| |
| |||||||
Log-Analyse und Auswertung: BKA Trojaner,Auswertung von Log OTLWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.05.2012, 09:30
| #1 |
 |  BKA Trojaner,Auswertung von Log OTL HI und Gruss an alle.Ich habe mich hier angemeldet,da ich jetzt nicht weiterkomme.Mein Prblem: vor 3 Tagen habe ich eine Mail erhalten in der wurde ich angeblich Elite-Mitglied (wo weiss ich auch nicht mehr)und sollte 270 Euro zahlen.Diese werden in wenigen Tagen abgebucht(vom Konto).Ich habe auf so einen Schrott nicht reagiert und die Mail gelöscht.Gestern war wieder was in meiner Mail und zwar eine Mahnung mit Anhang(kleine Zip-Datei).Jetzt habe ich den Fehler gemacht, mir mal die Datei entpackt und angeguckt.Komisch war das ich die Zip entpackt habe und erhalten habe ich eine zweite Zip zum entpacken. Diese habe ich auch entpackt und eine Datei erhalten.Doch als ich diese öffnen wollte wurde mein Bildschirm kurz schwarz.Ich habe schnell mein Lankabel gezogen und mein Bildschirm wurde normal.Ich habe dann " malware antibytes und comodo internet security" durchlaufen lassen.Beide haben nichts gefunden,doch während des Scans wurde mein Rechner gesperrt und ich wurde aufgefordert 100 Euro zu zahlen um ihn wieder frei zu machen.Der Screen sah aus wie auf der seite hier : hxxp://bka-trojaner.de/ ähnlich Bild 1.02. Ich habe dann versucht den Taskmanager zu starten,doch ich konnte auf keine Anwendung wechseln.Als ich aber mich Abmelden wollte ,war alles vorbei und und normal(bis jetzt).Ich Traue hier den Frieden nicht.Ich wollte dann mit "Kaspersky WindowsUnlocker" mal das System prüfen,doch das geht nicht.Da mein Brenner defekt ist und über USB geht das bei mir auch nicht.Jetzt habe ich mal " OTL.EXE" gesaugt und durchlaufen lassen,hier die LOGs bzw. nur einer ,da der 2.Log (OTL) zu gross zum anhängen ist(100kb). Kann mir bitte jemand helfen? gruss HI,ich habe noch was versucht ,aber bin nicht sicher ob jetzt alles wieder ok ist. Ich habe die "kaspersky rescue disk" vom Freund besorgt,läuft bei mir nicht(da ich ein Raid habe.)Habe dann das mit der" AVG Rescue CD" versucht,diese läuft bei mir.Doch hat sie nichts gefunden.Habes auch mit "Trojan Remover" versucht,dieser findet auch nichts.Entweder ist der BKA Trojaner gut versteckt oder etwas hat ihn gelöscht!?Ach ja hier noch beide OTL Logs. |
|
29.05.2012, 15:19
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BKA Trojaner,Auswertung von Log OTL Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
29.05.2012, 19:40
| #3 |
| | BKA Trojaner,Auswertung von Log OTL Hi,danke für antwort
__________________Hier der Log: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.29.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: ****** [Administrator] Schutz: Aktiviert 29.05.2012 19:03:49 mbam-log-2012-05-29 (19-03-49).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354608 Laufzeit: 1 Stunde(n), 3 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) gruss hi,ich hoffe ich habe alles richtig gemacht,ESET Online Scanner hat von 0 bis 99% 15 min gebraucht und von 99 auf 100% über 2 stunden!!?? gruss Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b8820979083c084492d9259c10c3d952
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-29 08:58:11
# local_time=2012-05-29 10:58:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 71 16666 14006994 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 4334603 89947230 0 0
# compatibility_mode=8192 67108863 100 0 479 479 0 0
# scanned=140315
# found=0
# cleaned=0
# scan_time=7710
|
|
30.05.2012, 09:44
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner,Auswertung von Log OTL Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.05.2012, 16:42
| #5 |
| | BKA Trojaner,Auswertung von Log OTL hi,ja habe ich!!Alle?das sind aber echt viele,das sind erst ma die letzten 10,weil sind noch so umd ie 50stück! gruss Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.09.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: MK-13-PC [Administrator] Schutz: Aktiviert 10.04.2012 00:34:13 mbam-log-2012-04-10 (00-34-13).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 34482 Laufzeit: 2 Minute(n), 38 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: MK-13-PC [Administrator] Schutz: Aktiviert 26.05.2012 21:47:02 mbam-log-2012-05-26 (21-47-02).txt Art des Suchlaufs: Benutzerdefinierter Suchlauf Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P Durchsuchte Objekte: 1 Laufzeit: 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: MK-13-PC [Administrator] Schutz: Aktiviert 26.05.2012 22:13:05 mbam-log-2012-05-26 (22-13-05).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355169 Laufzeit: 1 Stunde(n), 31 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: MK-13-PC [Administrator] Schutz: Aktiviert 26.05.2012 23:45:20 mbam-log-2012-05-26 (23-45-20).txt Art des Suchlaufs: Benutzerdefinierter Suchlauf Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P Durchsuchte Objekte: 0 Laufzeit: 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: MK-13-PC [Administrator] Schutz: Aktiviert 27.05.2012 08:37:36 mbam-log-2012-05-27 (08-37-36).txt Art des Suchlaufs: Flash-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P Durchsuchte Objekte: 188917 Laufzeit: 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: MK-13-PC [Administrator] Schutz: Aktiviert 27.05.2012 08:39:35 mbam-log-2012-05-27 (08-39-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228374 Laufzeit: 5 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.27.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: MK-13-PC [Administrator] Schutz: Aktiviert 27.05.2012 15:02:47 mbam-log-2012-05-27 (15-02-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229833 Laufzeit: 12 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.27.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: MK-13-PC [Administrator] Schutz: Aktiviert 27.05.2012 22:50:05 mbam-log-2012-05-27 (22-50-05).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354318 Laufzeit: 1 Stunde(n), 2 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: MK-13-PC [Administrator] Schutz: Aktiviert 28.05.2012 10:38:43 mbam-log-2012-05-28 (10-38-43).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354762 Laufzeit: 1 Stunde(n), 7 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.29.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mk-13 :: ****** [Administrator] Schutz: Aktiviert 29.05.2012 19:03:49 mbam-log-2012-05-29 (19-03-49).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354608 Laufzeit: 1 Stunde(n), 3 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 2012/04/10 00:30:31 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/10 00:30:34 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/10 00:30:37 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/10 00:30:40 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/10 00:31:30 +0200 MK-13-PC mk-13 MESSAGE Starting database refresh 2012/04/10 00:31:30 +0200 MK-13-PC mk-13 MESSAGE Stopping IP protection 2012/04/10 00:34:14 +0200 MK-13-PC mk-13 MESSAGE IP Protection stopped 2012/04/10 00:34:17 +0200 MK-13-PC mk-13 MESSAGE Database refreshed successfully 2012/04/10 00:34:17 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/10 00:34:21 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/10 07:32:05 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/10 07:32:09 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/10 07:32:12 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/10 07:32:16 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/10 07:38:27 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/10 07:38:30 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/10 07:38:33 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/10 07:38:37 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/10 07:44:30 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/10 07:44:34 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/10 07:44:37 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/10 07:44:41 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/10 09:27:54 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/10 09:27:56 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/10 09:27:59 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/10 09:28:03 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/10 10:25:53 +0200 MK-13-PC mk-13 MESSAGE Stopping IP protection 2012/04/10 10:29:44 +0200 MK-13-PC mk-13 MESSAGE IP Protection stopped 2012/04/10 10:37:24 +0200 MK-13-PC mk-13 MESSAGE Executing scheduled update: Daily 2012/04/10 10:37:33 +0200 MK-13-PC mk-13 MESSAGE Scheduled update executed successfully: database updated from version v2012.04.09.07 to version v2012.04.10.03 2012/04/10 10:37:33 +0200 MK-13-PC mk-13 MESSAGE Starting database refresh 2012/04/10 10:37:37 +0200 MK-13-PC mk-13 MESSAGE Database refreshed successfully 2012/04/10 13:36:28 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/10 13:36:31 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/10 13:36:34 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/10 13:36:37 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/10 13:42:38 +0200 MK-13-PC mk-13 MESSAGE Stopping IP protection 2012/04/10 13:45:30 +0200 MK-13-PC mk-13 MESSAGE IP Protection stopped 2012/04/11 07:20:54 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/11 07:20:57 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/11 07:21:00 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/11 07:21:04 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/11 12:33:34 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/11 12:33:36 +0200 MK-13-PC mk-13 MESSAGE Executing scheduled update: Daily 2012/04/11 12:33:38 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/11 12:33:41 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/11 12:33:44 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/11 12:33:46 +0200 MK-13-PC mk-13 MESSAGE Starting database refresh 2012/04/11 12:33:46 +0200 MK-13-PC mk-13 MESSAGE Scheduled update executed successfully: database updated from version v2012.04.10.03 to version v2012.04.11.01 2012/04/11 12:33:46 +0200 MK-13-PC mk-13 MESSAGE Stopping IP protection 2012/04/11 12:36:19 +0200 MK-13-PC mk-13 MESSAGE IP Protection stopped 2012/04/11 12:36:22 +0200 MK-13-PC mk-13 MESSAGE Database refreshed successfully 2012/04/11 12:36:22 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/11 12:36:24 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/11 15:07:56 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/11 15:07:59 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/11 15:08:02 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/11 15:08:05 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/11 15:10:26 +0200 MK-13-PC mk-13 IP-BLOCK 83.128.72.208 (Type: outgoing, Port: 49171, Process: skype.exe) 2012/04/11 15:10:26 +0200 MK-13-PC mk-13 IP-BLOCK 83.128.72.208 (Type: outgoing, Port: 49172, Process: skype.exe) 2012/04/11 15:10:26 +0200 MK-13-PC mk-13 IP-BLOCK 83.128.72.208 (Type: outgoing, Port: 49173, Process: skype.exe) 2012/04/11 15:10:26 +0200 MK-13-PC mk-13 IP-BLOCK 83.128.72.208 (Type: outgoing, Port: 49174, Process: skype.exe) 2012/04/11 16:52:51 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/11 16:52:55 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/11 16:52:58 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/11 16:53:02 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/12 06:47:50 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/12 06:47:53 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/12 06:47:56 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/12 06:47:59 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/12 08:52:25 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/12 08:52:27 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/12 08:52:30 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/12 08:52:34 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/12 10:21:52 +0200 MK-13-PC mk-13 MESSAGE Executing scheduled update: Daily 2012/04/12 10:22:01 +0200 MK-13-PC mk-13 MESSAGE Scheduled update executed successfully: database updated from version v2012.04.11.01 to version v2012.04.12.02 2012/04/12 10:22:01 +0200 MK-13-PC mk-13 MESSAGE Starting database refresh 2012/04/12 10:22:01 +0200 MK-13-PC mk-13 MESSAGE Stopping IP protection 2012/04/12 10:24:46 +0200 MK-13-PC mk-13 MESSAGE IP Protection stopped 2012/04/12 10:24:55 +0200 MK-13-PC mk-13 MESSAGE Database refreshed successfully 2012/04/12 10:24:55 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/12 10:24:58 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/12 13:40:13 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/12 13:40:15 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/12 13:40:18 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/12 13:40:21 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/12 15:05:49 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/12 15:05:51 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/12 15:05:54 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/12 15:05:57 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/12 18:39:58 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/12 18:40:01 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/12 18:40:04 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/12 18:40:08 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/13 06:30:26 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/13 06:30:29 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/13 06:30:32 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/13 06:30:35 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/13 11:20:15 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/13 11:20:15 +0200 MK-13-PC mk-13 MESSAGE Executing scheduled update: Daily 2012/04/13 11:20:19 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/13 