| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.08.2012, 09:06
| #1 |
 |  Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) Hallo zusammen  Gestern drehte mein avast Antivirus durch und meldete mir im gefühlten Sekundentakt blockierte Trojaner und Malware (Win32:Malware-gen und Win32:Troj-gen). Habe daraufhin avast einmal komplett drüberlaufen lassen und Malware Antbytes aktiviert (kp wann oder warum ich das deaktiviert hatte -.- ), mit dem Ergebnis, dass zwei Viren erkannt wurden, welche ich gelöscht habe. Damit hörte das Problem aber nicht auf, im Gegenteil, Malware meldete mir nun auch noch, dass es Zugriffe auf gefährliche Websites blockiere und nachdem ich mich ein bisschen mit google informiert hatte, habe ich mir von Kaspersky den TDSS (?)-Remover runtergeladen. Habe auch das zweimal laufen lassen mit anschließender Löschung von zwei Infektionen und danach gaben Malware und Avast Ruhe. Habe dann gestern Nacht noch einmal mit Malware den ganzen PC komplett gescannt, der noch drei Bedrohungen fand, die ich auch gelöscht habe. PC zeigte und zeigt keinerlei Anzeichen für einen Befall, läuft sauber und genauso schnell wie immer. Adware öffnet sich auch nicht. Will aber trotzdem auf Nummer sicher gehen, und nochmal ordentlich "durchputzen", dafür fehlt mir jedoch das nötige Know-How und hoffe, dass mich hier freundlicherweise jemand an die Hand nimmt und mir hilft OTL logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.08.2012 09:27:11 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,04% Memory free 3,46 Gb Paging File | 2,52 Gb Available in Paging File | 72,74% Paging File free Paging file location(s): c:\pagefile.sys 3067 12000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,78 Gb Total Space | 1,49 Gb Free Space | 0,67% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,03 Gb Free Space | 60,33% Space Free | Partition Type: NTFS Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.15 09:26:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.15 11:41:33 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.05.29 16:55:56 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.05.11 05:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2006.11.05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2006.11.05 12:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe ========== Modules (No Company Name) ========== MOD - [2007.05.11 05:08:40 | 003,076,096 | ---- | M] () -- c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU MOD - [2007.05.11 04:55:44 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU MOD - [2007.05.11 04:54:28 | 000,036,864 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU MOD - [2007.05.11 04:54:20 | 000,026,112 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu MOD - [2007.05.11 04:54:02 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU MOD - [2007.05.11 04:53:52 | 000,974,848 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU MOD - [2007.05.11 04:53:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU MOD - [2007.05.11 04:53:22 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU MOD - [2007.05.11 04:52:58 | 000,159,744 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU MOD - [2007.05.11 04:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU MOD - [2007.05.11 04:52:02 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu MOD - [2007.05.11 04:52:02 | 000,006,656 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU MOD - [2007.05.11 04:51:42 | 000,221,184 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU MOD - [2007.05.11 04:51:38 | 001,224,704 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU MOD - [2007.05.11 04:51:24 | 000,192,512 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU MOD - [2007.05.11 04:50:30 | 000,811,008 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU MOD - [2007.05.11 04:50:04 | 000,077,824 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU MOD - [2007.04.04 15:05:56 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.01.13 05:01:28 | 000,475,136 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll MOD - [2007.01.13 05:01:28 | 000,397,312 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll MOD - [2006.11.05 12:58:44 | 000,516,096 | ---- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll MOD - [2006.11.05 12:28:18 | 004,587,520 | R--- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll MOD - [2006.10.23 03:34:44 | 000,005,120 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU MOD - [2006.10.23 03:33:38 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU MOD - [2006.10.23 03:33:02 | 000,008,192 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU MOD - [2006.10.23 03:32:30 | 000,011,264 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU MOD - [2006.10.23 03:31:30 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu MOD - [2006.10.23 03:30:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.05.31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Paul\AppData\Local\Temp\pxldapod.sys -- (pxldapod) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\6537.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Paul\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Paul\AppData\Local\Temp\inyafakj.sys -- (inyafakj) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.04.04 15:05:54 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool) DRV - [2006.10.10 08:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.10.10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.10.10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.10.10 08:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3071221 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1 FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.07.09 21:21:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.15 11:46:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.15 11:45:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.15 11:48:21 | 000,000,000 | ---D | M] [2008.11.08 21:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions [2012.07.27 10:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions [2011.06.22 22:30:55 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.11.21 09:31:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.26 23:02:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.02 00:53:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.16 18:10:28 | 000,002,354 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\searchplugins\aol-web-search.xml [2011.07.27 20:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.12 01:05:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.09 21:21:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2012.08.12 01:05:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.15 11:46:38 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.06.15 11:42:37 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.01.01 16:58:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp;jsessionid=F9C9205408D9F59EAA745678E7F76607.icc_euro?RT=1337443640288" File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6493CB48-7F85-46D7-AE1F-8F60556E23B4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA9BFC4-8DE8-4444-8520-41FCAFD46533}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\AutoRun\command - "" = gjn2pjlw.exe O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\explore\Command - "" = gjn2pjlw.exe O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\open\Command - "" = gjn2pjlw.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.15 09:26:50 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe [2012.08.15 08:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.08.15 08:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.08.14 23:11:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.08.12 01:05:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.12 01:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.04 17:13:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Unis Bewerbungen [2010.03.26 07:48:53 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Paul\mbam-setup.exe [2010.03.26 00:48:02 | 058,172,520 | ---- | C] (Kaspersky Lab) -- C:\Users\Paul\kav9.0.0.459DE.exe [2010.03.26 00:38:52 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Paul\HJTInstall.exe [2010.03.26 00:20:04 | 009,823,176 | ---- | C] (Microsoft Corporation) -- C:\Users\Paul\windows-kb890830-v3.5.exe [2009.10.15 17:11:07 | 021,128,536 | ---- | C] (DivX, Inc.) -- C:\Users\Paul\DivXInstaller72.exe [2009.08.27 20:20:30 | 001,875,076 | ---- | C] (Password Recovery Magic Studio Ltd. ) -- C:\Users\Paul\RAR-Password-Recovery-Magic.exe [2009.07.01 14:39:57 | 077,690,152 | ---- | C] (Apple Inc.) -- C:\Users\Paul\iTunesSetup.exe [2007.12.29 19:21:46 | 044,575,761 | ---- | C] (Phenomedia AG ) -- C:\Program Files\Setup_Moorhuhn_Kart_XL.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.15 09:26:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe [2012.08.15 09:26:16 | 000,000,000 | ---- | M] () -- C:\Users\Paul\defogger_reenable [2012.08.15 09:08:02 | 000,087,360 | ---- | M] () -- C:\Users\Paul\Desktop\gmer.wmv [2012.08.15 09:08:02 | 000,061,440 | ---- | M] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.15 08:59:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 08:59:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 08:59:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.15 08:40:58 | 000,278,161 | ---- | M] () -- C:\Users\Paul\Desktop\gmer1015.zip [2012.08.15 08:30:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.08.14 22:36:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.13 16:02:58 | 000,308,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.13 16:02:58 | 000,210,908 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.13 16:02:58 | 000,061,620 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.13 16:02:58 | 000,038,804 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.12 01:04:15 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.09 12:55:36 | 000,002,912 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.15 09:26:16 | 000,000,000 | ---- | C] () -- C:\Users\Paul\defogger_reenable [2012.08.15 09:08:00 | 000,087,360 | ---- | C] () -- C:\Users\Paul\Desktop\gmer.wmv [2012.08.15 08:40:58 | 000,278,161 | ---- | C] () -- C:\Users\Paul\Desktop\gmer1015.zip [2012.08.14 22:36:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.12 01:04:15 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.01.18 13:50:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.01.18 13:50:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.01.18 13:49:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.01.02 17:41:30 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.01.02 17:41:26 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2011.01.02 17:41:26 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.01.02 17:41:26 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.01.02 17:41:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.01.02 17:32:27 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat [2010.08.25 11:15:06 | 000,221,584 | ---- | C] () -- C:\Users\Paul\controller.pdf [2010.08.08 18:49:20 | 077,796,050 | ---- | C] () -- C:\Users\Paul\gameskeebrake.zip [2010.07.11 10:14:25 | 003,364,153 | ---- | C] () -- C:\Users\Paul\Upside_(feat._Michelle_Breeze).mp3 [2010.06.02 01:34:57 | 057,817,611 | ---- | C] () -- C:\Users\Paul\Kano_-_Kano_Mixtape.rar [2010.06.02 00:28:59 | 068,414,451 | ---- | C] () -- C:\Users\Paul\Kano_-_Beats_And_Bars__2005___www.beatboxradioshow.blogspot.com_.rar [2010.06.01 23:48:36 | 056,687,361 | ---- | C] () -- C:\Users\Paul\Kano-Beats_&_Bars_(2005).zip [2010.05.29 17:19:04 | 010,871,495 | ---- | C] () -- C:\Users\Paul\Usher_-_OMG_(Feat._Will.I.Am).mp3 [2010.05.13 12:46:05 | 006,469,101 | ---- | C] () -- C:\Users\Paul\Justin_Timberlake_-_Rock_Your_Body.mp3 [2010.05.13 12:25:33 | 003,966,046 | ---- | C] () -- C:\Users\Paul\three 6 mafia feat. tiesto, sean kingston & flo rida - feel it.mp3.mp3 [2010.05.13 12:17:21 | 007,670,478 | ---- | C] () -- C:\Users\Paul\10__Dizzee_Rascal_-_Holiday_[Ft._Chrome].mp3 [2010.05.08 19:26:30 | 007,946,244 | ---- | C] () -- C:\Users\Paul\Surkin_-_Radio_Fireworks_(Riot_In_Belgium_Second_Remix).mp3 [2010.05.08 18:56:11 | 004,235,328 | ---- | C] () -- C:\Users\Paul\Bob_Marley_Vs._Funkstar_Deluxe_-_Sun_Is_Shining.mp3 [2010.04.04 21:44:24 | 000,017,089 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\UserTile.png [2010.03.25 23:55:29 | 004,103,298 | ---- | C] () -- C:\Users\Paul\cleanvirusmsn.zip [2010.03.19 18:00:00 | 008,655,505 | ---- | C] () -- C:\Users\Paul\11 Pursuit Of Happiness.mp3 [2010.03.19 18:00:00 | 008,035,880 | ---- | C] () -- C:\Users\Paul\08 Back Home.mp3 [2010.03.19 18:00:00 | 005,467,521 | ---- | C] () -- C:\Users\Paul\09 Kinda Like A Big Deal (KA Freestyle).mp3 [2010.03.19 18:00:00 | 005,063,145 | ---- | C] () -- C:\Users\Paul\10 Kano In The House (Pon De Floor).mp3 [2010.03.19 17:59:59 | 007,281,464 | ---- | C] () -- C:\Users\Paul\07 Chip Roll, Sausage In Batter.mp3 [2010.03.19 17:59:58 | 009,437,088 | ---- | C] () -- C:\Users\Paul\05 Game Over.mp3 [2010.03.19 17:59:58 | 008,561,464 | ---- | C] () -- C:\Users\Paul\04 Pass Out (KA Freestyle).mp3 [2010.03.19 17:59:58 | 007,593,888 | ---- | C] () -- C:\Users\Paul\03 Track Burglar.mp3 [2010.03.19 17:59:58 | 006,496,745 | ---- | C] () -- C:\Users\Paul\06 Rude Boy.mp3 [2010.03.19 17:59:57 | 008,962,705 | ---- | C] () -- C:\Users\Paul\02 You Are Young.mp3 [2010.03.19 17:59:57 | 000,806,231 | ---- | C] () -- C:\Users\Paul\01 Intro.mp3 [2010.03.19 17:59:05 | 076,615,102 | ---- | C] () -- C:\Users\Paul\Jack Bauer- The 7 Day Edition (www.kanosworld.com).zip [2010.02.21 14:42:23 | 001,579,618 | ---- | C] () -- C:\Users\Paul\img004.jpg [2010.01.07 17:45:56 | 000,953,919 | ---- | C] () -- C:\Users\Paul\Apple Store - Deutschland.mht [2010.01.07 17:45:34 | 000,190,335 | ---- | C] () -- C:\Users\Paul\Sparkasse Krefeld - Ihr persönliches Finanzportal - Ihr Auftrag.mht [2010.01.06 02:05:19 | 001,901,794 | ---- | C] () -- C:\Users\Paul\02 chase the sun.mp3 [2010.01.06 02:00:58 | 007,686,773 | ---- | C] () -- C:\Users\Paul\Planet_Funk_-_Chase_the_Sun.mp3 [2010.01.05 17:31:36 | 006,513,216 | ---- | C] () -- C:\Users\Paul\Nikkfurie_-_The_A_La_Menthe_Extended.mp3 [2009.12.26 15:43:05 | 007,989,158 | ---- | C] () -- C:\Users\Paul\-_Akon_ft_David_Guetta_-_Sexy_Bitch.mp3 [2009.10.11 10:59:48 | 005,556,136 | ---- | C] () -- C:\Users\Paul\Plane9.exe [2009.08.28 15:19:31 | 010,351,542 | ---- | C] () -- C:\Users\Paul\Jay-Z_-_Death_of_Autotune.mp3 [2009.08.27 20:14:21 | 003,449,769 | ---- | C] () -- C:\Users\Paul\-_Planet_Funk_-_Chase_The_Sun.rar [2009.07.02 19:53:14 | 099,423,964 | ---- | C] () -- C:\Users\Paul\34082008.rar [2009.07.02 16:27:56 | 006,393,388 | ---- | C] () -- C:\Users\Paul\myGamersCam_Setup.zip [2009.06.05 13:37:36 | 015,350,784 | ---- | C] () -- C:\Users\Paul\AppleMobileDeviceSupport.msi [2009.06.03 15:09:15 | 000,041,838 | ---- | C] () -- C:\Users\Paul\John_Brown_-_Suburban_Empire_(Hosted_By_Superstar_Jay)-2009-MIXFIEND.torrent [2009.05.22 19:27:18 | 004,329,056 | ---- | C] () -- C:\Users\Paul\DJ_Size_feat._J._Lourenzo___Big_Steve_-_Sunglasses.mp3 [2009.05.15 16:06:32 | 005,824,446 | ---- | C] () -- C:\Users\Paul\She's Glowing (Remix).mp3 [2009.03.31 19:22:03 | 000,463,360 | ---- | C] () -- C:\Users\Paul\Magischer+Kater+3.pps [2008.08.12 15:07:44 | 000,022,328 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\PnkBstrK.sys [2008.01.05 18:30:08 | 000,222,269 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\NMM-MetaData.db [2007.12.29 19:21:48 | 003,108,049 | ---- | C] () -- C:\Program Files\The Beatles - Come Together.mp3 [2007.12.29 19:21:48 | 000,086,791 | ---- | C] () -- C:\Program Files\575m_rot_front.zip [2007.12.29 19:21:48 | 000,062,874 | ---- | C] () -- C:\Program Files\575m_blau_dreiviertelfront.zip [2007.12.29 19:21:48 | 000,062,613 | ---- | C] () -- C:\Program Files\575m_blau_heck.zip [2007.12.29 19:21:48 | 000,057,566 | ---- | C] () -- C:\Program Files\575m_blau_top.zip [2007.12.29 19:21:48 | 000,053,648 | ---- | C] () -- C:\Program Files\575m_rot_seite.zip [2007.12.29 19:21:46 | 005,316,116 | ---- | C] () -- C:\Program Files\Forsaken_Part2.zip [2007.12.29 19:21:46 | 003,060,864 | ---- | C] () -- C:\Program Files\Infamous.mp3 [2007.12.29 19:21:46 | 002,927,388 | ---- | C] () -- C:\Program Files\Infamous.zip [2007.12.28 23:01:19 | 000,002,912 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat [2007.12.28 21:13:39 | 000,000,552 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d8caps.dat [2007.12.28 20:59:41 | 000,061,440 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.28 20:49:52 | 000,001,356 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2010.01.13 00:52:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Amazon [2010.06.02 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.22 18:44:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo [2008.12.31 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ [2008.03.20 17:08:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ Toolbar [2008.03.09 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ6 [2008.05.03 17:46:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LimeWire [2008.03.05 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MAGIX [2008.03.01 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia [2007.12.30 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite [2010.12.10 23:14:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PCDr [2010.04.04 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PeerNetworking [2009.10.11 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Plane9 [2007.12.28 23:19:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template [2012.03.15 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TP [2012.08.15 08:30:12 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\My Games:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\CyberLink:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\Battlefield 2 Demo:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Desktop\Installationsdateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Nokia:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Netscape:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Codemasters:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\City Interactive:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Activision:Roxio EMC Stream @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.08.2012 09:27:12 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,04% Memory free
3,46 Gb Paging File | 2,52 Gb Available in Paging File | 72,74% Paging File free
Paging file location(s): c:\pagefile.sys 3067 12000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 1,49 Gb Free Space | 0,67% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,03 Gb Free Space | 60,33% Space Free | Partition Type: NTFS
Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{150C58DD-54ED-4697-AAA5-16F037C9F7EF}" = Kane and Lynch Dead Men Demo
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F28E36-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne Demo
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.2.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{3D26D137-EA12-4D31-8326-226EA0A819A9}" = Moorhuhn Kart XL
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{501BB464-E875-4E1E-9CF4-8C445DDAE01E}" = Tom Clancy's Splinter Cell Double Agent Demo
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo
"{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins
"{70D52D20-82A5-43CC-85C1-C994FA2EC591}" = Tom Clancy's Rainbow Six: Lockdown Demo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C8DECD-5948-F3DB-6B38-B7AF881647A6}" = ATI Catalyst Install Manager
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"ASIO4ALL" = ASIO4ALL
"Aston Martin Screensaver" = Aston Martin Screensaver
"Aston Martin Vanquish V12 S Screensaver" = Aston Martin Vanquish V12 S Screensaver
"ATITool" = ATITool Overclocking Utility
"avast" = avast! Free Antivirus
"Clean Virus MSN_is1" = Clean Virus MSN
"Collab" = Collab
"Counter-Strike: Source" = Counter-Strike: Source
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driving Speed 2_is1" = Driving Speed 2.0
"eMule" = eMule
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FL Studio 7" = FL Studio 7
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"MAGIX Music Maker 2008 Producer Edition Trial D" = MAGIX Music Maker 2008 Producer Edition Trial 13.0.1.11 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"myGamersCam" = myGamersCam 1.2
"Need For Speed II SE" = Need For Speed II SE
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Operation Flashpoint" = Operation Flashpoint (Uninstall via Start Menu shortcut)
"Ots CD Scratch 1200" = Ots CD Scratch 1200 1.00.044
"OtsTurntables Free" = OtsTurntables Free 1.00.027
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.111
"RealPlayer 15.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"StationRipper" = StationRipper 2.87
"SystemRequirementsLab" = System Requirements Lab
"TmNationsForever_is1" = TmNationsForever
"tt2_demo_is1" = Terrorist Takedown 2 DEMO (1.01)
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinRAR archiver" = WinRAR
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Winamp Toolbar" = Winamp Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.08.2012 19:26:15 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621
Description =
Error - 12.08.2012 05:45:15 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621
Description =
Error - 12.08.2012 10:41:27 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621
Description =
Error - 13.08.2012 14:52:04 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621
Description =
Error - 14.08.2012 06:18:52 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16447, Zeitstempel
0x4fc9cd53, fehlerhaftes Modul aswWebRepIE.dll, Version 7.0.1456.418, Zeitstempel
0x4ff31b8b, Ausnahmecode 0xc0000417, Fehleroffset 0x0004d9fb, Prozess-ID 0x16e4,
Anwendungsstartzeit 01cd7a063332084f.
Error - 14.08.2012 06:25:41 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16447, Zeitstempel
0x4fc9cd53, fehlerhaftes Modul aswWebRepIE.dll, Version 7.0.1456.418, Zeitstempel
0x4ff31b8b, Ausnahmecode 0xc0000417, Fehleroffset 0x0004d9fb, Prozess-ID 0x17bc,
Anwendungsstartzeit 01cd7a072789ca4f.
Error - 14.08.2012 07:33:12 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung InstallFlashPlayer.exe, Version 11.0.1.152,
Zeitstempel 0x4e7d1453, fehlerhaftes Modul InstallFlashPlayer.exe, Version 11.0.1.152,
Zeitstempel 0x4e7d1453, Ausnahmecode 0xc0000005, Fehleroffset 0x000071ad, Prozess-ID
0x14d0, Anwendungsstartzeit 01cd7a1088e81eb9.
Error - 15.08.2012 02:50:01 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.14966, Zeitstempel
0x49ccf290, fehlerhaftes Modul gmer.exe, Version 1.0.15.14966, Zeitstempel 0x49ccf290,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000c4b1, Prozess-ID 0xbf0, Anwendungsstartzeit
01cd7ab1f986aab0.
Error - 15.08.2012 03:03:46 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.14966, Zeitstempel
0x49ccf290, fehlerhaftes Modul gmer.exe, Version 1.0.15.14966, Zeitstempel 0x49ccf290,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000c4b1, Prozess-ID 0x508, Anwendungsstartzeit
01cd7ab3ad461c40.
Error - 15.08.2012 03:06:50 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung qk4ecqzy.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul qk4ecqzy.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x1750,
Anwendungsstartzeit 01cd7ab43f76d2d0.
[ System Events ]
Error - 15.08.2012 02:46:55 | Computer Name = Paul-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 15.08.2012 um 08:45:06 unerwartet heruntergefahren.
Error - 15.08.2012 02:46:43 | Computer Name = Paul-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 15.08.2012 02:47:07 | Computer Name = Paul-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 15.08.2012 02:48:15 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 15.08.2012 02:48:15 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.08.2012 02:58:56 | Computer Name = Paul-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 15.08.2012 02:59:14 | Computer Name = Paul-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 15.08.2012 um 08:57:31 unerwartet heruntergefahren.
