, dass der Rechner jetzt "objektfrei" ist, obwohl ich nicht alle Schritte ausfuehren konnte? 5. Oder soll ich sicherheitshalber das System neuaufsetzen? Sorry fuer die nervigen Fragen, aber ich versuch immerhin dazuzulernen...  |
|
08.05.2012, 18:29
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3 Infektionen mit Malwarebytes gefunden. Noch mehr? Die Fragen beantworte ich später Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu 3 Infektionen mit Malwarebytes gefunden. Noch mehr? |
| acrobat update, ad-aware, adobe, adobe flash player, defender, device driver, excel, explorer, firefox, firewall, flash player, helper, home, hook, hängen, monitor, mozilla, notification, pdf, plug-in, preferences, realtek, scan, schutz, security, software, svchost.exe, system, windows, windows 7 home, wlan |
Linear-Darstellung