11:20:22 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/13 11:20:26 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/13 11:20:28 +0200 MK-13-PC mk-13 MESSAGE Starting database refresh 2012/04/13 11:20:28 +0200 MK-13-PC mk-13 MESSAGE Scheduled update executed successfully: database updated from version v2012.04.12.02 to version v2012.04.13.02 2012/04/13 11:20:28 +0200 MK-13-PC mk-13 MESSAGE Stopping IP protection 2012/04/13 11:23:13 +0200 MK-13-PC mk-13 MESSAGE IP Protection stopped 2012/04/13 11:23:17 +0200 MK-13-PC mk-13 MESSAGE Database refreshed successfully 2012/04/13 11:23:17 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/13 11:23:21 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/13 11:45:05 +0200 MK-13-PC mk-13 MESSAGE Stopping IP protection 2012/04/13 11:48:30 +0200 MK-13-PC mk-13 MESSAGE IP Protection stopped 2012/04/13 14:49:40 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/13 14:49:42 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/13 14:49:45 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/13 14:49:48 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/14 07:25:17 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/14 07:25:19 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/14 07:25:22 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/14 07:25:26 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/14 08:25:25 +0200 MK-13-PC mk-13 IP-BLOCK 89.28.74.51 (Type: outgoing, Port: 49272, Process: skype.exe) 2012/04/14 08:25:25 +0200 MK-13-PC mk-13 IP-BLOCK 89.28.74.51 (Type: outgoing, Port: 49274, Process: skype.exe) 2012/04/14 08:25:25 +0200 MK-13-PC mk-13 IP-BLOCK 89.28.74.51 (Type: outgoing, Port: 49275, Process: skype.exe) 2012/04/14 08:25:25 +0200 MK-13-PC mk-13 IP-BLOCK 89.28.74.51 (Type: outgoing, Port: 49276, Process: skype.exe) 2012/04/14 10:52:29 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/14 10:52:31 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/14 10:52:34 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/14 10:52:37 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/14 10:57:58 +0200 MK-13-PC mk-13 MESSAGE Executing scheduled update: Daily 2012/04/14 10:58:10 +0200 MK-13-PC mk-13 MESSAGE Scheduled update executed successfully: database updated from version v2012.04.13.02 to version v2012.04.14.02 2012/04/14 10:58:10 +0200 MK-13-PC mk-13 MESSAGE Starting database refresh 2012/04/14 10:58:10 +0200 MK-13-PC mk-13 MESSAGE Stopping IP protection 2012/04/14 11:02:12 +0200 MK-13-PC mk-13 MESSAGE IP Protection stopped 2012/04/14 11:02:27 +0200 MK-13-PC mk-13 MESSAGE Database refreshed successfully 2012/04/14 11:02:27 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/14 11:02:30 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/14 18:45:20 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/14 18:45:23 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/14 18:45:26 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/14 18:45:29 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/15 07:21:43 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/15 07:21:47 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/15 07:21:50 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/15 07:21:53 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/15 10:14:26 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/15 10:14:29 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/15 10:14:32 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/15 10:14:35 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/15 10:18:04 +0200 MK-13-PC mk-13 MESSAGE Stopping IP protection 2012/04/15 10:21:27 +0200 MK-13-PC mk-13 MESSAGE IP Protection stopped 2012/04/15 15:51:58 +0200 MK-13-PC mk-13 MESSAGE Starting protection 2012/04/15 15:52:01 +0200 MK-13-PC mk-13 MESSAGE Protection started successfully 2012/04/15 15:52:04 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/15 15:52:07 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully 2012/04/15 16:00:42 +0200 MK-13-PC mk-13 MESSAGE Executing scheduled update: Daily 2012/04/15 16:00:52 +0200 MK-13-PC mk-13 MESSAGE Starting database refresh 2012/04/15 16:00:52 +0200 MK-13-PC mk-13 MESSAGE Scheduled update executed successfully: database updated from version v2012.04.14.02 to version v2012.04.15.03 2012/04/15 16:00:52 +0200 MK-13-PC mk-13 MESSAGE Stopping IP protection 2012/04/15 16:03:49 +0200 MK-13-PC mk-13 MESSAGE IP Protection stopped 2012/04/15 16:03:52 +0200 MK-13-PC mk-13 MESSAGE Database refreshed successfully 2012/04/15 16:03:52 +0200 MK-13-PC mk-13 MESSAGE Starting IP protection 2012/04/15 16:03:55 +0200 MK-13-PC mk-13 MESSAGE IP Protection started successfully |
|
30.05.2012, 20:39
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner,Auswertung von Log OTLZitat:
Mach danach ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> BKA Trojaner,Auswertung von Log OTL |
|
30.05.2012, 20:56
| #7 |
| | BKA Trojaner,Auswertung von Log OTL hi,ja mache ich morgen dauer ja länger. warum ist comodo nicht gut,oder soll ich was anderes nehmen? was denkst du ist was bei mir aufn rechner? gruss |
|
30.05.2012, 21:11
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner,Auswertung von Log OTL Lies einfach mal hier, ich denke dann sollte es etwas klarer werden: Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei? personal firewalls ? Wiki ? ubuntuusers.de Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...  Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 20:34
| #9 |
| | BKA Trojaner,Auswertung von Log OTL hi,da ich nicht ganz verstanden habe,ob ich was in das otl kopieren soll,habe ich es mal mit und ohne gemacht! gruss OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.05.2012 21:06:08 - Run 3 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\mk-13\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 52,92% Memory free 4,00 Gb Paging File | 2,55 Gb Available in Paging File | 63,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,24 Gb Total Space | 24,28 Gb Free Space | 35,06% Space Free | Partition Type: NTFS Drive D: | 69,25 Gb Total Space | 43,56 Gb Free Space | 62,90% Space Free | Partition Type: NTFS Drive E: | 81,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MK-13-PC | User Name: mk-13 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\mk-13\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\V0330Mon.exe (Creative Technology Ltd.) PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation) SRV:64bit: - (RemoteRegistry) -- C:\Windows\SysNative\regsvc.dll (Microsoft Corporation) SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation) DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\drivers\V0330Vid.sys (Creative Technology Ltd.) DRV:64bit: - (GETNDIS) -- C:\Windows\SysNative\drivers\getn62a.sys (VIA Technologies, Inc. ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (SaiH0255) -- C:\Windows\SysNative\drivers\SaiH0255.sys (Saitek) DRV:64bit: - (COMMONFX.DLL) -- C:\Windows\SysNative\COMMONFX.DLL (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd) DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd) DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL (Creative Technology Ltd.) DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd) DRV:64bit: - (CTERFXFX.DLL) -- C:\Windows\SysNative\CTERFXFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTSBLFX.DLL) -- C:\Windows\SysNative\CTSBLFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTAUDFX.DLL) -- C:\Windows\SysNative\CTAUDFX.DLL (Creative Technology Ltd) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395 IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE C6 58 88 C8 58 CB 01 [binary data] IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5} IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395 IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10 FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.ssl: "ipla" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.27 18:08:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.03.07 10:57:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.16 21:19:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 21:23:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.28 10:39:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.05.27 18:08:44 | 000,000,000 | ---D | M] [2010.09.20 14:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Extensions [2012.05.30 17:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions [2011.11.12 23:20:53 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9} [2010.09.24 10:29:13 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb} [2012.05.22 07:16:07 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66} [2012.05.30 17:29:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.28 00:08:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 19:51:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.26 09:55:31 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66} [2011.01.10 13:37:25 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2012.04.28 10:39:40 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com [2012.04.28 10:43:59 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com [2012.04.15 12:58:20 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\zigboom@ymail.com [2012.05.19 23:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions [2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9} [2012.05.19 23:35:21 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb} [2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.05.19 23:35:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.19 23:35:24 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com [2012.05.19 23:35:20 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com [2012.05.19 23:35:20 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\zigboom@ymail.com [2012.05.19 23:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome [2012.04.28 10:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome [2011.03.21 16:15:10 | 000,000,931 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\conduit.xml [2011.04.08 00:11:31 | 000,003,915 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\sweetim.xml [2012.04.25 21:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.30 17:00:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.05 21:04:37 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.11 00:46:14 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2011.04.09 10:55:35 | 000,149,777 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2012.03.28 19:55:14 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI [2012.04.25 21:23:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.16 20:51:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.04.28 10:43:53 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.08 00:09:44 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Preispilot) - {E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll (Ciuvo GmbH) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\mk-13\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.) O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited) O4 - HKU\S-1-5-18..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.144.41.8 82.145.9.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46BA4379-16EF-49BC-97B3-4731536627D7}: DhcpNameServer = 82.144.41.8 82.145.9.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46BA4379-16EF-49BC-97B3-4731536627D7}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3778CD6-CEFE-4016-A729-A805BE586C35}: DhcpNameServer = 82.144.41.8 82.145.9.8 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell - "" = AutoRun O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.31 21:04:54 | 000,000,000 | ---D | C] -- C:\Users\mk-13\Desktop\Neuer Ordner [2012.05.31 20:55:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\mk-13\Desktop\OTL.exe [2012.05.31 20:50:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.29 20:43:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\mk-13\Desktop\esetsmartinstaller_enu(1).exe [2012.05.29 20:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.28 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\mk-13\Desktop\bb [2012.05.27 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\mk-13\Documents\Simply Super Software [2012.05.27 15:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\Users\mk-13\AppData\Roaming\Simply Super Software [2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.05.26 21:48:06 | 000,000,000 | ---D | C] -- C:\Users\mk-13\AppData\Roaming\Ulamni [2012.05.20 08:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gembird ========== Files - Modified Within 30 Days ========== [2012.05.31 21:02:03 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.31 21:02:03 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.31 21:02:03 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.31 21:02:03 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.31 21:02:03 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.31 21:01:02 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 21:01:02 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 20:55:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\mk-13\Desktop\OTL.exe [2012.05.31 20:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.31 20:53:08 | 1609,469,952 | -HS- | M] () -- C:\hiberfil.sys [2012.05.31 20:52:38 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012.05.31 20:52:38 | 000,034,416 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx [2012.05.31 20:52:38 | 000,034,416 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx [2012.05.31 20:52:38 | 000,030,168 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx [2012.05.31 20:52:38 | 000,030,168 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx [2012.05.31 20:52:38 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx [2012.05.31 18:56:52 | 017,821,105 | ---- | M] () -- C:\Users\mk-13\Desktop\Tu_es_Petrus_-_Niech_mowia_ze_to_nie_jest_milosc.mp4 [2012.05.31 17:09:47 | 378,060,509 | ---- | M] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIOL_MYSZKI_MIKI_6_do_10.mp4 [2012.05.30 22:37:31 | 308,203,421 | ---- | M] () -- C:\Users\mk-13\Desktop\Spotkanie_-_czytane_napisy_PL.mp4 [2012.05.29 20:43:28 | 002,322,184 | ---- | M] (ESET) -- C:\Users\mk-13\Desktop\esetsmartinstaller_enu(1).exe [2012.05.27 15:08:26 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.05.27 14:59:40 | 000,290,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.13 17:28:41 | 369,899,625 | ---- | M] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIO_MYSZKI_MIKI_1_do_5.mp4 [2012.05.08 21:04:20 | 017,171,973 | ---- | M] () -- C:\Users\mk-13\Documents\Spacer nad Bugiem. Kwiecień 2012r..MP4 [2012.05.04 21:36:35 | 000,515,850 | ---- | M] () -- C:\Users\mk-13\Desktop\Brian_Doing_the_Snoopy_Dance-_Family_Guy.mp4 ========== Files Created - No Company Name ========== [2012.05.31 18:56:43 | 017,821,105 | ---- | C] () -- C:\Users\mk-13\Desktop\Tu_es_Petrus_-_Niech_mowia_ze_to_nie_jest_milosc.mp4 [2012.05.31 17:07:51 | 378,060,509 | ---- | C] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIOL_MYSZKI_MIKI_6_do_10.mp4 [2012.05.30 22:35:59 | 308,203,421 | ---- | C] () -- C:\Users\mk-13\Desktop\Spotkanie_-_czytane_napisy_PL.mp4 [2012.05.27 15:08:26 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.05.27 15:08:22 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.05.27 15:08:22 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.05.13 17:26:51 | 369,899,625 | ---- | C] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIO_MYSZKI_MIKI_1_do_5.mp4 [2012.05.08 20:51:42 | 017,171,973 | ---- | C] () -- C:\Users\mk-13\Documents\Spacer nad Bugiem. Kwiecień 2012r..MP4 [2012.05.04 21:36:31 | 000,515,850 | ---- | C] () -- C:\Users\mk-13\Desktop\Brian_Doing_the_Snoopy_Dance-_Family_Guy.mp4 [2012.03.06 10:38:15 | 000,600,856 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.10.16 13:33:24 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.07 11:05:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.04 22:01:37 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.11 00:43:16 | 000,006,656 | ---- | C] () -- C:\Users\mk-13\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.22 15:29:40 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.09.27 23:42:10 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.09.24 00:42:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.09.20 11:51:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.07.22 22:41:17 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Atari [2010.09.28 00:31:03 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canneverbe Limited [2010.09.22 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canon [2011.07.03 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DeepBurner [2011.10.23 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Digiarty [2010.09.28 00:11:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoft [2010.09.25 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.10 23:13:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Foxit Software [2011.11.08 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Free Download Manager [2011.06.19 08:58:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\go [2011.11.06 14:54:47 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\ipla [2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\IrfanView [2012.04.28 10:43:59 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\loadtbs [2011.01.12 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Need for Speed World [2010.09.22 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OpenOffice.org [2010.10.24 11:07:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OtakuSoftware [2011.05.25 22:04:08 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PC Suite [2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PhotoFiltre [2011.08.28 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Registry Mechanic [2012.05.27 15:08:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Simply Super Software [2011.10.30 08:12:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Steganos [2012.02.04 22:19:09 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TS3Client [2012.02.12 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TuneUp Software [2012.05.26 21:48:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Ulamni [2010.09.20 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\Canon [2010.09.20 23:36:54 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\Gutscheinmieze [2010.09.20 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\OpenOffice.org [2010.09.20 23:48:32 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\TS3Client [2009.07.14 07:08:49 | 000,031,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(15).TXT [2012.05.27 18:15:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.07 16:45:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Adobe [2010.10.08 23:50:48 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Apple Computer [2011.07.22 22:41:17 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Atari [2010.10.06 23:58:12 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\ATI [2010.09.28 00:31:03 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canneverbe Limited [2010.09.22 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canon [2011.07.03 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DeepBurner [2011.10.23 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Digiarty [2010.10.12 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DivX [2010.09.28 00:11:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoft [2010.09.25 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.10 23:13:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Foxit Software [2011.11.08 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Free Download Manager [2011.06.19 08:58:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\go [2010.09.20 11:56:51 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Identities [2011.11.06 14:54:47 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\ipla [2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\IrfanView [2012.04.28 10:43:59 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\loadtbs [2010.09.21 10:39:36 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Macromedia [2012.04.10 00:29:41 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Media Center Programs [2011.03.01 23:14:13 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Media Player Classic [2012.03.07 16:45:45 | 000,000,000 | --SD | M] -- C:\Users\mk-13\AppData\Roaming\Microsoft [2010.09.20 14:49:22 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Mozilla [2011.01.12 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Need for Speed World [2010.09.22 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OpenOffice.org [2010.10.24 11:07:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OtakuSoftware [2011.05.25 22:04:08 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PC Suite [2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PhotoFiltre [2012.05.09 17:32:46 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Real [2011.08.28 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Registry Mechanic [2010.10.07 00:21:48 | 000,000,000 | RH-D | M] -- C:\Users\mk-13\AppData\Roaming\SecuROM [2012.05.27 15:08:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Simply Super Software [2012.05.31 21:05:05 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Skype [2011.05.28 17:16:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\skypePM [2011.10.30 08:12:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Steganos [2012.02.04 22:19:09 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TS3Client [2012.02.12 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TuneUp Software [2010.10.28 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\U3 [2012.05.26 21:48:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Ulamni [2010.09.24 09:12:57 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.04.28 10:43:53 | 012,697,088 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\loadtbs\ffmpeg.exe [2012.04.28 10:43:53 | 001,243,136 | ---- | M] (InfiniAd GmbH) -- C:\Users\mk-13\AppData\Roaming\loadtbs\uninstall.exe [2012.04.28 10:43:53 | 000,694,784 | ---- | M] (InfiniAd GmbH) -- C:\Users\mk-13\AppData\Roaming\loadtbs\ytdl.exe [2012.02.24 22:17:59 | 000,003,262 | R--- | M] () -- C:\Users\mk-13\AppData\Roaming\Microsoft\Installer\{BB3867CB-CC16-4F3F-97E7-031A0223719D}\_6FEFF9B68218417F98F549.exe [2012.02.24 22:17:59 | 000,003,262 | R--- | M] () -- C:\Users\mk-13\AppData\Roaming\Microsoft\Installer\{BB3867CB-CC16-4F3F-97E7-031A0223719D}\_CDAB55E28E9369703789BA.exe [2012.02.24 22:17:59 | 000,003,262 | R--- | M] () -- C:\Users\mk-13\AppData\Roaming\Microsoft\Installer\{BB3867CB-CC16-4F3F-97E7-031A0223719D}\_F57226061789EA01FD31AB.exe [2012.03.05 23:35:56 | 000,010,134 | R--- | M] () -- C:\Users\mk-13\AppData\Roaming\Microsoft\Installer\{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}\ARPPRODUCTICON.exe [2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\mk-13\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.05.2012 20:57:50 - Run 3 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\mk-13\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 35,84% Memory free 4,00 Gb Paging File | 2,44 Gb Available in Paging File | 61,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,24 Gb Total Space | 24,28 Gb Free Space | 35,07% Space Free | Partition Type: NTFS Drive D: | 69,25 Gb Total Space | 43,56 Gb Free Space | 62,90% Space Free | Partition Type: NTFS Drive E: | 81,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MK-13-PC | User Name: mk-13 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\mk-13\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) PRC - C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\V0330Mon.exe (Creative Technology Ltd.) PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation) SRV:64bit: - (RemoteRegistry) -- C:\Windows\SysNative\regsvc.dll (Microsoft Corporation) SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation) DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\drivers\V0330Vid.sys (Creative Technology Ltd.) DRV:64bit: - (GETNDIS) -- C:\Windows\SysNative\drivers\getn62a.sys (VIA Technologies, Inc. ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (SaiH0255) -- C:\Windows\SysNative\drivers\SaiH0255.sys (Saitek) DRV:64bit: - (COMMONFX.DLL) -- C:\Windows\SysNative\COMMONFX.DLL (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd) DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd) DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL (Creative Technology Ltd.) DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd) DRV:64bit: - (CTERFXFX.DLL) -- C:\Windows\SysNative\CTERFXFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTSBLFX.DLL) -- C:\Windows\SysNative\CTSBLFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTAUDFX.DLL) -- C:\Windows\SysNative\CTAUDFX.DLL (Creative Technology Ltd) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395 IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE C6 58 88 C8 58 CB 01 [binary data] IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5} IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395 IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10 FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.ssl: "ipla" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.27 18:08:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.03.07 10:57:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.16 21:19:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 21:23:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.28 10:39:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.05.27 18:08:44 | 000,000,000 | ---D | M] [2010.09.20 14:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Extensions [2012.05.30 17:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions [2011.11.12 23:20:53 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9} [2010.09.24 10:29:13 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb} [2012.05.22 07:16:07 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66} [2012.05.30 17:29:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.28 00:08:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 19:51:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.26 09:55:31 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66} [2011.01.10 13:37:25 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2012.04.28 10:39:40 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com [2012.04.28 10:43:59 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com [2012.04.15 12:58:20 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\zigboom@ymail.com [2012.05.19 23:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions [2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9} [2012.05.19 23:35:21 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb} [2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.05.19 23:35:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.19 23:35:24 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com [2012.05.19 23:35:20 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com [2012.05.19 23:35:20 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\zigboom@ymail.com [2012.05.19 23:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome [2012.04.28 10:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome [2011.03.21 16:15:10 | 000,000,931 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\conduit.xml [2011.04.08 00:11:31 | 000,003,915 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\sweetim.xml [2012.04.25 21:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.30 17:00:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.05 21:04:37 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.11 00:46:14 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2011.04.09 10:55:35 | 000,149,777 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2012.03.28 19:55:14 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI [2012.04.25 21:23:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.16 20:51:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.04.28 10:43:53 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.08 00:09:44 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Preispilot) - {E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll (Ciuvo GmbH) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\mk-13\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.) O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited) O4 - HKU\S-1-5-18..