Error - 15.08.2012 02:59:06 | Computer Name = Paul-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 15.08.2012 03:00:46 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 15.08.2012 03:00:46 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Gmer kann ich leider nicht ausführen, der Scan bricht immer ab mit der Begründung, xyz.exe funktioniere nicht mehr. Der Bericht vom letzten Malware Bytes Scan: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.14.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Paul :: PAUL-PC [Administrator] Schutz: Aktiviert 14.08.2012 23:36:28 mbam-log-2012-08-14 (23-36-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 440218 Laufzeit: 2 Stunde(n), 12 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\TDSSKiller_Quarantine\14.08.2012_23.09.55\zasubsys0000\zafs0000\tsk0001.dta (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Paul\AppData\Local\Temp\Low\msimg32.dll (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Paul\AppData\Local\Temp\Low\adfm32.exe (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
18.08.2012, 09:55
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) Schön und wo sind die Logs von Avast?
__________________ Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Code:
ATTFilter C:\TDSSKiller_Quarantine\14.08.2012_23.09.55\zasubsys0000\zafs0000\tsk0001.dta (
Wo ist das Log dazu?
__________________ |
|
19.08.2012, 17:40
| #3 |
| | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) wo finde ich denn die logs von avast und tdss-killer ?
__________________ha bschon drauf geachtet, dass ich mir nicht das system zerschieße, wenn ich dasd noch richtig in erinnerung habe, hatt tdss ds ding sogar mit namen identifiziert und als hoch riskant eingestuft. auf gute zusammenarbeit  |
|
20.08.2012, 20:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) Angeblich sollen die Logs hier sein => C:\ProgramData\AVAST Software\Avast\log Die vom TDSS-Killer sind direkt auf C:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2012, 23:13
| #5 |
| | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)Code:
ATTFilter 23:09:55.0643 4160 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
23:09:55.0799 4160 ============================================================
23:09:55.0799 4160 Current date / time: 2012/08/14 23:09:55.0799
23:09:55.0799 4160 SystemInfo:
23:09:55.0799 4160
23:09:55.0799 4160 OS Version: 6.0.6002 ServicePack: 2.0
23:09:55.0799 4160 Product type: Workstation
23:09:55.0799 4160 ComputerName: PAUL-PC
23:09:55.0799 4160 UserName: Paul
23:09:55.0799 4160 Windows directory: C:\Windows
23:09:55.0799 4160 System windows directory: C:\Windows
23:09:55.0799 4160 Processor architecture: Intel x86
23:09:55.0799 4160 Number of processors: 2
23:09:55.0799 4160 Page size: 0x1000
23:09:55.0799 4160 Boot type: Normal boot
23:09:55.0799 4160 ============================================================
23:09:57.0109 4160 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:09:57.0219 4160 ============================================================
23:09:57.0219 4160 \Device\Harddisk0\DR0:
23:09:57.0219 4160 MBR partitions:
23:09:57.0219 4160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
23:09:57.0219 4160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
23:09:57.0219 4160 ============================================================
23:09:57.0250 4160 C: <-> \Device\Harddisk0\DR0\Partition2
23:09:57.0281 4160 D: <-> \Device\Harddisk0\DR0\Partition1
23:09:57.0281 4160 ============================================================
23:09:57.0281 4160 Initialize success
23:09:57.0281 4160 ============================================================
23:10:02.0991 4676 ============================================================
23:10:02.0991 4676 Scan started
23:10:02.0991 4676 Mode: Manual;
23:10:02.0991 4676 ============================================================
23:10:04.0473 4676 ================ Scan services =============================
23:10:05.0065 4676 [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:10:05.0143 4676 ACPI - ok
23:10:05.0237 4676 [ 2edc5bbac6c651ece337bde8ed97c9fb ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:10:05.0253 4676 adp94xx - ok
23:10:05.0331 4676 [ b84088ca3cdca97da44a984c6ce1ccad ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:10:05.0346 4676 adpahci - ok
23:10:05.0393 4676 [ 7880c67bccc27c86fd05aa2afb5ea469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:10:05.0409 4676 adpu160m - ok
23:10:05.0471 4676 [ 9ae713f8e30efc2abccd84904333df4d ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:10:05.0487 4676 adpu320 - ok
23:10:05.0549 4676 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:10:05.0549 4676 AeLookupSvc - ok
23:10:05.0627 4676 [ 3911b972b55fea0478476b2e777b29fa ] AFD C:\Windows\system32\drivers\afd.sys
23:10:05.0627 4676 AFD - ok
23:10:05.0705 4676 [ 8b10ce1c1f9f1d47e4deb1a547a00cd4 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:10:05.0705 4676 agp440 - ok
23:10:05.0767 4676 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:10:05.0783 4676 aic78xx - ok
23:10:05.0814 4676 [ a1545b731579895d8cc44fc0481c1192 ] ALG C:\Windows\System32\alg.exe
23:10:05.0814 4676 ALG - ok
23:10:05.0861 4676 [ dc67a153fdb8105b25d05334b5e1d8e2 ] aliide C:\Windows\system32\drivers\aliide.sys
23:10:05.0877 4676 aliide - ok
23:10:05.0923 4676 [ 848f27e5b27c1c253f6cefdc1a5d8f21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:10:05.0939 4676 amdagp - ok
23:10:05.0986 4676 [ 835c4c3355088298a5ebd818fa31430f ] amdide C:\Windows\system32\drivers\amdide.sys
23:10:06.0001 4676 amdide - ok
23:10:06.0064 4676 [ dc487885bcef9f28eece6fac0e5ddfc5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:10:06.0079 4676 AmdK7 - ok
23:10:06.0111 4676 [ 0ca0071da4315b00fc1328ca86b425da ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:10:06.0111 4676 AmdK8 - ok
23:10:06.0189 4676 [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo C:\Windows\System32\appinfo.dll
23:10:06.0204 4676 Appinfo - ok
23:10:06.0423 4676 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:10:06.0438 4676 Apple Mobile Device - ok
23:10:06.0485 4676 [ 5f673180268bb1fdb69c99b6619fe379 ] arc C:\Windows\system32\drivers\arc.sys
23:10:06.0501 4676 arc - ok
23:10:06.0594 4676 [ 957f7540b5e7f602e44648c7de5a1c05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:10:06.0625 4676 arcsas - ok
23:10:06.0735 4676 [ 1c1f3d6dddc046c920c493a779649f66 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
23:10:06.0750 4676 aswFsBlk - ok
23:10:06.0891 4676 [ a48d8015af2a0d8b4937613ffbfd28de ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
23:10:06.0906 4676 aswMonFlt - ok
23:10:06.0922 4676 [ 982e275d1c5801042fe94209fb0160fb ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
23:10:06.0953 4676 aswRdr - ok
23:10:07.0234 4676 [ 73dbcf808e00580f2a47f93dd9b03876 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
23:10:07.0483 4676 aswSnx - ok
23:10:07.0624 4676 [ 6cbd7d3a33f498d09c831cdd732da2e0 ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:10:07.0858 4676 aswSP - ok
23:10:07.0889 4676 [ 7109a9aa551f37cd168c02368465957e ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
23:10:07.0920 4676 aswTdi - ok
23:10:07.0983 4676 [ 53b202abee6455406254444303e87be1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:10:07.0998 4676 AsyncMac - ok
23:10:08.0076 4676 [ 1f05b78ab91c9075565a9d8a4b880bc4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:10:08.0076 4676 atapi - ok
23:10:08.0310 4676 [ b488fc27338b83c9fc91d684467eeb7e ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
23:10:08.0388 4676 Ati External Event Utility - ok
23:10:08.0482 4676 [ 0e4bb35c5305099ac82053ac992e3e0e ] ATITool C:\Windows\system32\DRIVERS\ATITool.sys
23:10:08.0497 4676 ATITool - ok
23:10:08.0685 4676 [ 68e2a1a0407a66cf50da0300852424ab ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:10:08.0887 4676 AudioEndpointBuilder - ok
23:10:09.0012 4676 [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:10:09.0012 4676 Audiosrv - ok
23:10:09.0231 4676 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:10:09.0262 4676 avast! Antivirus - ok
23:10:09.0480 4676 [ cf6a67c90951e3e763d2135dede44b85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
23:10:09.0574 4676 BCM43XV - ok
23:10:09.0667 4676 [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:10:09.0699 4676 Beep - ok
23:10:09.0823 4676 [ c789af0f724fda5852fb9a7d3a432381 ] BFE C:\Windows\System32\bfe.dll
23:10:09.0855 4676 BFE - ok
23:10:10.0120 4676 [ 93952506c6d67330367f7e7934b6a02f ] BITS C:\Windows\System32\qmgr.dll
23:10:10.0541 4676 BITS - ok
23:10:10.0557 4676 blbdrive - ok
23:10:10.0884 4676 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:10:10.0947 4676 Bonjour Service - ok
23:10:11.0025 4676 [ 35f376253f687bde63976ccb3f2108ca ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:10:11.0056 4676 bowser - ok
23:10:11.0181 4676 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:10:11.0196 4676 BrFiltLo - ok
23:10:11.0227 4676 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:10:11.0227 4676 BrFiltUp - ok
23:10:11.0290 4676 [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser C:\Windows\System32\browser.dll
23:10:11.0305 4676 Browser - ok
23:10:11.0399 4676 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:10:11.0430 4676 Brserid - ok
23:10:11.0477 4676 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:10:11.0477 4676 BrSerWdm - ok
23:10:11.0508 4676 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:10:11.0539 4676 BrUsbMdm - ok
23:10:11.0571 4676 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:10:11.0602 4676 BrUsbSer - ok
23:10:11.0649 4676 [ ad07c1ec6665b8b35741ab91200c6b68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:10:11.0664 4676 BTHMODEM - ok
23:10:11.0820 4676 [ a4c8377fa4a994e07075107dbe2e3dce ] BthServ C:\Windows\System32\bthserv.dll
23:10:11.0836 4676 BthServ - ok
23:10:11.0898 4676 [ 7add03e75beb9e6dd102c3081d29840a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:10:11.0914 4676 cdfs - ok
23:10:12.0039 4676 [ 6b4bffb9becd728097024276430db314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:10:12.0039 4676 cdrom - ok
23:10:12.0163 4676 [ 312ec3e37a0a1f2006534913e37b4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:10:12.0179 4676 CertPropSvc - ok
23:10:12.0241 4676 [ da8e0afc7baa226c538ef53ac2f90897 ] circlass C:\Windows\system32\drivers\circlass.sys
23:10:12.0257 4676 circlass - ok
23:10:12.0366 4676 [ d7659d3b5b92c31e84e53c1431f35132 ] CLFS C:\Windows\system32\CLFS.sys
23:10:12.0444 4676 CLFS - ok
23:10:12.0616 4676 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:10:12.0616 4676 clr_optimization_v2.0.50727_32 - ok
23:10:12.0663 4676 [ e79cbb2195e965f6e3256e2c1b23fd1c ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:10:12.0678 4676 cmdide - ok
23:10:12.0709 4676 [ 82b8c91d327cfecf76cb58716f7d4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:10:12.0725 4676 Compbatt - ok
23:10:12.0741 4676 COMSysApp - ok
23:10:12.0772 4676 [ 2a213ae086bbec5e937553c7d9a2b22c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:10:12.0787 4676 crcdisk - ok
23:10:12.0834 4676 [ 22a7f883508176489f559ee745b5bf5d ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:10:12.0834 4676 Crusoe - ok
23:10:12.0928 4676 [ 75c6a297e364014840b48eccd7525e30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:10:12.0928 4676 CryptSvc - ok
23:10:13.0131 4676 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:10:13.0255 4676 cvhsvc - ok
23:10:13.0396 4676 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:10:13.0427 4676 DcomLaunch - ok
23:10:13.0474 4676 [ 622c41a07ca7e6dd91770f50d532cb6c ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:10:13.0474 4676 DfsC - ok
23:10:13.0630 4676 [ 2cc3dcfb533a1035b13dcab6160ab38b ] DFSR C:\Windows\system32\DFSR.exe
23:10:14.0035 4676 DFSR - ok
23:10:14.0207 4676 [ 9028559c132146fb75eb7acf384b086a ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:10:14.0269 4676 Dhcp - ok
23:10:14.0316 4676 [ 5d4aefc3386920236a548271f8f1af6a ] disk C:\Windows\system32\drivers\disk.sys
23:10:14.0332 4676 disk - ok
23:10:14.0394 4676 [ 57d762f6f5974af0da2be88a3349baaa ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:10:14.0410 4676 Dnscache - ok
23:10:14.0472 4676 [ 324fd74686b1ef5e7c19a8af49e748f6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:10:14.0488 4676 dot3svc - ok
23:10:14.0519 4676 [ a622e888f8aa2f6b49e9bc466f0e5def ] DPS C:\Windows\system32\dps.dll
23:10:14.0535 4676 DPS - ok
23:10:14.0597 4676 [ 97fef831ab90bee128c9af390e243f80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:10:14.0628 4676 drmkaud - ok
23:10:14.0722 4676 [ c68ac676b0ef30cfbb1080adce49eb1f ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:10:14.0784 4676 DXGKrnl - ok
23:10:15.0018 4676 [ 04944f4fc4f0477185f5d26ae0ddb90e ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
23:10:15.0049 4676 e1express - ok
23:10:15.0127 4676 [ f88fb26547fd2ce6d0a5af2985892c48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:10:15.0159 4676 E1G60 - ok
23:10:15.0221 4676 [ c0b95e40d85cd807d614e264248a45b9 ] EapHost C:\Windows\System32\eapsvc.dll
23:10:15.0237 4676 EapHost - ok
23:10:15.0361 4676 [ 7f64ea048dcfac7acf8b4d7b4e6fe371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:10:15.0361 4676 Ecache - ok
23:10:15.0517 4676 [ 9be3744d295a7701eb425332014f0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:10:15.0533 4676 ehRecvr - ok
23:10:15.0564 4676 [ ad1870c8e5d6dd340c829e6074bf3c3f ] ehSched C:\Windows\ehome\ehsched.exe
23:10:15.0580 4676 ehSched - ok
23:10:15.0627 4676 [ c27c4ee8926e74aa72efcab24c5242c3 ] ehstart C:\Windows\ehome\ehstart.dll
23:10:15.0627 4676 ehstart - ok
23:10:15.0658 4676 [ e8f3f21a71720c84bcf423b80028359f ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:10:15.0673 4676 elxstor - ok
23:10:15.0845 4676 [ 4e6b23dfc917ea39306b529b773950f4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:10:15.0939 4676 EMDMgmt - ok
23:10:16.0049 4676 [ 67058c46504bc12d821f38cf99b7b28f ] EventSystem C:\Windows\system32\es.dll
23:10:16.0189 4676 EventSystem - ok
23:10:16.0283 4676 [ 22b408651f9123527bcee54b4f6c5cae ] exfat C:\Windows\system32\drivers\exfat.sys
23:10:16.0283 4676 exfat - ok
23:10:16.0345 4676 [ 1e9b9a70d332103c52995e957dc09ef8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:10:16.0345 4676 fastfat - ok
23:10:16.0408 4676 [ afe1e8b9782a0dd7fb46bbd88e43f89a ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:10:16.0408 4676 fdc - ok
23:10:16.0439 4676 [ 6629b5f0e98151f4afdd87567ea32ba3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:10:16.0439 4676 fdPHost - ok
23:10:16.0470 4676 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:10:16.0486 4676 FDResPub - ok
23:10:16.0517 4676 [ a8c0139a884861e3aae9cfe73b208a9f ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:10:16.0517 4676 FileInfo - ok
23:10:16.0564 4676 [ 0ae429a696aecbc5970e3cf2c62635ae ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:10:16.0564 4676 Filetrace - ok
23:10:16.0954 4676 [ 167d24a045499ebef438f231976158df ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
23:10:17.0048 4676 FirebirdServerMAGIXInstance - ok
23:10:17.0111 4676 [ 6603957eff5ec62d25075ea8ac27de68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:10:17.0126 4676 flpydisk - ok
23:10:17.0220 4676 [ 01334f9ea68e6877c4ef05d3ea8abb05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:10:17.0251 4676 FltMgr - ok
23:10:17.0501 4676 [ 452feaab2a8dbb42ed751754cb2594f5 ] FontCache C:\Windows\system32\FntCache.dll
23:10:17.0750 4676 FontCache - ok
23:10:17.0906 4676 [ c7fbdd1ed42f82bfa35167a5c9803ea3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:10:17.0922 4676 FontCache3.0.0.0 - ok
23:10:17.0953 4676 [ b972a66758577e0bfd1de0f91aaa27b5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:10:17.0969 4676 Fs_Rec - ok
23:10:18.0015 4676 [ 4e1cd0a45c50a8882616cae5bf82f3c5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:10:18.0031 4676 gagp30kx - ok
23:10:18.0093 4676 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:10:18.0093 4676 GEARAspiWDM - ok
23:10:18.0811 4676 [ 1c23ca2beb4fa0a92b87164c35212b11 ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:10:18.0951 4676 GoogleDesktopManager - ok
23:10:19.0217 4676 [ cd5d0aeee35dfd4e986a5aa1500a6e66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:10:19.0497 4676 gpsvc - ok
23:10:19.0560 4676 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:10:19.0560 4676 gusvc - ok
23:10:19.0731 4676 [ 3f90e001369a07243763bd5a523d8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:10:19.0747 4676 HdAudAddService - ok
23:10:19.0950 4676 [ 062452b7ffd68c8c042a6261fe8dff4a ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:10:20.0137 4676 HDAudBus - ok
23:10:20.0231 4676 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:10:20.0262 4676 HidBth - ok
23:10:21.0198 4676 [ ff3160c3a2445128c5a6d9b076da519e ] HidIr C:\Windows\system32\drivers\hidir.sys
23:10:21.0213 4676 HidIr - ok
23:10:21.0245 4676 [ 84067081f3318162797385e11a8f0582 ] hidserv C:\Windows\system32\hidserv.dll
23:10:21.0276 4676 hidserv - ok
23:10:21.0307 4676 [ cca4b519b17e23a00b826c55716809cc ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:10:21.0323 4676 HidUsb - ok
23:10:21.0369 4676 [ d8ad255b37da92434c26e4876db7d418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:10:21.0369 4676 hkmsvc - ok
23:10:21.0401 4676 [ df353b401001246853763c4b7aaa6f50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:10:21.0416 4676 HpCISSs - ok
23:10:21.0463 4676 [ f870aa3e254628ebeafe754108d664de ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:10:21.0463 4676 HTTP - ok
23:10:21.0510 4676 [ 324c2152ff2c61abae92d09f3cca4d63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:10:21.0541 4676 i2omp - ok
23:10:21.0635 4676 [ 22d56c8184586b7a1f6fa60be5f5a2bd ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:10:21.0635 4676 i8042prt - ok
23:10:21.0728 4676 [ 997e8f5939f2d12cd9f2e6b395724c16 ] iaStor C:\Windows\system32\drivers\iastor.sys
23:10:21.0728 4676 iaStor - ok
23:10:21.0837 4676 [ c957bf4b5d80b46c5017bf0101e6c906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:10:21.0853 4676 iaStorV - ok
23:10:22.0009 4676 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:10:22.0009 4676 IDriverT - ok
23:10:22.0149 4676 [ 98477b08e61945f974ed9fdc4cb6bdab ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:10:22.0181 4676 idsvc - ok
23:10:22.0789 4676 [ c134e69ce901422d1f2d7ea8d69098fe ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:10:22.0945 4676 igfx - ok
23:10:22.0961 4676 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:10:22.0976 4676 iirsp - ok
23:10:23.0148 4676 [ 9908d8a397b76cd8d31d0d383c5773c9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:10:23.0444 4676 IKEEXT - ok
23:10:24.0115 4676 [ 4eae74c8bcbca309a5d7cbad7e231427 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:10:24.0271 4676 IntcAzAudAddService - ok
23:10:24.0333 4676 [ 0084046c084d68e494f8cf36bcf08186 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:10:24.0365 4676 intelide - ok
23:10:24.0427 4676 [ 224191001e78c89dfa78924c3ea595ff ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:10:24.0443 4676 intelppm - ok
23:10:24.0505 4676 [ 9ac218c6e6105477484c6fdbe7d409a4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:10:24.0521 4676 IPBusEnum - ok
23:10:24.0599 4676 [ 62c265c38769b864cb25b4bcf62df6c3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:10:24.0599 4676 IpFilterDriver - ok
23:10:24.0708 4676 [ 1998bd97f950680bb55f55a7244679c2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:10:24.0723 4676 iphlpsvc - ok
23:10:24.0739 4676 IpInIp - ok
23:10:24.0879 4676 [ 40f34f8aba2a015d780e4b09138b6c17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:10:24.0911 4676 IPMIDRV - ok
23:10:25.0035 4676 [ 8793643a67b42cec66490b2a0cf92d68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:10:25.0067 4676 IPNAT - ok
23:10:25.0613 4676 [ 178fe38b7740f598391eb2f51ae4ccac ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:10:26.0502 4676 iPod Service - ok
23:10:26.0595 4676 [ 109c0dfb82c3632fbd11949b73aeeac9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:10:26.0642 4676 IRENUM - ok
23:10:26.0751 4676 [ 2f8ece2699e7e2070545e9b0960a8ed2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:10:26.0783 4676 isapnp - ok
23:10:26.0923 4676 [ 232fa340531d940aac623b121a595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:10:27.0017 4676 iScsiPrt - ok
23:10:27.0048 4676 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:10:27.0063 4676 iteatapi - ok
23:10:27.0141 4676 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:10:27.0157 4676 iteraid - ok
23:10:27.0251 4676 [ 37605e0a8cf00cbba538e753e4344c6e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:10:27.0266 4676 kbdclass - ok
23:10:27.0360 4676 [ ede59ec70e25c24581add1fbec7325f7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:10:27.0375 4676 kbdhid - ok
23:10:27.0422 4676 [ a3e186b4b935905b829219502557314e ] KeyIso C:\Windows\system32\lsass.exe
23:10:27.0422 4676 KeyIso - ok