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.144.41.8 82.145.9.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46BA4379-16EF-49BC-97B3-4731536627D7}: DhcpNameServer = 82.144.41.8 82.145.9.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46BA4379-16EF-49BC-97B3-4731536627D7}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3778CD6-CEFE-4016-A729-A805BE586C35}: DhcpNameServer = 82.144.41.8 82.145.9.8 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell - "" = AutoRun O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.31 20:55:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\mk-13\Desktop\OTL.exe [2012.05.31 20:50:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.29 20:43:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\mk-13\Desktop\esetsmartinstaller_enu(1).exe [2012.05.29 20:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.28 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\mk-13\Desktop\bb [2012.05.27 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\mk-13\Documents\Simply Super Software [2012.05.27 15:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\Users\mk-13\AppData\Roaming\Simply Super Software [2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.05.26 21:48:06 | 000,000,000 | ---D | C] -- C:\Users\mk-13\AppData\Roaming\Ulamni [2012.05.20 08:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gembird ========== Files - Modified Within 30 Days ========== [2012.05.31 21:02:03 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.31 21:02:03 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.31 21:02:03 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.31 21:02:03 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.31 21:02:03 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.31 21:01:02 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 21:01:02 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 20:55:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\mk-13\Desktop\OTL.exe [2012.05.31 20:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.31 20:53:08 | 1609,469,952 | -HS- | M] () -- C:\hiberfil.sys [2012.05.31 20:52:38 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012.05.31 20:52:38 | 000,034,416 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx [2012.05.31 20:52:38 | 000,034,416 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx [2012.05.31 20:52:38 | 000,030,168 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx [2012.05.31 20:52:38 | 000,030,168 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx [2012.05.31 20:52:38 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx [2012.05.31 18:56:52 | 017,821,105 | ---- | M] () -- C:\Users\mk-13\Desktop\Tu_es_Petrus_-_Niech_mowia_ze_to_nie_jest_milosc.mp4 [2012.05.31 17:09:47 | 378,060,509 | ---- | M] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIOL_MYSZKI_MIKI_6_do_10.mp4 [2012.05.30 22:37:31 | 308,203,421 | ---- | M] () -- C:\Users\mk-13\Desktop\Spotkanie_-_czytane_napisy_PL.mp4 [2012.05.29 20:43:28 | 002,322,184 | ---- | M] (ESET) -- C:\Users\mk-13\Desktop\esetsmartinstaller_enu(1).exe [2012.05.27 15:08:26 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.05.27 14:59:40 | 000,290,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.13 17:28:41 | 369,899,625 | ---- | M] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIO_MYSZKI_MIKI_1_do_5.mp4 [2012.05.08 21:04:20 | 017,171,973 | ---- | M] () -- C:\Users\mk-13\Documents\Spacer nad Bugiem. Kwiecień 2012r..MP4 [2012.05.04 21:36:35 | 000,515,850 | ---- | M] () -- C:\Users\mk-13\Desktop\Brian_Doing_the_Snoopy_Dance-_Family_Guy.mp4 ========== Files Created - No Company Name ========== [2012.05.31 18:56:43 | 017,821,105 | ---- | C] () -- C:\Users\mk-13\Desktop\Tu_es_Petrus_-_Niech_mowia_ze_to_nie_jest_milosc.mp4 [2012.05.31 17:07:51 | 378,060,509 | ---- | C] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIOL_MYSZKI_MIKI_6_do_10.mp4 [2012.05.30 22:35:59 | 308,203,421 | ---- | C] () -- C:\Users\mk-13\Desktop\Spotkanie_-_czytane_napisy_PL.mp4 [2012.05.27 15:08:26 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.05.27 15:08:22 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.05.27 15:08:22 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.05.13 17:26:51 | 369,899,625 | ---- | C] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIO_MYSZKI_MIKI_1_do_5.mp4 [2012.05.08 20:51:42 | 017,171,973 | ---- | C] () -- C:\Users\mk-13\Documents\Spacer nad Bugiem. Kwiecień 2012r..MP4 [2012.05.04 21:36:31 | 000,515,850 | ---- | C] () -- C:\Users\mk-13\Desktop\Brian_Doing_the_Snoopy_Dance-_Family_Guy.mp4 [2012.03.06 10:38:15 | 000,600,856 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.10.16 13:33:24 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.07 11:05:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.04 22:01:37 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.11 00:43:16 | 000,006,656 | ---- | C] () -- C:\Users\mk-13\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.22 15:29:40 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.09.27 23:42:10 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.09.24 00:42:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.09.20 11:51:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.07.22 22:41:17 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Atari [2010.09.28 00:31:03 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canneverbe Limited [2010.09.22 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canon [2011.07.03 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DeepBurner [2011.10.23 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Digiarty [2010.09.28 00:11:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoft [2010.09.25 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.10 23:13:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Foxit Software [2011.11.08 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Free Download Manager [2011.06.19 08:58:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\go [2011.11.06 14:54:47 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\ipla [2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\IrfanView [2012.04.28 10:43:59 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\loadtbs [2011.01.12 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Need for Speed World [2010.09.22 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OpenOffice.org [2010.10.24 11:07:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OtakuSoftware [2011.05.25 22:04:08 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PC Suite [2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PhotoFiltre [2011.08.28 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Registry Mechanic [2012.05.27 15:08:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Simply Super Software [2011.10.30 08:12:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Steganos [2012.02.04 22:19:09 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TS3Client [2012.02.12 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TuneUp Software [2012.05.26 21:48:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Ulamni [2010.09.20 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\Canon [2010.09.20 23:36:54 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\Gutscheinmieze [2010.09.20 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\OpenOffice.org [2010.09.20 23:48:32 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\TS3Client [2009.07.14 07:08:49 | 000,031,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(15).TXT [2012.05.27 18:15:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > [/code] |
|
31.05.2012, 21:05
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner,Auswertung von Log OTL Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE C6 58 88 C8 58 CB 01 [binary data]
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5}
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.ssl: "ipla"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF - user.js - File not found
[2012.05.30 17:29:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.28 00:08:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.28 10:39:40 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com
[2012.04.28 10:43:59 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com
[2012.04.28 10:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome
[2011.03.21 16:15:10 | 000,000,931 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\conduit.xml
[2011.04.08 00:11:31 | 000,003,915 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\sweetim.xml
[2011.04.08 00:09:44 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Preispilot) - {E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll (Ciuvo GmbH)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\mk-13\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found
O4 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell - "" = AutoRun
O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell\AutoRun\command - "" = F:\pushinst.exe
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Files
C:\Users\mk13.mk-PC\AppData\Roaming\Gutscheinmieze
C:\Users\mk-13\AppData\Roaming\loadtbs
C:\Users\mk-13\AppData\Roaming\Ulamni
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 21:39
| #11 |
| | BKA Trojaner,Auswertung von Log OTL hi,jetzt haste mir aber angst gemacht,nach den neu start hat win fast 5min gebraucht um zu starten,da war nur das win logo zu sehen! gruss Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL
Prefs.js: "ipla" removed from network.proxy.ssl
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\en-US folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\de-DE folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\lib folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons\preispilot folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com\chrome\skin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\en-US folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\de-DE folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\lib folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons\preispilot folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com\chrome\skin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com folder moved successfully.
Folder C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\ not found.
C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\conduit.xml moved successfully.
C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8}\ deleted successfully.
C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ deleted successfully.
File 13\AppData\Roaming\loadtbs\toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AsioReg deleted successfully.
Registry value HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ not found.
File F:\pushinst.exe not found.
ADS C:\ProgramData\TEMP:9638A27E deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\Users\mk13.mk-PC\AppData\Roaming\Gutscheinmieze folder moved successfully.
C:\Users\mk-13\AppData\Roaming\loadtbs\chrome@loadtubes.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\loadtbs folder moved successfully.
C:\Users\mk-13\AppData\Roaming\Ulamni folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: mk-13
->Temp folder emptied: 66541244 bytes
->Temporary Internet Files folder emptied: 13981815 bytes
->Java cache emptied: 459136 bytes
->FireFox cache emptied: 791790624 bytes
->Google Chrome cache emptied: 1642864 bytes
->Flash cache emptied: 80779 bytes
User: mk13
User: mk13.mk-PC
->Java cache emptied: 33801 bytes
->FireFox cache emptied: 129023790 bytes
->Flash cache emptied: 2388 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8972 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3568113 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 961,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: mk-13
->Flash cache emptied: 0 bytes
User: mk13
User: mk13.mk-PC
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.44.0 log created on 05312012_222907
Files\Folders moved on Reboot...
C:\Users\mk-13\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_001_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_002_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_003_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\urlclassifier3.sqlite moved successfully.
Registry entries deleted on Reboot...
|
|
01.06.2012, 11:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner,Auswertung von Log OTL Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2012, 12:05
| #13 |
| | BKA Trojaner,Auswertung von Log OTL hi,er hat 2 sachen gefunden! gruss 2:58:49.0173 4080 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 12:58:49.0543 4080 ============================================================ 12:58:49.0544 4080 Current date / time: 2012/06/01 12:58:49.0543 12:58:49.0544 4080 SystemInfo: 12:58:49.0544 4080 12:58:49.0544 4080 OS Version: 6.1.7601 ServicePack: 1.0 12:58:49.0544 4080 Product type: Workstation 12:58:49.0544 4080 ComputerName: MK-13-PC 12:58:49.0544 4080 UserName: mk-13 12:58:49.0544 4080 Windows directory: C:\Windows 12:58:49.0544 4080 System windows directory: C:\Windows 12:58:49.0544 4080 Running under WOW64 12:58:49.0544 4080 Processor architecture: Intel x64 12:58:49.0544 4080 Number of processors: 2 12:58:49.0544 4080 Page size: 0x1000 12:58:49.0544 4080 Boot type: Normal boot 12:58:49.0544 4080 ============================================================ 12:58:50.0026 4080 Drive \Device\Harddisk0\DR0 - Size: 0x229FE40000 (138.50 Gb), SectorSize: 0x200, Cylinders: 0x469F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:58:50.0037 4080 ============================================================ 12:58:50.0037 4080 \Device\Harddisk0\DR0: 12:58:50.0037 4080 MBR partitions: 12:58:50.0037 4080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x8A7B800 12:58:50.0037 4080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8A7C000, BlocksNum 0x8A82000 12:58:50.0037 4080 ============================================================ 12:58:50.0088 4080 C: <-> \Device\Harddisk0\DR0\Partition0 12:58:50.0138 4080 D: <-> \Device\Harddisk0\DR0\Partition1 12:58:50.0186 4080 ============================================================ 12:58:50.0187 4080 Initialize success 12:58:50.0187 4080 ============================================================ 13:01:44.0349 3312 ============================================================ 13:01:44.0355 3312 Scan started 13:01:44.0355 3312 Mode: Manual; SigCheck; TDLFS; 13:01:44.0355 3312 ============================================================ 13:01:44.0648 3312 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 13:01:44.0965 3312 1394ohci - ok 13:01:44.0997 3312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 13:01:45.0029 3312 ACPI - ok 13:01:45.0051 3312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 13:01:45.0127 3312 AcpiPmi - ok 13:01:45.0218 3312 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 13:01:45.0227 3312 AdobeARMservice - ok 13:01:45.0269 3312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 13:01:45.0300 3312 adp94xx - ok 13:01:45.0330 3312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 13:01:45.0350 3312 adpahci - ok 13:01:45.0361 3312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 13:01:45.0382 3312 adpu320 - ok 13:01:45.0406 3312 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 13:01:45.0505 3312 AeLookupSvc - ok 13:01:45.0553 3312 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 13:01:45.0627 3312 AFD - ok 13:01:45.0645 3312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 13:01:45.0655 3312 agp440 - ok 13:01:45.0663 3312 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 13:01:45.0733 3312 ALG - ok 13:01:45.0771 3312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 13:01:45.0780 3312 aliide - ok 13:01:45.0813 3312 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe 13:01:45.0968 3312 AMD External Events Utility - ok 13:01:46.0025 3312 AMD FUEL Service - ok 13:01:46.0045 3312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 13:01:46.0055 3312 amdide - ok 13:01:46.0086 3312 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 13:01:46.0095 3312 amdiox64 - ok 13:01:46.0135 3312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 13:01:46.0192 3312 AmdK8 - ok 13:01:46.0610 3312 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys 13:01:46.0868 3312 amdkmdag - ok 13:01:46.0958 3312 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys 13:01:46.0988 3312 amdkmdap - ok 13:01:47.0000 3312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 13:01:47.0052 3312 AmdPPM - ok 13:01:47.0098 3312 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 13:01:47.0121 3312 amdsata - ok 13:01:47.0142 3312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 13:01:47.0166 3312 amdsbs - ok 13:01:47.0185 3312 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 13:01:47.0194 3312 amdxata - ok 13:01:47.0241 3312 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 13:01:47.0387 3312 AppID - ok 13:01:47.0405 3312 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 13:01:47.0457 3312 AppIDSvc - ok 13:01:47.0482 3312 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 13:01:47.0538 3312 Appinfo - ok 13:01:47.0590 3312 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 13:01:47.0639 3312 AppMgmt - ok 13:01:47.0670 3312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 13:01:47.0692 3312 arc - ok 13:01:47.0705 3312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 13:01:47.0725 3312 arcsas - ok 13:01:47.0830 3312 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 13:01:47.0871 3312 aspnet_state - ok 13:01:47.0894 3312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 13:01:47.0954 3312 AsyncMac - ok 13:01:47.0971 3312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 13:01:47.0980 3312 atapi - ok 13:01:48.0387 3312 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys 13:01:48.0554 3312 atikmdag - ok 13:01:48.0647 3312 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys 13:01:48.0658 3312 atksgt - ok 13:01:48.0724 3312 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 13:01:48.0782 3312 AudioEndpointBuilder - ok 13:01:48.0791 3312 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 13:01:48.0861 3312 AudioSrv - ok 13:01:48.0879 3312 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys 13:01:48.0890 3312 avmeject - ok 13:01:48.0928 3312 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 13:01:48.0992 3312 AxInstSV - ok 13:01:49.0032 3312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 13:01:49.0065 3312 b06bdrv - ok 13:01:49.0100 3312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 13:01:49.0147 3312 b57nd60a - ok 13:01:49.0175 3312 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 13:01:49.0208 3312 BDESVC - ok 13:01:49.0223 3312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 13:01:49.0272 3312 Beep - ok 13:01:49.0334 3312 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 13:01:49.0413 3312 BFE - ok 13:01:49.0468 3312 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 13:01:49.0575 3312 BITS - ok 13:01:49.0618 3312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 13:01:49.0649 3312 blbdrive - ok 13:01:49.0680 3312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 13:01:49.0718 3312 bowser - ok 13:01:49.0731 3312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:01:49.0803 3312 BrFiltLo - ok 13:01:49.0813 3312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:01:49.0833 3312 BrFiltUp - ok 13:01:49.0855 3312 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 13:01:49.0937 3312 Browser - ok 13:01:49.0965 3312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 13:01:50.0015 3312 Brserid - ok 13:01:50.0030 3312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 13:01:50.0082 3312 BrSerWdm - ok 13:01:50.0095 3312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:01:50.0150 3312 BrUsbMdm - ok 13:01:50.0158 3312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 13:01:50.0179 3312 BrUsbSer - ok 13:01:50.0201 3312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 13:01:50.0241 3312 BTHMODEM - ok 13:01:50.0274 3312 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 13:01:50.0345 3312 bthserv - ok 13:01:50.0374 3312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 13:01:50.0437 3312 cdfs - ok 13:01:50.0473 3312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 13:01:50.0511 3312 cdrom - ok 13:01:50.0557 3312 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 13:01:50.0611 3312 CertPropSvc - ok 13:01:50.0638 3312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 13:01:50.0656 3312 circlass - ok 13:01:50.0690 3312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 13:01:50.0705 3312 CLFS - ok 13:01:50.0769 3312 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:01:50.0780 3312 clr_optimization_v2.0.50727_32 - ok 13:01:50.0825 3312 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:01:50.0844 3312 clr_optimization_v2.0.50727_64 - ok 13:01:50.0905 3312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:01:50.0966 3312 clr_optimization_v4.0.30319_32 - ok 13:01:51.0007 3312 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:01:51.0028 3312 clr_optimization_v4.0.30319_64 - ok 13:01:51.0047 3312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 13:01:51.0069 3312 CmBatt - ok 13:01:51.0092 3312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 13:01:51.0103 3312 cmdide - ok 13:01:51.0143 3312 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 13:01:51.0182 3312 CNG - ok 13:01:51.0216 3312 COMMONFX.DLL (66ac4fdad5a2d4ff4e3db41810b39de2) C:\Windows\system32\COMMONFX.DLL 13:01:51.0272 3312 COMMONFX.DLL - ok 13:01:51.0282 3312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 13:01:51.0291 3312 Compbatt - ok 13:01:51.0315 3312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 13:01:51.0355 3312 CompositeBus - ok 13:01:51.0368 3312 COMSysApp - ok 13:01:51.0392 3312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 13:01:51.0402 3312 crcdisk - ok 13:01:51.0441 3312 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 13:01:51.0500 3312 CryptSvc - ok 13:01:51.0537 3312 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 13:01:51.0597 3312 CSC - ok 13:01:51.0636 3312 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 13:01:51.0670 3312 CscService - ok 13:01:51.0707 3312 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL 13:01:51.0727 3312 CT20XUT.DLL - ok 13:01:51.0791 3312 ctac32k (b81c989c6d3b770f44316a3dc5f607b3) C:\Windows\system32\drivers\ctac32k.sys 13:01:51.0812 3312 ctac32k - ok 13:01:51.0855 3312 ctaud2k (7321bd704cc3b34b78f8574e64258f39) C:\Windows\system32\drivers\ctaud2k.sys 13:01:51.0896 3312 ctaud2k - ok 13:01:51.0923 3312 CTAUDFX.DLL (e873319f281115ebea75e519c5b4d0c4) C:\Windows\system32\CTAUDFX.DLL 13:01:51.0967 3312 CTAUDFX.DLL - ok 13:01:51.0991 3312 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL 13:01:52.0012 3312 CTEAPSFX.DLL - ok 13:01:52.0052 3312 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL 13:01:52.0082 3312 CTEDSPFX.DLL - ok 13:01:52.0112 3312 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL 13:01:52.0144 3312 CTEDSPIO.DLL - ok 13:01:52.0173 3312 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL 13:01:52.0186 3312 CTEDSPSY.DLL - ok 13:01:52.0215 3312 CTERFXFX.DLL (e5f88dad5ec69665dfa3e5e87791f800) C:\Windows\system32\CTERFXFX.DLL 13:01:52.0250 3312 CTERFXFX.DLL - ok 13:01:52.0316 3312 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL 13:01:52.0372 3312 CTEXFIFX.DLL - ok 13:01:52.0440 3312 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL 13:01:52.0465 3312 CTHWIUT.DLL - ok 13:01:52.0485 3312 ctprxy2k (6a05134810301fa6fdd6e95583a91f35) C:\Windows\system32\drivers\ctprxy2k.sys 13:01:52.0521 3312 ctprxy2k - ok 13:01:52.0560 3312 CTSBLFX.DLL (99047fcebab495410cd58ab17284720a) C:\Windows\system32\CTSBLFX.DLL 13:01:52.0586 3312 CTSBLFX.DLL - ok 13:01:52.0613 3312 ctsfm2k (f792246cf9d8ee17f2b32e9069415cdd) C:\Windows\system32\drivers\ctsfm2k.sys 13:01:52.0635 3312 ctsfm2k - ok 13:01:52.0683 3312 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 13:01:52.0740 3312 DcomLaunch - ok 13:01:52.0763 3312 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 13:01:52.0840 3312 defragsvc - ok 13:01:52.0874 3312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 13:01:52.0937 3312 DfsC - ok 13:01:52.0980 3312 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 13:01:53.0034 3312 Dhcp - ok 13:01:53.0053 3312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 13:01:53.0122 3312 discache - ok 13:01:53.0141 3312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 13:01:53.0160 3312 Disk - ok 13:01:53.0192 3312 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 13:01:53.0242 3312 Dnscache - ok 13:01:53.0275 3312 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 13:01:53.0356 3312 dot3svc - ok 13:01:53.0383 3312 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 13:01:53.0436 3312 DPS - ok 13:01:53.0463 3312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 13:01:53.0533 3312 drmkaud - ok 13:01:53.0586 3312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 13:01:53.0640 3312 DXGKrnl - ok 13:01:53.0668 3312 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 13:01:53.0734 3312 EapHost - ok 13:01:53.0863 3312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 13:01:53.0964 3312 ebdrv - ok 13:01:54.0031 3312 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 13:01:54.0049 3312 EFS - ok 13:01:54.0107 3312 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 13:01:54.0171 3312 ehRecvr - ok 13:01:54.0198 3312 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 13:01:54.0208 3312 ehSched - ok 13:01:54.0253 3312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 13:01:54.0276 3312 elxstor - ok 13:01:54.0307 3312 emupia (1e2f860d9521fb73566c85cd17d58291) C:\Windows\system32\drivers\emupia2k.sys 13:01:54.0324 3312 emupia - ok 13:01:54.0339 3312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 13:01:54.0363 3312 ErrDev - ok 13:01:54.0409 3312 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 13:01:54.0454 3312 EventSystem - ok 13:01:54.0481 3312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 13:01:54.0526 3312 exfat - ok 13:01:54.0545 3312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 13:01:54.0612 3312 fastfat - ok 13:01:54.0663 3312 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 13:01:54.0700 3312 Fax - ok 13:01:54.0714 3312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 13:01:54.0771 3312 fdc - ok 13:01:54.0795 3312 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 13:01:54.0871 3312 fdPHost - ok 13:01:54.0882 3312 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 13:01:54.0958 3312 FDResPub - ok 13:01:54.0981 3312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 13:01:55.0003 3312 