23:10:27.0547 4676 [ 4a1445efa932a3baf5bdb02d7131ee20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:10:27.0719 4676 KSecDD - ok
23:10:27.0859 4676 [ 8078f8f8f7a79e2e6b494523a828c585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:10:27.0921 4676 KtmRm - ok
23:10:27.0999 4676 [ 1bf5eebfd518dd7298434d8c862f825d ] LanmanServer C:\Windows\system32\srvsvc.dll
23:10:28.0046 4676 LanmanServer - ok
23:10:28.0155 4676 [ 1db69705b695b987082c8baec0c6b34f ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:10:28.0187 4676 LanmanWorkstation - ok
23:10:28.0265 4676 [ d1c5883087a0c3f1344d9d55a44901f6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:10:28.0280 4676 lltdio - ok
23:10:28.0358 4676 [ 2d5a428872f1442631d0959a34abff63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:10:28.0483 4676 lltdsvc - ok
23:10:28.0592 4676 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:10:28.0639 4676 lmhosts - ok
23:10:28.0733 4676 [ a2262fb9f28935e862b4db46438c80d2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:10:28.0748 4676 LSI_FC - ok
23:10:28.0779 4676 [ 30d73327d390f72a62f32c103daf1d6d ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:10:28.0826 4676 LSI_SAS - ok
23:10:28.0873 4676 [ e1e36fefd45849a95f1ab81de0159fe3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:10:29.0045 4676 LSI_SCSI - ok
23:10:29.0232 4676 [ 8f5c7426567798e62a3b3614965d62cc ] luafv C:\Windows\system32\drivers\luafv.sys
23:10:29.0497 4676 luafv - ok
23:10:30.0059 4676 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:10:30.0059 4676 MBAMProtector - ok
23:10:30.0199 4676 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:10:30.0215 4676 MBAMService - ok
23:10:30.0495 4676 [ 0db7527db188c7d967a37bb51bbf3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
23:10:30.0511 4676 MBAMSwissArmy - ok
23:10:30.0558 4676 [ aef9babb8a506bc4ce0451a64aaded46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:10:30.0667 4676 Mcx2Svc - ok
23:10:30.0870 4676 [ d153b14fc6598eae8422a2037553adce ] megasas C:\Windows\system32\drivers\megasas.sys
23:10:30.0870 4676 megasas - ok
23:10:30.0901 4676 [ 1076ffcffaae8385fd62dfcb25ac4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:10:30.0901 4676 MMCSS - ok
23:10:31.0182 4676 [ e13b5ea0f51ba5b1512ec671393d09ba ] Modem C:\Windows\system32\drivers\modem.sys
23:10:31.0229 4676 Modem - ok
23:10:31.0431 4676 [ 0a9bb33b56e294f686abb7c1e4e2d8a8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:10:31.0478 4676 monitor - ok
23:10:31.0541 4676 [ 5bf6a1326a335c5298477754a506d263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:10:31.0556 4676 mouclass - ok
23:10:31.0556 4676 [ 93b8d4869e12cfbe663915502900876f ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:10:31.0572 4676 mouhid - ok
23:10:31.0712 4676 [ bdafc88aa6b92f7842416ea6a48e1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:10:31.0728 4676 MountMgr - ok
23:10:32.0040 4676 [ 583a41f26278d9e0ea548163d6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
23:10:32.0133 4676 mpio - ok
23:10:32.0196 4676 [ 22241feba9b2defa669c8cb0a8dd7d2e ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:10:32.0196 4676 mpsdrv - ok
23:10:32.0383 4676 [ 5de62c6e9108f14f6794060a9bdecaec ] MpsSvc C:\Windows\system32\mpssvc.dll
23:10:32.0478 4676 MpsSvc - ok
23:10:32.0524 4676 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:10:32.0524 4676 Mraid35x - ok
23:10:32.0774 4676 [ 82cea0395524aacfeb58ba1448e8325c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:10:32.0805 4676 MRxDAV - ok
23:10:32.0868 4676 [ 1e94971c4b446ab2290deb71d01cf0c2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:10:33.0039 4676 mrxsmb - ok
23:10:33.0242 4676 [ 4fccb34d793b116423209c0f8b7a3b03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:10:33.0304 4676 mrxsmb10 - ok
23:10:33.0382 4676 [ c3cb1b40ad4a0124d617a1199b0b9d7c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:10:33.0476 4676 mrxsmb20 - ok
23:10:33.0570 4676 [ d420bc42a637ac3cc4f411220549c0dc ] msahci C:\Windows\system32\drivers\msahci.sys
23:10:33.0585 4676 msahci - ok
23:10:33.0616 4676 [ 3fc82a2ae4cc149165a94699183d3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:10:33.0679 4676 msdsm - ok
23:10:33.0772 4676 [ fd7520cc3a80c5fc8c48852bb24c6ded ] MSDTC C:\Windows\System32\msdtc.exe
23:10:33.0772 4676 MSDTC - ok
23:10:33.0975 4676 [ a9927f4a46b816c92f461acb90cf8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:10:33.0975 4676 Msfs - ok
23:10:34.0053 4676 [ 0f400e306f385c56317357d6dea56f62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:10:34.0053 4676 msisadrv - ok
23:10:34.0162 4676 [ 85466c0757a23d9a9aecdc0755203cb2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:10:34.0225 4676 MSiSCSI - ok
23:10:34.0256 4676 msiserver - ok
23:10:34.0334 4676 [ d8c63d34d9c9e56c059e24ec7185cc07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:10:34.0396 4676 MSKSSRV - ok
23:10:34.0537 4676 [ 1d373c90d62ddb641d50e55b9e78d65e ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:10:34.0568 4676 MSPCLOCK - ok
23:10:34.0662 4676 [ b572da05bf4e098d4bba3a4734fb505b ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:10:34.0693 4676 MSPQM - ok
23:10:34.0958 4676 [ b49456d70555de905c311bcda6ec6adb ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:10:34.0974 4676 MsRPC - ok
23:10:35.0301 4676 [ e384487cb84be41d09711c30ca79646c ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:10:35.0301 4676 mssmbios - ok
23:10:35.0410 4676 [ 7199c1eec1e4993caf96b8c0a26bd58a ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:10:35.0426 4676 MSTEE - ok
23:10:35.0520 4676 [ 6a57b5733d4cb702c8ea4542e836b96c ] Mup C:\Windows\system32\Drivers\mup.sys
23:10:35.0551 4676 Mup - ok
23:10:35.0598 4676 [ e4eaf0c5c1b41b5c83386cf212ca9584 ] napagent C:\Windows\system32\qagentRT.dll
23:10:35.0613 4676 napagent - ok
23:10:35.0691 4676 [ 85c44fdff9cf7e72a40dcb7ec06a4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:10:35.0785 4676 NativeWifiP - ok
23:10:36.0144 4676 [ 1357274d1883f68300aeadd15d7bbb42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:10:36.0300 4676 NDIS - ok
23:10:36.0378 4676 [ 0e186e90404980569fb449ba7519ae61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:10:36.0409 4676 NdisTapi - ok
23:10:36.0499 4676 [ d6973aa34c4d5d76c0430b181c3cd389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:10:36.0557 4676 Ndisuio - ok
23:10:36.0641 4676 [ 818f648618ae34f729fdb47ec68345c3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:10:36.0730 4676 NdisWan - ok
23:10:36.0836 4676 [ 71dab552b41936358f3b541ae5997fb3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:10:36.0839 4676 NDProxy - ok
23:10:36.0955 4676 [ bcd093a5a6777cf626434568dc7dba78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:10:36.0971 4676 NetBIOS - ok
23:10:37.0025 4676 [ ecd64230a59cbd93c85f1cd1cab9f3f6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:10:37.0031 4676 netbt - ok
23:10:37.0081 4676 [ a3e186b4b935905b829219502557314e ] Netlogon C:\Windows\system32\lsass.exe
23:10:37.0099 4676 Netlogon - ok
23:10:37.0315 4676 [ c8052711daecc48b982434c5116ca401 ] Netman C:\Windows\System32\netman.dll
23:10:37.0418 4676 Netman - ok
23:10:37.0528 4676 [ 2ef3bbe22e5a5acd1428ee387a0d0172 ] netprofm C:\Windows\System32\netprofm.dll
23:10:37.0528 4676 netprofm - ok
23:10:37.0591 4676 [ d6c4e4a39a36029ac0813d476fbd0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:10:37.0606 4676 NetTcpPortSharing - ok
23:10:37.0669 4676 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:10:37.0669 4676 nfrd960 - ok
23:10:37.0731 4676 [ 2997b15415f9bbe05b5a4c1c85e0c6a2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:10:37.0731 4676 NlaSvc - ok
23:10:37.0808 4676 [ 1926b4eef80f4a0c8cc8fcbb6b4a7461 ] Nokia USB Generic C:\Windows\system32\drivers\nmwcdc.sys
23:10:37.0813 4676 Nokia USB Generic - ok
23:10:37.0853 4676 [ df4211b6ca609ff11f43261e04ac92f1 ] Nokia USB Modem C:\Windows\system32\drivers\nmwcdcm.sys
23:10:37.0856 4676 Nokia USB Modem - ok
23:10:37.0949 4676 [ ddfe78eeb4afcf91edc52b8f7c7dad15 ] Nokia USB Phone Parent C:\Windows\system32\drivers\nmwcd.sys
23:10:37.0973 4676 Nokia USB Phone Parent - ok
23:10:38.0055 4676 [ df4211b6ca609ff11f43261e04ac92f1 ] Nokia USB Port C:\Windows\system32\drivers\nmwcdcj.sys
23:10:38.0057 4676 Nokia USB Port - ok
23:10:38.0114 4676 [ d36f239d7cce1931598e8fb90a0dbc26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:10:38.0122 4676 Npfs - ok
23:10:38.0173 4676 [ 8bb86f0c7eea2bded6fe095d0b4ca9bd ] nsi C:\Windows\system32\nsisvc.dll
23:10:38.0188 4676 nsi - ok
23:10:38.0234 4676 [ 609773e344a97410ce4ebf74a8914fcf ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:10:38.0263 4676 nsiproxy - ok
23:10:38.0513 4676 [ 6a4a98cee84cf9e99564510dda4baa47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:10:38.0641 4676 Ntfs - ok
23:10:38.0683 4676 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:10:38.0698 4676 ntrigdigi - ok
23:10:38.0755 4676 [ c5dbbcda07d780bda9b685df333bb41e ] Null C:\Windows\system32\drivers\Null.sys
23:10:38.0755 4676 Null - ok
23:10:38.0802 4676 [ e69e946f80c1c31c53003bfbf50cbb7c ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:10:38.0802 4676 nvraid - ok
23:10:38.0833 4676 [ 9e0ba19a28c498a6d323d065db76dffc ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:10:38.0833 4676 nvstor - ok
23:10:38.0848 4676 [ 055081fd5076401c1ee1bcab08d81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:10:38.0848 4676 nv_agp - ok
23:10:38.0849 4676 NwlnkFlt - ok
23:10:38.0849 4676 NwlnkFwd - ok
23:10:38.0956 4676 [ be32da025a0be1878f0ee8d6d9386cd5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:10:38.0972 4676 ohci1394 - ok
23:10:39.0069 4676 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:10:39.0194 4676 ose - ok
23:10:39.0890 4676 [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:10:41.0008 4676 osppsvc - ok
23:10:41.0237 4676 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:10:41.0678 4676 p2pimsvc - ok
23:10:41.0895 4676 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:10:41.0902 4676 p2psvc - ok
23:10:41.0979 4676 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport C:\Windows\system32\drivers\parport.sys
23:10:41.0999 4676 Parport - ok
23:10:42.0080 4676 [ b9c2b89f08670e159f7181891e449cd9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:10:42.0101 4676 partmgr - ok
23:10:42.0171 4676 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:10:42.0195 4676 Parvdm - ok
23:10:42.0270 4676 [ c6276ad11f4bb49b58aa1ed88537f14a ] PcaSvc C:\Windows\System32\pcasvc.dll
23:10:42.0292 4676 PcaSvc - ok
23:10:42.0377 4676 [ 941dc1d19e7e8620f40bbc206981efdb ] pci C:\Windows\system32\drivers\pci.sys