FileInfo - ok 13:01:55.0011 3312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 13:01:55.0047 3312 Filetrace - ok 13:01:55.0063 3312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 13:01:55.0083 3312 flpydisk - ok 13:01:55.0111 3312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 13:01:55.0132 3312 FltMgr - ok 13:01:55.0190 3312 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 13:01:55.0242 3312 FontCache - ok 13:01:55.0308 3312 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:01:55.0315 3312 FontCache3.0.0.0 - ok 13:01:55.0347 3312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 13:01:55.0358 3312 FsDepends - ok 13:01:55.0375 3312 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 13:01:55.0385 3312 Fs_Rec - ok 13:01:55.0420 3312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 13:01:55.0446 3312 fvevol - ok 13:01:55.0478 3312 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys 13:01:55.0511 3312 FWLANUSB - ok 13:01:55.0527 3312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:01:55.0547 3312 gagp30kx - ok 13:01:55.0581 3312 GETNDIS (544e98f3d45adb286f3b01226e390b08) C:\Windows\system32\DRIVERS\getn62a.sys 13:01:55.0625 3312 GETNDIS - ok 13:01:55.0680 3312 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 13:01:55.0772 3312 gpsvc - ok 13:01:55.0834 3312 ha10kx2k (b3f220ad6eeddc2546780b84a8919b7a) C:\Windows\system32\drivers\ha10kx2k.sys 13:01:55.0880 3312 ha10kx2k - ok 13:01:55.0952 3312 hap16v2k (5d6aec608b871cc2c724114f34cad3c8) C:\Windows\system32\drivers\hap16v2k.sys 13:01:55.0968 3312 hap16v2k - ok 13:01:55.0992 3312 hap17v2k (b95ba8d7ea73a47fac3a59cf4a3b3043) C:\Windows\system32\drivers\hap17v2k.sys 13:01:56.0015 3312 hap17v2k - ok 13:01:56.0033 3312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 13:01:56.0053 3312 hcw85cir - ok 13:01:56.0083 3312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 13:01:56.0125 3312 HDAudBus - ok 13:01:56.0139 3312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 13:01:56.0157 3312 HidBatt - ok 13:01:56.0172 3312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 13:01:56.0211 3312 HidBth - ok 13:01:56.0231 3312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 13:01:56.0254 3312 HidIr - ok 13:01:56.0274 3312 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 13:01:56.0337 3312 hidserv - ok 13:01:56.0367 3312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 13:01:56.0396 3312 HidUsb - ok 13:01:56.0428 3312 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 13:01:56.0493 3312 hkmsvc - ok 13:01:56.0525 3312 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 13:01:56.0585 3312 HomeGroupListener - ok 13:01:56.0614 3312 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 13:01:56.0653 3312 HomeGroupProvider - ok 13:01:56.0678 3312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 13:01:56.0700 3312 HpSAMD - ok 13:01:56.0749 3312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 13:01:56.0827 3312 HTTP - ok 13:01:56.0844 3312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 13:01:56.0853 3312 hwpolicy - ok 13:01:56.0879 3312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 13:01:56.0901 3312 i8042prt - ok 13:01:56.0937 3312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 13:01:56.0953 3312 iaStorV - ok 13:01:57.0012 3312 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 13:01:57.0041 3312 IDriverT ( UnsignedFile.Multi.Generic ) - warning 13:01:57.0041 3312 IDriverT - detected UnsignedFile.Multi.Generic (1) 13:01:57.0115 3312 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:01:57.0163 3312 idsvc - ok 13:01:57.0219 3312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 13:01:57.0230 3312 iirsp - ok 13:01:57.0281 3312 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 13:01:57.0354 3312 IKEEXT - ok 13:01:57.0374 3312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 13:01:57.0383 3312 intelide - ok 13:01:57.0409 3312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 13:01:57.0421 3312 intelppm - ok 13:01:57.0448 3312 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 13:01:57.0500 3312 IPBusEnum - ok 13:01:57.0528 3312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:01:57.0577 3312 IpFilterDriver - ok 13:01:57.0617 3312 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 13:01:57.0662 3312 iphlpsvc - ok 13:01:57.0693 3312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 13:01:57.0726 3312 IPMIDRV - ok 13:01:57.0751 3312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 13:01:57.0821 3312 IPNAT - ok 13:01:57.0841 3312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 13:01:57.0922 3312 IRENUM - ok 13:01:57.0940 3312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 13:01:57.0950 3312 isapnp - ok 13:01:57.0973 3312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 13:01:57.0999 3312 iScsiPrt - ok 13:01:58.0020 3312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 13:01:58.0034 3312 kbdclass - ok 13:01:58.0054 3312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 13:01:58.0083 3312 kbdhid - ok 13:01:58.0110 3312 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:01:58.0122 3312 KeyIso - ok 13:01:58.0137 3312 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 13:01:58.0158 3312 KSecDD - ok 13:01:58.0169 3312 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 13:01:58.0191 3312 KSecPkg - ok 13:01:58.0203 3312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 13:01:58.0260 3312 ksthunk - ok 13:01:58.0298 3312 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 13:01:58.0370 3312 KtmRm - ok 13:01:58.0408 3312 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 13:01:58.0487 3312 LanmanServer - ok 13:01:58.0517 3312 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 13:01:58.0613 3312 LanmanWorkstation - ok 13:01:58.0647 3312 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys 13:01:58.0668 3312 LGBusEnum - ok 13:01:58.0700 3312 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys 13:01:58.0715 3312 LGVirHid - ok 13:01:58.0771 3312 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys 13:01:58.0786 3312 lirsgt - ok 13:01:58.0812 3312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 13:01:58.0868 3312 lltdio - ok 13:01:58.0904 3312 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 13:01:58.0987 3312 lltdsvc - ok 13:01:59.0011 3312 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 13:01:59.0054 3312 lmhosts - ok 13:01:59.0085 3312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:01:59.0106 3312 LSI_FC - ok 13:01:59.0114 3312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:01:59.0136 3312 LSI_SAS - ok 13:01:59.0150 3312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:01:59.0161 3312 LSI_SAS2 - ok 13:01:59.0174 3312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:01:59.0196 3312 LSI_SCSI - ok 13:01:59.0218 3312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 13:01:59.0293 3312 luafv - ok 13:01:59.0336 3312 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 13:01:59.0350 3312 MBAMProtector - ok 13:01:59.0418 3312 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 13:01:59.0436 3312 MBAMService - ok 13:01:59.0462 3312 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 13:01:59.0483 3312 Mcx2Svc - ok 13:01:59.0503 3312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 13:01:59.0513 3312 megasas - ok 13:01:59.0528 3312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 13:01:59.0554 3312 MegaSR - ok 13:01:59.0578 3312 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 13:01:59.0633 3312 MMCSS - ok 13:01:59.0646 3312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 13:01:59.0690 3312 Modem - ok 13:01:59.0712 3312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 13:01:59.0737 3312 monitor - ok 13:01:59.0771 3312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 13:01:59.0782 3312 mouclass - ok 13:01:59.0799 3312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 13:01:59.0821 3312 mouhid - ok 13:01:59.0853 3312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 13:01:59.0870 3312 mountmgr - ok 13:01:59.0934 3312 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:01:59.0944 3312 MozillaMaintenance - ok 13:01:59.0969 3312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 13:01:59.0998 3312 mpio - ok 13:02:00.0017 3312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 13:02:00.0067 3312 mpsdrv - ok 13:02:00.0122 3312 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 13:02:00.0181 3312 MpsSvc - ok 13:02:00.0215 3312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 13:02:00.0257 3312 MRxDAV - ok 13:02:00.0282 3312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:02:00.0327 3312 mrxsmb - ok 13:02:00.0352 3312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:02:00.0387 3312 mrxsmb10 - ok 13:02:00.0409 3312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:02:00.0434 3312 mrxsmb20 - ok 13:02:00.0459 3312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 13:02:00.0469 3312 msahci - ok 13:02:00.0497 3312 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 13:02:00.0517 3312 msdsm - ok 13:02:00.0545 3312 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 13:02:00.0589 3312 MSDTC - ok 13:02:00.0614 3312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 13:02:00.0647 3312 Msfs - ok 13:02:00.0661 3312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 13:02:00.0710 3312 mshidkmdf - ok 13:02:00.0715 3312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 13:02:00.0724 3312 msisadrv - ok 13:02:00.0765 3312 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 13:02:00.0863 3312 MSiSCSI - ok 13:02:00.0875 3312 msiserver - ok 13:02:00.0903 3312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 13:02:00.0944 3312 MSKSSRV - ok 13:02:00.0964 3312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 13:02:01.0008 3312 MSPCLOCK - ok 13:02:01.0025 3312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 13:02:01.0086 3312 MSPQM - ok 13:02:01.0127 3312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 13:02:01.0149 3312 MsRPC - ok 13:02:01.0169 3312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 13:02:01.0179 3312 mssmbios - ok 13:02:01.0191 3312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 13:02:01.0255 3312 MSTEE - ok 13:02:01.0264 3312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 13:02:01.0277 3312 MTConfig - ok 13:02:01.0293 3312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 13:02:01.0316 3312 Mup - ok 13:02:01.0348 3312 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 13:02:01.0404 3312 napagent - ok 13:02:01.0441 3312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 13:02:01.0472 3312 NativeWifiP - ok 13:02:01.0532 3312 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 13:02:01.0565 3312 NDIS - ok 13:02:01.0582 3312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 13:02:01.0624 3312 NdisCap - ok 13:02:01.0646 3312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 13:02:01.0687 3312 NdisTapi - ok 13:02:01.0718 3312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 13:02:01.0772 3312 Ndisuio - ok 13:02:01.0788 3312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 13:02:01.0841 3312 NdisWan - ok 13:02:01.0873 3312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 13:02:01.0931 3312 NDProxy - ok 13:02:01.0942 3312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 13:02:01.0984 3312 NetBIOS - ok 13:02:02.0011 3312 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 13:02:02.0087 3312 NetBT - ok 13:02:02.0112 3312 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:02:02.0129 3312 Netlogon - ok 13:02:02.0166 3312 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 13:02:02.0222 3312 Netman - ok 13:02:02.0316 3312 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:02:02.0341 3312 NetMsmqActivator - ok 13:02:02.0346 3312 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:02:02.0355 3312 NetPipeActivator - ok 13:02:02.0388 3312 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 13:02:02.0444 3312 netprofm - ok 13:02:02.0459 3312 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:02:02.0469 3312 NetTcpActivator - ok 13:02:02.0473 3312 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:02:02.0483 3312 NetTcpPortSharing - ok 13:02:02.0521 3312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 13:02:02.0542 3312 nfrd960 - ok 13:02:02.0577 3312 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 13:02:02.0647 3312 NlaSvc - ok 13:02:02.0685 3312 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys 13:02:02.0750 3312 nmwcd - ok 13:02:02.0779 3312 nmwcdc (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys 13:02:02.0827 3312 nmwcdc - ok 13:02:02.0860 3312 nmwcdnsucx64 (863aa6c58ac85a22355ae943c605e44b) C:\Windows\system32\drivers\nmwcdnsucx64.sys 13:02:02.0894 3312 nmwcdnsucx64 - ok 13:02:02.0934 3312 nmwcdnsux64 (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys 13:02:02.0982 3312 nmwcdnsux64 - ok 13:02:03.0002 3312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 13:02:03.0063 3312 Npfs - ok 13:02:03.0079 3312 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 13:02:03.0131 3312 nsi - ok 13:02:03.0143 3312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 13:02:03.0187 3312 nsiproxy - ok 13:02:03.0259 3312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 13:02:03.0308 3312 Ntfs - ok 13:02:03.0375 3312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 13:02:03.0434 3312 Null - ok 13:02:03.0472 3312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 13:02:03.0492 3312 nvraid - ok 13:02:03.0515 3312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 13:02:03.0526 3312 nvstor - ok 13:02:03.0568 3312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 13:02:03.0589 3312 nv_agp - ok 13:02:03.0612 3312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 13:02:03.0649 3312 ohci1394 - ok 13:02:03.0677 3312 ossrv (678cc7dcf607bbd69a9f9333d39c2f1d) C:\Windows\system32\drivers\ctoss2k.sys 13:02:03.0713 3312 ossrv - ok 13:02:03.0749 3312 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 13:02:03.0776 3312 p2pimsvc - ok 13:02:03.0813 3312 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 13:02:03.0849 3312 p2psvc - ok 13:02:03.0871 3312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 13:02:03.0896 3312 Parport - ok 13:02:03.0917 3312 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 13:02:03.0933 3312 partmgr - ok 13:02:03.0969 3312 pavboot (337a81b3ff34f9851d245d42a725fc22) C:\Windows\system32\Drivers\pavboot64.sys 13:02:03.0978 3312 pavboot - ok 13:02:04.0000 3312 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 13:02:04.0035 3312 PcaSvc - ok 13:02:04.0086 3312 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 13:02:04.0119 3312 pccsmcfd - ok 13:02:04.0147 3312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 13:02:04.0167 3312 pci - ok 13:02:04.0188 3312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 13:02:04.0198 3312 pciide - ok 13:02:04.0219 3312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 13:02:04.0239 3312 pcmcia - ok 13:02:04.0244 3312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 13:02:04.0254 3312 pcw - ok 13:02:04.0303 3312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 13:02:04.0372 3312 PEAUTH - ok 13:02:04.0449 3312 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 13:02:04.0518 3312 PeerDistSvc - ok 13:02:04.0575 3312 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 13:02:04.0604 3312 PerfHost - ok 13:02:04.0715 3312 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 13:02:04.0794 3312 pla - ok 13:02:04.0834 3312 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 13:02:04.0860 3312 PlugPlay - ok 13:02:04.0875 3312 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 13:02:04.0903 3312 PNRPAutoReg - ok 13:02:04.0930 3312 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 13:02:04.0957 3312 PNRPsvc - ok 13:02:04.0988 3312 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 13:02:05.0042 3312 PolicyAgent - ok 13:02:05.0076 3312 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 13:02:05.0140 3312 Power - ok 13:02:05.0189 3312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 13:02:05.0245 3312 PptpMiniport - ok 13:02:05.0271 3312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 13:02:05.0291 3312 Processor - ok 13:02:05.0312 3312 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 13:02:05.0366 3312 ProfSvc - ok 13:02:05.0387 3312 Prot6Flt - ok 13:02:05.0417 3312 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:02:05.0427 3312 ProtectedStorage - ok 13:02:05.0459 3312 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 13:02:05.0533 3312 Psched - ok 13:02:05.0597 3312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 13:02:05.0650 3312 ql2300 - ok 13:02:05.0729 3312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 13:02:05.0750 3312 ql40xx - ok 13:02:05.0774 3312 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 13:02:05.0827 3312 QWAVE - ok 13:02:05.0843 3312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 13:02:05.0874 3312 QWAVEdrv - ok 13:02:05.0926 3312 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll 13:02:05.0945 3312 RapiMgr - ok 13:02:05.0956 3312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 13:02:06.0014 3312 RasAcd - ok 13:02:06.0038 3312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:02:06.0085 3312 RasAgileVpn - ok 13:02:06.0106 3312 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 13:02:06.0163 3312 RasAuto - ok 13:02:06.0192 3312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:02:06.0264 3312 Rasl2tp - ok 13:02:06.0312 3312 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 13:02:06.0368 3312 RasMan - ok 13:02:06.0390 3312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 13:02:06.0464 3312 RasPppoe - ok 13:02:06.0475 3312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 13:02:06.0529 3312 RasSstp - ok 13:02:06.0556 3312 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 13:02:06.0606 3312 rdbss - ok 13:02:06.0610 3312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 13:02:06.0640 3312 rdpbus - ok 13:02:06.0657 3312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:02:06.0703 3312 RDPCDD - ok 13:02:06.0739 3312 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 13:02:06.0759 3312 RDPDR - ok 13:02:06.0775 3312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 13:02:06.0816 3312 RDPENCDD - ok 13:02:06.0828 3312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 13:02:06.0864 3312 RDPREFMP - ok 13:02:06.0903 3312 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 13:02:06.0951 3312 RDPWD - ok 13:02:06.0987 3312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 13:02:07.0008 3312 rdyboost - ok 13:02:07.0029 3312 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 13:02:07.0083 3312 RemoteAccess - ok 13:02:07.0100 3312 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 13:02:07.0189 3312 RemoteRegistry - ok 13:02:07.0221 3312 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 13:02:07.0266 3312 RpcEptMapper - ok 13:02:07.0282 3312 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 13:02:07.0309 3312 RpcLocator - ok 13:02:07.0351 3312 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 13:02:07.0403 3312 RpcSs - ok 13:02:07.0430 3312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 13:02:07.0481 3312 rspndr - ok 13:02:07.0493 3312 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 13:02:07.0537 3312 s3cap - ok 13:02:07.0578 3312 SaiH0255 (248abd858ff7dcc966e5a54529ddd225) C:\Windows\system32\DRIVERS\SaiH0255.sys 13:02:07.0597 3312 SaiH0255 - ok 13:02:07.0620 3312 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:02:07.0631 3312 SamSs - ok 13:02:07.0641 3312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 13:02:07.0663 3312 sbp2port - ok 13:02:07.0681 3312 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 13:02:07.0745 3312 SCardSvr - ok 13:02:07.0764 3312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 13:02:07.0804 3312 scfilter - ok 13:02:07.0861 3312 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 13:02:07.0947 3312 Schedule - ok 13:02:07.0986 3312 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 13:02:08.0021 3312 SCPolicySvc - ok 13:02:08.0041 3312 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 13:02:08.0096 3312 SDRSVC - ok 13:02:08.0137 3312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 13:02:08.0198 3312 secdrv - ok 13:02:08.0220 3312 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 13:02:08.0264 3312 seclogon - ok 13:02:08.0285 3312 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 13:02:08.0330 3312 SENS - ok 13:02:08.0341 3312 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 13:02:08.0365 3312 SensrSvc - ok 13:02:08.0381 3312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 13:02:08.0392 3312 Serenum - ok 13:02:08.0412 3312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 13:02:08.0441 3312 Serial - ok 13:02:08.0466 3312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 13:02:08.0485 3312 sermouse - ok 13:02:08.0571 3312 ServiceLayer (12b41d84a4d058adc60853c365dbfcca) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 13:02:08.0599 3312 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 13:02:08.0599 3312 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 13:02:08.0634 3312 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 13:02:08.0689 3312 SessionEnv - ok 13:02:08.0704 3312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 13:02:08.0722 3312 sffdisk - ok 13:02:08.0742 3312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 13:02:08.0773 3312 sffp_mmc - ok 13:02:08.0786 3312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 13:02:08.0812 3312 sffp_sd - ok 13:02:08.0821 3312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 13:02:08.0843 3312 sfloppy - ok 13:02:08.0878 3312 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 13:02:08.0946 3312 SharedAccess - ok 13:02:09.0000 3312 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 13:02:09.0048 3312 ShellHWDetection - ok 13:02:09.0072 3312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:02:09.0082 3312 SiSRaid2 - ok 13:02:09.0101 3312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 13:02:09.0128 3312 SiSRaid4 - ok 13:02:09.0204 3312 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe 13:02:09.0212 3312 SkypeUpdate - ok 13:02:09.0237 3312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 13:02:09.0291 3312 Smb - ok 13:02:09.0341 3312 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 13:02:09.0368 3312 SNMPTRAP - ok 13:02:09.0383 3312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 13:02:09.0393 3312 spldr - ok 13:02:09.0436 3312 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 13:02:09.0481 3312 Spooler - ok 13:02:09.0623 3312 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 13:02:09.0741 3312 sppsvc - ok 13:02:09.0797 3312 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 13:02:09.0840 3312 sppuinotify - ok 13:02:09.0882 3312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 13:02:09.0928 3312 srv - ok 13:02:09.0947 3312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 13:02:09.0981 3312 srv2 - ok 13:02:09.0993 3312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 13:02:10.0041 3312 srvnet - ok 13:02:10.0075 3312 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 13:02:10.0138 3312 SSDPSRV - ok 13:02:10.0159 3312 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 13:02:10.0210 3312 SstpSvc - ok 13:02:10.0237 3312 StarOpen - ok 13:02:10.0281 3312 Steam Client Service - ok 13:02:10.0296 3312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 13:02:10.0306 3312 stexstor - ok 13:02:10.0351 3312 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 13:02:10.0396 3312 stisvc - ok 13:02:10.0412 3312 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 13:02:10.0433 3312 storflt - ok 13:02:10.0449 3312 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 13:02:10.0486 3312 StorSvc - ok 13:02:10.0494 3312 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 13:02:10.0503 3312 storvsc - ok 13:02:10.0519 3312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 13:02:10.0528 3312 swenum - ok 13:02:10.0564 3312 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 13:02:10.0618 3312 swprv - ok 13:02:10.0695 3312 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 13:02:10.0764 3312 SysMain - ok 13:02:10.0838 3312 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 13:02:10.0872 3312 TabletInputService - ok 13:02:10.0907 3312 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 13:02:10.0968 3312 TapiSrv - ok 13:02:10.0998 3312 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 13:02:11.0049 3312 TBS - ok 13:02:11.0148 3312 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 13:02:11.0206 3312 Tcpip - ok 13:02:11.0305 3312 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 13:02:11.0359 3312 TCPIP6 - ok 13:02:11.0416 3312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 13:02:11.0456 3312 tcpipreg - ok 13:02:11.0478 3312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 13:02:11.0491 3312 TDPIPE - ok 13:02:11.0508 3312 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 13:02:11.0528 3312 TDTCP - ok 13:02:11.0561 3312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 13:02:11.0611 3312 tdx - ok 13:02:11.0640 3312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 13:02:11.0652 3312 TermDD - ok 13:02:11.0697 3312 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 13:02:11.0745 3312 TermService - ok 13:02:11.0772 3312 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 13:02:11.0800 3312 Themes - ok 13:02:11.0823 3312 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 13:02:11.0857 3312 THREADORDER - ok 13:02:11.0867 3312 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 13:02:11.0926 3312 TrkWks - ok 13:02:11.0962 3312 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 13:02:12.0024 3312 TrustedInstaller - ok 13:02:12.0045 3312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:02:12.0078 3312 tssecsrv - ok 13:02:12.0105 3312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 13:02:12.0116 3312 TsUsbFlt - ok 13:02:12.0304 3312 TuneUp.UtilitiesSvc (286809293bc5ae5d6a1a381b53c72d1a) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe 13:02:12.0348 3312 TuneUp.UtilitiesSvc - ok 13:02:12.0383 3312 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys 13:02:12.0392 3312 TuneUpUtilitiesDrv - ok 13:02:12.0481 3312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 13:02:12.0544 3312 tunnel - ok 13:02:12.0564 3312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 13:02:12.0575 3312 uagp35 - ok 13:02:12.0612 3312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 13:02:12.0670 3312 udfs - ok 13:02:12.0696 3312 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 13:02:12.0723 3312 UI0Detect - ok 13:02:12.0754 3312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 13:02:12.0765 3312 uliagpkx - ok 13:02:12.0798 3312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 13:02:12.0819 3312 umbus - ok 13:02:12.0832 3312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 13:02:12.0846 3312 UmPass - ok 13:02:12.0875 3312 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 13:02:12.0904 3312 UmRdpService - ok 13:02:12.0933 3312 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 13:02:12.0987 3312 upnphost - ok 13:02:13.0020 3312 upperdev (7168819f30fe9622284ea19bde7f8ab4) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 13:02:13.0049 3312 upperdev - ok 13:02:13.0077 3312 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 13:02:13.0117 3312 usbccgp - ok 13:02:13.0139 3312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 13:02:13.0156 3312 usbcir - ok 13:02:13.0174 3312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 13:02:13.0205 3312 usbehci - ok 13:02:13.0256 3312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 13:02:13.0290 3312 usbhub - ok 13:02:13.0307 3312 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 13:02:13.0322 3312 usbohci - ok 13:02:13.0341 3312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 13:02:13.0355 3312 usbprint - ok 13:02:13.0372 3312 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 13:02:13.0390 3312 usbscan - ok 13:02:13.0414 3312 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys 13:02:13.0436 3312 usbser - ok 13:02:13.0450 3312 UsbserFilt (66c25cb20b2974e0c0cfdab49fb72a02) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 13:02:13.0495 3312 UsbserFilt - ok 13:02:13.0518 3312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:02:13.0544 3312 USBSTOR - ok 13:02:13.0568 3312 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 13:02:13.0579 3312 usbuhci - ok 13:02:13.0610 3312 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys 13:02:13.0627 3312 usb_rndisx - ok 13:02:13.0648 3312 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 13:02:13.0691 3312 UxSms - ok 13:02:13.0743 3312 UxTuneUp (594df74ec1411592585d8fe8165d0816) C:\Windows\System32\uxtuneup.dll 13:02:13.0751 3312 UxTuneUp - ok 13:02:13.0789 3312 V0330VID (102f170cf0f5304acf7fb663b7adb5e0) C:\Windows\system32\DRIVERS\V0330Vid.sys 13:02:13.0819 3312 V0330VID - ok 13:02:13.0846 3312 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:02:13.0859 3312 VaultSvc - ok 13:02:13.0893 3312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 13:02:13.0903 3312 vdrvroot - ok 13:02:13.0946 3312 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 13:02:14.0015 3312 vds - ok 13:02:14.0034 3312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 13:02:14.0048 3312 vga - ok 13:02:14.0058 3312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 13:02:14.0110 3312 VgaSave - ok 13:02:14.0143 3312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 13:02:14.0164 3312 vhdmp - ok 13:02:14.0173 3312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 13:02:14.0183 3312 viaide - ok 13:02:14.0195 3312 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 13:02:14.0219 3312 vmbus - ok 13:02:14.0242 3312 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 13:02:14.0280 3312 VMBusHID - ok 13:02:14.0287 3312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 13:02:14.0307 3312 volmgr - ok 13:02:14.0333 3312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 13:02:14.0347 3312 volmgrx - ok 13:02:14.0368 3312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 13:02:14.0384 3312 volsnap - ok 13:02:14.0398 3312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 13:02:14.0409 3312 vsmraid - ok 13:02:14.0479 3312 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 13:02:14.0564 3312 VSS - ok 13:02:14.0630 3312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 13:02:14.0654 3312 vwifibus - ok 13:02:14.0693 3312 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 13:02:14.0754 3312 W32Time - ok 13:02:14.0787 3312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 13:02:14.0816 3312 WacomPen - ok 13:02:14.0867 3312 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:02:14.0929 3312 WANARP - ok 13:02:14.0933 3312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:02:14.0997 3312 Wanarpv6 - ok 13:02:15.0073 3312 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 13:02:15.0115 3312 wbengine - ok 13:02:15.0170 3312 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 13:02:15.0201 3312 WbioSrvc - ok 13:02:15.0242 3312 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll 13:02:15.0259 3312 WcesComm - ok 13:02:15.0288 3312 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 13:02:15.0312 3312 wcncsvc - ok 13:02:15.0327 3312 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 13:02:15.0353 3312 WcsPlugInService - ok 13:02:15.0379 3312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 13:02:15.0390 3312 Wd - ok 13:02:15.0423 3312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 13:02:15.0450 3312 Wdf01000 - ok 13:02:15.0464 3312 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:02:15.0505 3312 WdiServiceHost - ok 13:02:15.0509 3312 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:02:15.0539 3312 WdiSystemHost - ok 13:02:15.0577 3312 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 13:02:15.0616 3312 WebClient - ok 13:02:15.0650 3312 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 13:02:15.0702 3312 Wecsvc - ok 13:02:15.0722 3312 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 13:02:15.0787 3312 wercplsupport - ok 13:02:15.0800 3312 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 13:02:15.0850 3312 WerSvc - ok 13:02:15.0865 3312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 13:02:15.0911 3312 WfpLwf - ok 13:02:15.0920 3312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 13:02:15.0931 3312 WIMMount - ok 13:02:15.0950 3312 WinDefend - ok 13:02:15.0969 3312 WinHttpAutoProxySvc - ok 13:02:16.0014 3312 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 13:02:16.0086 3312 Winmgmt - ok 13:02:16.0175 3312 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 13:02:16.0252 3312 WinRM - ok 13:02:16.0338 3312 WINUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS 13:02:16.0364 3312 WINUSB - ok 13:02:16.0414 3312 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 13:02:16.0464 3312 Wlansvc - ok 13:02:16.0483 3312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 13:02:16.0511 3312 WmiAcpi - ok 13:02:16.0550 3312 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 13:02:16.0590 3312 wmiApSrv - ok 13:02:16.0617 3312 WMPNetworkSvc - ok 13:02:16.0638 3312 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 13:02:16.0655 3312 WPCSvc - ok 13:02:16.0680 3312 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 13:02:16.0715 3312 WPDBusEnum - ok 13:02:16.0734 3312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 13:02:16.0777 3312 ws2ifsl - ok 13:02:16.0800 3312 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 13:02:16.0835 3312 wscsvc - ok 13:02:16.0839 3312 WSearch - ok 13:02:16.0947 3312 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 13:02:17.0075 3312 wuauserv - ok 13:02:17.0146 3312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 13:02:17.0207 3312 WudfPf - ok 13:02:17.0236 3312 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:02:17.0302 3312 WUDFRd - ok 13:02:17.0337 3312 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 13:02:17.0392 3312 wudfsvc - ok 13:02:17.0427 3312 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 13:02:17.0487 3312 WwanSvc - ok 13:02:17.0528 3312 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 13:02:17.0706 3312 \Device\Harddisk0\DR0 - ok 13:02:17.0708 3312 Boot (0x1200) (fcf9bb6a767bdf8c50c7ce20f528edfa) \Device\Harddisk0\DR0\Partition0 13:02:17.0709 3312 \Device\Harddisk0\DR0\Partition0 - ok 13:02:17.0724 3312 Boot (0x1200) (e17768d03d1d4f86f64e744d094017a7) \Device\Harddisk0\DR0\Partition1 13:02:17.0725 3312 \Device\Harddisk0\DR0\Partition1 - ok 13:02:17.0726 3312 ============================================================ 13:02:17.0726 3312 Scan finished 13:02:17.0726 3312 ============================================================ 13:02:17.0743 3300 Detected object count: 2 13:02:17.0743 3300 Actual detected object count: 2 13:03:07.0702 3300 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:07.0702 3300 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:03:07.0702 3300 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 13:03:07.0702 3300 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip [/code] |
|
01.06.2012, 14:17
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner,Auswertung von Log OTL Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2012, 20:15
| #15 |
| | BKA Trojaner,Auswertung von Log OTL hi,so hier der log.Was nun der BKA Trojaner? und dann noch die meldung(bild)? gruss Code:
ATTFilter ComboFix 12-06-01.02 - mk-13 01.06.2012 20:56:57.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.1180 [GMT 2:00]
ausgeführt von:: c:\users\mk-13\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-01 bis 2012-06-01 ))))))))))))))))))))))))))))))
.
.
2012-06-01 19:04 . 2012-06-01 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 10:49 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91707E59-29C4-4A77-B469-A9B773DBE7E8}\mpengine.dll
2012-05-31 20:29 . 2012-05-31 20:29 -------- d-----w- C:\_OTL
2012-05-29 18:41 . 2012-05-29 18:41 -------- d-----w- c:\program files (x86)\ESET
2012-05-27 13:08 . 2003-02-02 17:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-05-27 13:08 . 2002-03-05 22:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-05-27 13:08 . 2012-05-27 13:08 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-05-27 13:08 . 2012-05-27 13:08 -------- d-----w- c:\users\mk-13\AppData\Roaming\Simply Super Software
2012-05-27 13:08 . 2012-05-27 13:08 -------- d-----w- c:\programdata\Simply Super Software
2012-05-20 06:45 . 2004-04-18 21:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-05-20 06:45 . 2004-04-18 21:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-05-20 06:45 . 2004-04-18 21:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-05-20 06:45 . 2004-04-18 21:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-05-20 06:45 . 2004-04-18 21:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-05-20 06:45 . 2012-05-20 06:45 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-05-20 06:45 . 2012-05-20 06:45 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-05-10 04:07 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 04:07 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 04:07 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 04:07 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 04:07 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 04:07 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 04:07 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 04:07 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 04:07 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 04:07 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 18:51 . 2011-10-28 19:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 13:56 . 2012-04-09 22:29 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 19:13 . 2012-03-11 19:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-07 08:56 . 2012-03-07 08:56 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-07 08:56 . 2012-03-07 08:56 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-07 08:02 . 2012-03-05 21:48 50552 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-03-07 08:02 . 2012-03-05 21:48 111992 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-03-07 08:02 . 2012-03-05 21:48 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-03-07 07:51 . 2011-07-23 08:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 07:44 . 2012-03-07 07:44 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-05 22:04 . 2012-03-05 22:04 106648 ----a-w- c:\windows\system32\drivers\GRD.sys
2012-03-05 21:49 . 2012-03-05 21:49 59256 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2007-04-09 80896]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-29 32768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-01-23 1238800]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-03-07 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Power Manager"="c:\program files (x86)\Gembird\Power Manager\pm.exe" -winstartup
"CTxfiHlp"=CTXFIHLP.EXE
"NokiaMServer"=c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 SaiH0255;SaiH0255;c:\windows\system32\DRIVERS\SaiH0255.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 GETNDIS;VIA Velocity-Familie-Gigabit-Ethernet-Adaptertreiber;c:\windows\system32\DRIVERS\getn62a.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 V0330VID;WebCam Vista/Live! Cam Chat VF0330;c:\windows\system32\DRIVERS\V0330Vid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"combofix"="c:\combofix\CF10177.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube to Mp3 Converter - c:\users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 82.144.41.8 82.145.9.8
TCP: Interfaces\{46BA4379-16EF-49BC-97B3-4731536627D7}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1C58C548-120C-1FC0-8D7A-D4BFE78398C8}*]
"paiocamcaicliimbkbdmcpccechmgkeg"=hex:6b,61,63,61,64,65,61,6c,68,66,70,68,61,
6d,6e,6b,6f,68,62,6b,6f,69,00,77
"abomicdkdejjcdlknofmcaedmcaacjkein"=hex:6b,61,63,61,64,65,61,6c,68,66,70,68,
61,6d,6e,6b,6f,68,62,6b,6f,69,00,00
"abomicdkdejjcdlknofmcaedmcaacjkehn"=hex:6b,61,63,61,64,65,61,6c,68,66,70,68,
61,6d,6e,6b,6f,68,62,6b,6f,69,00,00
"paiocamcaicliimbkbdmcpccechmgkdg"=hex:6b,61,63,61,64,65,61,6c,68,66,70,68,61,
6d,6e,6b,6f,68,62,6b,6f,69,00,77
.
[HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\SecuROM\License information*]
"datasecu"=hex:ef,a7,ed,96,d0,75,99,bd,25,77,dc,53,01,f8,e4,49,27,9c,7b,42,60,
7a,4e,11,91,37,a2,04,f9,57,1c,3c,0e,3d,83,1e,f9,d6,ee,0b,a4,d0,5a,14,0e,df,\
"rkeysecu"=hex:f2,eb,21,cd,d0,e4,bf,9b,b0,a3,a3,ca,d0,82,91,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-01 21:09:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-01 19:09
.
Vor Suchlauf: 13 Verzeichnis(se), 28.970.176.512 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 28.391.260.160 Bytes frei
.
- - End Of File - - 639EF1A6122210F0D6DD8D504EA51E40
Geändert von MK-13 (01.06.2012 um 20:35 Uhr) |
|
| Themen zu BKA Trojaner,Auswertung von Log OTL |
| anwendung, bildschirm, brenner, comodo, defekt, euro, fehler, gesperrt, hängen, internet, kaspersky, locker, log, mahnung, mail, malware, nicht mehr, nicht sicher, prblem, prüfen, rechner, rescue cd, screen, security, seite, starten, system, trojaner, usb, windowsunlocker, zip-datei, öffnen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