23:10:42.0403 4676 pci - ok
23:10:42.0489 4676 [ 1636d43f10416aeb483bc6001097b26c ] pciide C:\Windows\system32\drivers\pciide.sys
23:10:42.0509 4676 pciide - ok
23:10:42.0571 4676 [ e6f3fb1b86aa519e7698ad05e58b04e5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:10:42.0602 4676 pcmcia - ok
23:10:42.0899 4676 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:10:43.0164 4676 PEAUTH - ok
23:10:43.0601 4676 [ b1689df169143f57053f795390c99db3 ] pla C:\Windows\system32\pla.dll
23:10:44.0178 4676 pla - ok
23:10:44.0272 4676 [ c5e7f8a996ec0a82d508fd9064a5569e ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:10:44.0303 4676 PlugPlay - ok
23:10:44.0365 4676 [ 0e01d7eebada0b324db0ca1ee73440ba ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
23:10:44.0381 4676 PnkBstrA - ok
23:10:44.0428 4676 [ 1428e6cc1458a36cbfc1f2e304c7c42d ] PnkBstrB C:\Windows\system32\PnkBstrB.exe
23:10:44.0443 4676 PnkBstrB - ok
23:10:44.0474 4676 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:10:44.0474 4676 PNRPAutoReg - ok
23:10:44.0506 4676 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:10:44.0521 4676 PNRPsvc - ok
23:10:44.0630 4676 [ d0494460421a03cd5225cca0059aa146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:10:44.0755 4676 PolicyAgent - ok
23:10:44.0833 4676 [ ecfffaec0c1ecd8dbc77f39070ea1db1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:10:44.0833 4676 PptpMiniport - ok
23:10:44.0864 4676 [ 0e3cef5d28b40cf273281d620c50700a ] Processor C:\Windows\system32\drivers\processr.sys
23:10:44.0880 4676 Processor - ok
23:10:44.0927 4676 [ 0508faa222d28835310b7bfca7a77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:10:44.0958 4676 ProfSvc - ok
23:10:44.0974 4676 [ a3e186b4b935905b829219502557314e ] ProtectedStorage C:\Windows\system32\lsass.exe
23:10:44.0989 4676 ProtectedStorage - ok
23:10:45.0020 4676 [ 99514faa8df93d34b5589187db3aa0ba ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:10:45.0052 4676 PSched - ok
23:10:45.0098 4676 [ e42e3433dbb4cffe8fdd91eab29aea8e ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:10:45.0098 4676 PxHelp20 - ok
23:10:45.0301 4676 [ ccdac889326317792480c0a67156a1ec ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:10:45.0816 4676 ql2300 - ok
23:10:45.0878 4676 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:10:45.0878 4676 ql40xx - ok
23:10:45.0972 4676 [ e9ecae663f47e6cb43962d18ab18890f ] QWAVE C:\Windows\system32\qwave.dll
23:10:46.0112 4676 QWAVE - ok
23:10:46.0175 4676 [ 9f5e0e1926014d17486901c88eca2db7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:10:46.0190 4676 QWAVEdrv - ok
23:10:46.0861 4676 [ e52b7a5010011c29063684cac1a6bbf0 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:10:47.0002 4676 R300 - ok
23:10:47.0189 4676 [ 8f97d374ad1857e1eed85a79f29a1d3d ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
23:10:47.0298 4676 RapiMgr - ok
23:10:47.0345 4676 [ 147d7f9c556d259924351feb0de606c3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:10:47.0360 4676 RasAcd - ok
23:10:47.0392 4676 [ f6a452eb4ceadbb51c9e0ee6b3ecef0f ] RasAuto C:\Windows\System32\rasauto.dll
23:10:47.0407 4676 RasAuto - ok
23:10:47.0454 4676 [ a214adbaf4cb47dd2728859ef31f26b0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:10:47.0470 4676 Rasl2tp - ok
23:10:47.0641 4676 [ 75d47445d70ca6f9f894b032fbc64fcf ] RasMan C:\Windows\System32\rasmans.dll
23:10:47.0735 4676 RasMan - ok
23:10:47.0828 4676 [ 509a98dd18af4375e1fc40bc175f1def ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:10:47.0844 4676 RasPppoe - ok
23:10:47.0891 4676 [ 2005f4a1e05fa09389ac85840f0a9e4d ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:10:47.0891 4676 RasSstp - ok
23:10:47.0984 4676 [ b14c9d5b9add2f84f70570bbbfaa7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:10:48.0109 4676 rdbss - ok
23:10:48.0172 4676 [ 89e59be9a564262a3fb6c4f4f1cd9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:10:48.0187 4676 RDPCDD - ok
23:10:48.0281 4676 [ 0245418224cfa77bf4b41c2fe0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:10:48.0374 4676 rdpdr - ok
23:10:48.0390 4676 [ 9d91fe5286f748862ecffa05f8a0710c ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:10:48.0390 4676 RDPENCDD - ok
23:10:48.0484 4676 [ c127ebd5afab31524662c48dfceb773a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:10:48.0562 4676 RDPWD - ok
23:10:48.0655 4676 [ bcdd6b4804d06b1f7ebf29e53a57ece9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:10:48.0671 4676 RemoteAccess - ok
23:10:48.0718 4676 [ 9e6894ea18daff37b63e1005f83ae4ab ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:10:48.0733 4676 RemoteRegistry - ok
23:10:49.0123 4676 [ ebcde8b48fadc6479d96a56d0a432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
23:10:49.0232 4676 RoxMediaDB9 - ok
23:10:49.0357 4676 [ ab2b1de1c8f31efce2384b14b3dc4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
23:10:49.0466 4676 RoxWatch9 - ok
23:10:49.0529 4676 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
23:10:49.0544 4676 RpcLocator - ok
23:10:49.0576 4676 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] RpcSs C:\Windows\system32\rpcss.dll
23:10:49.0591 4676 RpcSs - ok
23:10:49.0638 4676 [ 9c508f4074a39e8b4b31d27198146fad ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:10:49.0654 4676 rspndr - ok
23:10:49.0669 4676 [ a3e186b4b935905b829219502557314e ] SamSs C:\Windows\system32\lsass.exe
23:10:49.0669 4676 SamSs - ok
23:10:49.0716 4676 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:10:49.0732 4676 sbp2port - ok
23:10:49.0778 4676 [ 77b7a11a0c3d78d3386398fbbea1b632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:10:49.0794 4676 SCardSvr - ok
23:10:49.0950 4676 [ 1a58069db21d05eb2ab58ee5753ebe8d ] Schedule C:\Windows\system32\schedsvc.dll
23:10:50.0059 4676 Schedule - ok
23:10:50.0090 4676 [ 312ec3e37a0a1f2006534913e37b4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:10:50.0090 4676 SCPolicySvc - ok
23:10:50.0168 4676 [ 716313d9f6b0529d03f726d5aaf6f191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:10:50.0184 4676 SDRSVC - ok
23:10:50.0200 4676 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:10:50.0200 4676 secdrv - ok
23:10:50.0262 4676 [ fd5199d4d8a521005e4b5ee7fe00fa9b ] seclogon C:\Windows\system32\seclogon.dll
23:10:50.0262 4676 seclogon - ok
23:10:50.0293 4676 [ a9bbab5759771e523f55563d6cbe140f ] SENS C:\Windows\System32\sens.dll
23:10:50.0293 4676 SENS - ok
23:10:50.0324 4676 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:10:50.0340 4676 Serenum - ok
23:10:50.0371 4676 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial C:\Windows\system32\drivers\serial.sys
23:10:50.0387 4676 Serial - ok
23:10:50.0449 4676 [ 8af3d28a879bf75db53a0ee7a4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:10:50.0465 4676 sermouse - ok
23:10:50.0496 4676 [ aac24421fc74d612a7169c4d4a61b48c ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:10:50.0496 4676 ServiceLayer - ok
23:10:50.0574 4676 [ d2193326f729b163125610dbf3e17d57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:10:50.0590 4676 SessionEnv - ok
23:10:50.0652 4676 [ 51cf56aa8bcc241f134b420b8f850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:10:50.0652 4676 sffdisk - ok
23:10:50.0683 4676 [ 96ded8b20c734ac41641ce275250e55d ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:10:50.0699 4676 sffp_mmc - ok
23:10:50.0699 4676 [ 8b08cab1267b2c377883fc9e56981f90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:10:50.0714 4676 sffp_sd - ok
23:10:50.0746 4676 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:10:50.0746 4676 sfloppy - ok
23:10:50.0964 4676 [ d9b734638dd8dba9d59aad3189cd0fad ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
23:10:51.0354 4676 Sftfs - ok
23:10:51.0604 4676 [ cb73bc422c07fb611f194da18d1e7f36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
23:10:51.0869 4676 sftlist - ok
23:10:51.0900 4676 [ 2f61bd46c0bff4eb36e1e359ca17bfc5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:10:51.0900 4676 Sftplay - ok
23:10:51.0931 4676 [ 518bac0179f94304f422696b47c0ec12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:10:51.0931 4676 Sftredir - ok
23:10:51.0947 4676 [ 747325236d88b3f05ffd27ff9ec711c5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
23:10:51.0962 4676 Sftvol - ok
23:10:51.0978 4676 [ a5812f0281ca5081bf696626f9bf324d ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
23:10:51.0994 4676 sftvsa - ok
23:10:52.0072 4676 [ c7230fbee14437716701c15be02c27b8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:10:52.0087 4676 ShellHWDetection - ok
23:10:52.0150 4676 [ 08072b2fb92477fc813271a84b3a8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:10:52.0150 4676 sisagp - ok
23:10:52.0181 4676 [ cedd6f4e7d84e9f98b34b3fe988373aa ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:10:52.0181 4676 SiSRaid2 - ok
23:10:52.0212 4676 [ df843c528c4f69d12ce41ce462e973a7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:10:52.0228 4676 SiSRaid4 - ok
23:10:53.0039 4676 [ 862bb4cbc05d80c5b45be430e5ef872f ] slsvc C:\Windows\system32\SLsvc.exe
23:10:53.0476 4676 slsvc - ok
23:10:53.0538 4676 [ 6edc422215cd78aa8a9cde6b30abbd35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:10:53.0554 4676 SLUINotify - ok
23:10:53.0616 4676 [ 7b75299a4d201d6a6533603d6914ab04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:10:53.0616 4676 Smb - ok
23:10:53.0694 4676 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:10:53.0710 4676 SNMPTRAP - ok
23:10:53.0741 4676 [ 7aebdeef071fe28b0eef2cdd69102bff ] spldr C:\Windows\system32\drivers\spldr.sys
23:10:53.0741 4676 spldr - ok
23:10:53.0803 4676 [ 8554097e5136c3bf9f69fe578a1b35f4 ] Spooler C:\Windows\System32\spoolsv.exe
23:10:53.0834 4676 Spooler - ok
23:10:54.0240 4676 sprtsvc_dellsupportcenter - ok
23:10:54.0365 4676 [ 41987f9fc0e61adf54f581e15029ad91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:10:54.0536 4676 srv - ok
23:10:54.0646 4676 [ ff33aff99564b1aa534f58868cbe41ef ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:10:54.0661 4676 srv2 - ok
23:10:54.0692 4676 [ 7605c0e1d01a08f3ecd743f38b834a44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:10:54.0708 4676 srvnet - ok
23:10:54.0755 4676 [ 03d50b37234967433a5ea5ba72bc0b62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:10:54.0770 4676 SSDPSRV - ok
23:10:54.0833 4676 [ 6f1a32e7b7b30f004d9a20afadb14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:10:54.0864 4676 SstpSvc - ok
23:10:55.0051 4676 [ 5de7d67e49b88f5f07f3e53c4b92a352 ] stisvc C:\Windows\System32\wiaservc.dll
23:10:55.0176 4676 stisvc - ok
23:10:55.0316 4676 [ 51778fd315c9882f1cbd932743e62a72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:10:55.0332 4676 stllssvr - ok
23:10:55.0363 4676 [ 7ba58ecf0c0a9a69d44b3dca62becf56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:10:55.0379 4676 swenum - ok
23:10:55.0472 4676 [ f21fd248040681cca1fb6c9a03aaa93d ] swprv C:\Windows\System32\swprv.dll
23:10:55.0628 4676 swprv - ok
23:10:55.0691 4676 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:10:55.0738 4676 Symc8xx - ok
23:10:55.0800 4676 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:10:55.0816 4676 Sym_hi - ok
23:10:55.0847 4676 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:10:55.0847 4676 Sym_u3 - ok
23:10:56.0065 4676 [ 9a51b04e9886aa4ee90093586b0ba88d ] SysMain C:\Windows\system32\sysmain.dll
23:10:56.0377 4676 SysMain - ok
23:10:56.0440 4676 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:10:56.0440 4676 TabletInputService - ok
23:10:56.0549 4676 [ d7673e4b38ce21ee54c59eeeb65e2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:10:56.0736 4676 TapiSrv - ok
23:10:56.0814 4676 [ cb05822cd9cc6c688168e113c603dbe7 ] TBS C:\Windows\System32\tbssvc.dll
23:10:56.0830 4676 TBS - ok
23:10:57.0157 4676 [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:10:57.0703 4676 Tcpip - ok
23:10:58.0000 4676 [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:10:58.0015 4676 Tcpip6 - ok
23:10:58.0062 4676 [ 608c345a255d82a6289c2d468eb41fd7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:10:58.0078 4676 tcpipreg - ok
23:10:58.0124 4676 [ 5dcf5e267be67a1ae926f2df77fbcc56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:10:58.0140 4676 TDPIPE - ok
23:10:58.0171 4676 [ 389c63e32b3cefed425b61ed92d3f021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:10:58.0171 4676 TDTCP - ok
23:10:58.0249 4676 [ 76b06eb8a01fc8624d699e7045303e54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:10:58.0265 4676 tdx - ok
23:10:58.0280 4676 [ 3cad38910468eab9a6479e2f01db43c7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:10:58.0280 4676 TermDD - ok
23:10:58.0452 4676 [ bb95da09bef6e7a131bff3ba5032090d ] TermService C:\Windows\System32\termsrv.dll
23:10:58.0483 4676 TermService - ok
23:10:58.0561 4676 [ c7230fbee14437716701c15be02c27b8 ] Themes C:\Windows\system32\shsvcs.dll
23:10:58.0592 4676 Themes - ok
23:10:58.0624 4676 [ 1076ffcffaae8385fd62dfcb25ac4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:10:58.0639 4676 THREADORDER - ok
23:10:58.0655 4676 [ ec74e77d0eb004bd3a809b5f8fb8c2ce ] TrkWks C:\Windows\System32\trkwks.dll
23:10:58.0670 4676 TrkWks - ok
23:10:58.0748 4676 [ 97d9d6a04e3ad9b6c626b9931db78dba ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:10:58.0764 4676 TrustedInstaller - ok
23:10:58.0780 4676 [ dcf0f056a2e4f52287264f5ab29cf206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:10:58.0795 4676 tssecsrv - ok
23:10:58.0904 4676 [ caecc0120ac49e3d2f758b9169872d38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:10:58.0904 4676 tunmp - ok
23:10:58.0951 4676 [ 300db877ac094feab0be7688c3454a9c ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:10:58.0951 4676 tunnel - ok
23:10:59.0029 4676 [ c3ade15414120033a36c0f293d4a4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:10:59.0029 4676 uagp35 - ok
23:10:59.0092 4676 [ d9728af68c4c7693cb100b8441cbdec6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:10:59.0107 4676 udfs - ok
23:10:59.0170 4676 [ ecef404f62863755951e09c802c94ad5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:10:59.0201 4676 UI0Detect - ok
23:10:59.0263 4676 [ 6d72ef05921abdf59fc45c7ebfe7e8dd ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:10:59.0279 4676 uliagpkx - ok
23:10:59.0326 4676 [ 3cd4ea35a6221b85dcc25daa46313f8d ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:10:59.0341 4676 uliahci - ok
23:10:59.0372 4676 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:10:59.0388 4676 UlSata - ok
23:10:59.0419 4676 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:10:59.0435 4676 ulsata2 - ok
23:10:59.0497 4676 [ 32cff9f809ae9aed85464492bf3e32d2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:10:59.0497 4676 umbus - ok
23:10:59.0560 4676 [ 68308183f4ae0be7bf8ecd07cb297999 ] upnphost C:\Windows\System32\upnphost.dll
23:10:59.0606 4676 upnphost - ok
23:10:59.0684 4676 [ 83cafcb53201bbac04d822f32438e244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:10:59.0700 4676 USBAAPL - ok
23:10:59.0731 4676 [ 32db9517628ff0d070682aab61e688f0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:10:59.0731 4676 usbaudio - ok
23:10:59.0762 4676 [ caf811ae4c147ffcd5b51750c7f09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:10:59.0762 4676 usbccgp - ok
23:10:59.0809 4676 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:10:59.0809 4676 usbcir - ok
23:10:59.0856 4676 [ 79e96c23a97ce7b8f14d310da2db0c9b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:10:59.0856 4676 usbehci - ok
23:10:59.0887 4676 [ 4673bbcb006af60e7abddbe7a130ba42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:10:59.0903 4676 usbhub - ok
23:10:59.0918 4676 [ 38dbc7dd6cc5a72011f187425384388b ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:10:59.0934 4676 usbohci - ok
23:10:59.0981 4676 [ b51e52acf758be00ef3a58ea452fe360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:10:59.0996 4676 usbprint - ok
23:11:00.0043 4676 [ be3da31c191bc222d9ad503c5224f2ad ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:11:00.0059 4676 USBSTOR - ok
23:11:00.0106 4676 [ 814d653efc4d48be3b04a307eceff56f ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:11:00.0106 4676 usbuhci - ok
23:11:00.0137 4676 [ e67998e8f14cb0627a769f6530bcb352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:11:00.0168 4676 usbvideo - ok
23:11:00.0215 4676 [ 1509e705f3ac1d474c92454a5c2dd81f ] UxSms C:\Windows\System32\uxsms.dll
23:11:00.0230 4676 UxSms - ok
23:11:00.0277 4676 [ cd88d1b7776dc17a119049742ec07eb4 ] vds C:\Windows\System32\vds.exe
23:11:00.0293 4676 vds - ok
23:11:00.0324 4676 [ 87b06e1f30b749a114f74622d013f8d4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:11:00.0355 4676 vga - ok
23:11:00.0402 4676 [ 2e93ac0a1d8c79d019db6c51f036636c ] VgaSave C:\Windows\System32\drivers\vga.sys
23:11:00.0402 4676 VgaSave - ok
23:11:00.0433 4676 [ d5929a28bdff4367a12caf06af901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:11:00.0449 4676 viaagp - ok
23:11:00.0464 4676 [ 56a4de5f02f2e88182b0981119b4dd98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:11:00.0496 4676 ViaC7 - ok
23:11:00.0511 4676 [ f3b4762eb85a2aff4999401f14c3262b ] viaide C:\Windows\system32\drivers\viaide.sys
23:11:00.0527 4676 viaide - ok
23:11:00.0558 4676 [ 69503668ac66c77c6cd7af86fbdf8c43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:11:00.0574 4676 volmgr - ok
23:11:00.0667 4676 [ 23e41b834759917bfd6b9a0d625d0c28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:11:00.0698 4676 volmgrx - ok
23:11:00.0808 4676 [ 147281c01fcb1df9252de2a10d5e7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:11:00.0823 4676 volsnap - ok
23:11:00.0886 4676 [ d984439746d42b30fc65a4c3546c6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:11:00.0932 4676 vsmraid - ok
23:11:01.0120 4676 [ db3d19f850c6eb32bdcb9bc0836acddb ] VSS C:\Windows\system32\vssvc.exe
23:11:01.0338 4676 VSS - ok
23:11:01.0447 4676 [ 96ea68b9eb310a69c25ebb0282b2b9de ] W32Time C:\Windows\system32\w32time.dll
23:11:01.0650 4676 W32Time - ok
23:11:01.0681 4676 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:11:01.0697 4676 WacomPen - ok
23:11:01.0744 4676 [ 55201897378cca7af8b5efd874374a26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:11:01.0759 4676 Wanarp - ok
23:11:01.0790 4676 [ 55201897378cca7af8b5efd874374a26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:11:01.0790 4676 Wanarpv6 - ok
23:11:01.0915 4676 [ 59e19bd13c3bdb857646b9e436ba27f7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
23:11:02.0118 4676 WcesComm - ok
23:11:02.0305 4676 [ a3cd60fd826381b49f03832590e069af ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:11:02.0336 4676 wcncsvc - ok
23:11:02.0383 4676 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:11:02.0383 4676 WcsPlugInService - ok
23:11:02.0414 4676 [ afc5ad65b991c1e205cf25cfdbf7a6f4 ] Wd C:\Windows\system32\drivers\wd.sys
23:11:02.0430 4676 Wd - ok
23:11:02.0524 4676 [ b6f0a7ad6d4bd325fbcd8bac96cd8d96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:11:02.0539 4676 Wdf01000 - ok
23:11:02.0570 4676 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:11:02.0602 4676 WdiServiceHost - ok
23:11:02.0602 4676 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:11:02.0602 4676 WdiSystemHost - ok
23:11:02.0680 4676 [ 04c37d8107320312fbae09926103d5e2 ] WebClient C:\Windows\System32\webclnt.dll
23:11:02.0695 4676 WebClient - ok
23:11:02.0742 4676 [ 905214925a88311fce52f66153de7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:11:02.0742 4676 Wecsvc - ok
23:11:02.0773 4676 [ 670ff720071ed741206d69bd995ea453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:11:02.0773 4676 wercplsupport - ok
23:11:02.0851 4676 [ 32b88481d3b326da6deb07b1d03481e7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:11:02.0867 4676 WerSvc - ok
23:11:02.0867 4676 WinHttpAutoProxySvc - ok
23:11:02.0960 4676 [ 6b2a1d0e80110e3d04e6863c6e62fd8a ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:11:02.0960 4676 Winmgmt - ok
23:11:03.0070 4676 [ 01874d4689c212460fbabf0ecd7cb7f7 ] WinRM C:\Windows\system32\WsmSvc.dll
23:11:03.0101 4676 WinRM - ok
23:11:03.0194 4676 [ c008405e4feeb069e30da1d823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:11:03.0288 4676 Wlansvc - ok
23:11:03.0304 4676 [ 701a9f884a294327e9141d73746ee279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:11:03.0319 4676 WmiAcpi - ok
23:11:03.0366 4676 [ 43be3875207dcb62a85c8c49970b66cc ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:11:03.0366 4676 wmiApSrv - ok
23:11:03.0413 4676 [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:11:03.0428 4676 WMPNetworkSvc - ok
23:11:03.0491 4676 [ cfc5a04558f5070cee3e3a7809f3ff52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:11:03.0491 4676 WPCSvc - ok
23:11:03.0522 4676 [ 396d406292b0cd26e3504ffe82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:11:03.0538 4676 WPDBusEnum - ok
23:11:03.0600 4676 [ 0cec23084b51b8288099eb710224e955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:11:03.0616 4676 WpdUsb - ok
23:11:03.0631 4676 [ e3a3cb253c0ec2494d4a61f5e43a389c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:11:03.0647 4676 ws2ifsl - ok
23:11:03.0694 4676 [ 1ca6c40261ddc0425987980d0cd2aaab ] wscsvc C:\Windows\System32\wscsvc.dll
23:11:03.0709 4676 wscsvc - ok
23:11:03.0709 4676 WSearch - ok
23:11:04.0021 4676 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
23:11:04.0177 4676 wuauserv - ok
23:11:04.0208 4676 [ ac13cb789d93412106b0fb6c7eb2bcb6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:11:04.0224 4676 WUDFRd - ok
23:11:04.0286 4676 [ 575a4190d989f64732119e4114045a4f ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:11:04.0302 4676 wudfsvc - ok
23:11:04.0302 4676 ================ Scan global ===============================
23:11:04.0333 4676 (f31eebc1a1c81fd04005489cc3dcdfe7) C:\Windows\system32\basesrv.dll
23:11:04.0396 4676 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
23:11:04.0411 4676 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
23:11:04.0474 4676 (8737764f4fd36d6808ee80578409c843) C:\Windows\system32\services.exe
23:11:04.0489 4676 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
23:11:04.0489 4676 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
23:11:04.0489 4676 ================ Scan MBR ==================================
23:11:04.0520 4676 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:11:05.0144 4676 \Device\Harddisk0\DR0 - ok
23:11:05.0144 4676 ================ Scan VBR ==================================
23:11:05.0160 4676 Boot (0x1200) (8157b6ff97634fb88e2154b8f74a83ee) \Device\Harddisk0\DR0\Partition1
23:11:05.0191 4676 \Device\Harddisk0\DR0\Partition1 - ok
23:11:05.0207 4676 Boot (0x1200) (2185a465faa2c1a84d208ab52f7ab9ac) \Device\Harddisk0\DR0\Partition2
23:11:05.0222 4676 \Device\Harddisk0\DR0\Partition2 - ok
23:11:05.0222 4676 ============================================================
23:11:05.0222 4676 Scan finished
23:11:05.0222 4676 ============================================================
23:11:05.0238 5240 Detected object count: 1
23:11:05.0238 5240 Actual detected object count: 1
23:11:27.0546 5240 C:\Windows\system32\services.exe - copied to quarantine
23:11:32.0663 5240 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine
23:11:33.0933 5240 C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\@ - copied to quarantine
23:11:33.0971 5240 C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\n - copied to quarantine
23:11:34.0174 5240 C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\U\00000008.@ - copied to quarantine
23:11:54.0155 5240 Backup copy found, using it..
23:11:58.0399 5240 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot
23:11:58.0492 5240 C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\@ - will be deleted on reboot
23:11:58.0492 5240 C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\n - will be deleted on reboot
23:11:58.0492 5240 C:\Windows\installer\{8fd73304-7a8a-992e-846b-74f58997d6f1}\U\00000008.@ - will be deleted on reboot
23:11:58.0492 5240 C:\Windows\system32\services.exe - will be cured on reboot
23:11:58.0492 5240 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure
23:12:15.0876 6056 Deinitialize success
bei avast aber finde ich unter deinem dateipfad nichts, im programmordner von avast auch nicht... |
|
21.08.2012, 13:24
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) Dann lassen wir das mit den Avast-Logs Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) |
|
22.08.2012, 18:06
| #7 |
| | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.22.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Paul :: PAUL-PC [Administrator] Schutz: Aktiviert 22.08.2012 14:05:24 mbam-log-2012-08-22 (14-05-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 440438 Laufzeit: 2 Stunde(n), 14 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b57a498a4b8d434aaa77f3c2d3e20194
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-16 01:42:19
# local_time=2012-08-16 03:42:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 75569012 75569012 0 0
# compatibility_mode=768 16777215 100 0 75567141 75567141 0 0
# compatibility_mode=5892 16776573 100 100 3496 182654938 0 0
# compatibility_mode=8192 67108863 100 0 359 359 0 0
# scanned=60350
# found=0
# cleaned=0
# scan_time=2329
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b57a498a4b8d434aaa77f3c2d3e20194
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-22 04:42:15
# local_time=2012-08-22 06:42:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 76092632 76092632 0 0
# compatibility_mode=768 16777215 100 0 76090761 76090761 0 0
# compatibility_mode=5892 16776573 100 100 68854 183178558 0 0
# compatibility_mode=8192 67108863 100 0 523979 523979 0 0
# scanned=265410
# found=1
# cleaned=0
# scan_time=7904
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\47204bdb-20af3d88 multiple threats (unable to clean) 00000000000000000000000000000000 I
|
|
30.08.2012, 13:05
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.08.2012, 10:37
| #9 |
| | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) adwcleaner: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 08/31/2012 um 11:35:54 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Paul - PAUL-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TXUCCWU\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
Datei Gefunden : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
Datei Gefunden : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
Datei Gefunden : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Datei Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\searchplugins\aol-web-search.xml
Ordner Gefunden : C:\Program Files\Common Files\Software Update Utility
Ordner Gefunden : C:\Program Files\Winamp Toolbar
Ordner Gefunden : C:\ProgramData\Winamp Toolbar
Ordner Gefunden : C:\Users\Paul\AppData\Local\Winamp Toolbar
Ordner Gefunden : C:\Users\Paul\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\Conduit
Ordner Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\CT2269050
Ordner Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gefunden : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\WinampToolbarData
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gefunden : HKCU\Software\Winamp Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2857573
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gefunden : HKLM\Software\Winamp Toolbar
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v3.0.5 (de)
Profilname : default
Datei : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\prefs.js
Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2269050.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.CurrentServerDate", "27-7-2012");
Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2269050.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Fri Jul 27 2012 10:51:05 GMT+0200");
Gefunden : user_pref("CT2269050.FirstServerDate", "7-8-2010");
Gefunden : user_pref("CT2269050.FirstTime", true);
Gefunden : user_pref("CT2269050.FirstTimeFF3", true);
Gefunden : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2269050.Initialize", true);
Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2269050.InstalledDate", "Sat Aug 07 2010 18:15:23 GMT+0200");
Gefunden : user_pref("CT2269050.InvalidateCache", false);
Gefunden : user_pref("CT2269050.IsGrouping", false);
Gefunden : user_pref("CT2269050.IsMulticommunity", false);
Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gefunden : user_pref("CT2269050.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2269050.Locale", "en");
Gefunden : user_pref("CT2269050.LoginCache", 4);
Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2269050.RadioIsPodcast", false);
Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gefunden : user_pref("CT2269050.RadioMediaID", "12473383");
Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gefunden : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Jul 27 2012 10:46:04 GMT+0200");
Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Fri Jul 27 2012 10:46:04 GMT+0200");
Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gefunden : user_pref("CT2269050.UserID", "UN75293547708824586");
Gefunden : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2269050.WeatherNetwork", "");
Gefunden : user_pref("CT2269050.WeatherPollDate", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gefunden : user_pref("CT2269050.WeatherUnit", "C");
Gefunden : user_pref("CT2269050.alertChannelId", "666138");
Gefunden : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "2423");
Gefunden : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F7273746D6E7272");
Gefunden : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737578797A73747878242F4B4947[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gefunden : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Gefunden : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6F6A3F72427071707A4279717620497D784E25207B4E252A21[...]
Gefunden : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gefunden : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gefunden : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gefunden : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Gefunden : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Gefunden : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "686E3B3E407171447A4373747B73474C4D794D7E4D");
Gefunden : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F7273746D6E7278727979");
Gefunden : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gefunden : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gefunden : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gefunden : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gefunden : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gefunden : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gefunden : user_pref("CT2269050.clientLogIsEnabled", false);
Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2269050.myStuffEnabled", true);
Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "{edbce42a-7b3d-4ed2-83a2-af4ce181bf83}");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Feb 15 2011 11:35:49 GMT+0100");
Gefunden : user_pref("aol_toolbar.surf.date", "8");
Gefunden : user_pref("aol_toolbar.surf.lastDate", "27");
Gefunden : user_pref("aol_toolbar.surf.lastMonth", "6");
Gefunden : user_pref("aol_toolbar.surf.lastYear", "2012");
Gefunden : user_pref("aol_toolbar.surf.month", "8");
Gefunden : user_pref("aol_toolbar.surf.prevMonth", "5");
Gefunden : user_pref("aol_toolbar.surf.total", "426");
Gefunden : user_pref("aol_toolbar.surf.week", "8");
Gefunden : user_pref("aol_toolbar.surf.year", "36");
Gefunden : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Gefunden : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gefunden : user_pref("winamp_toolbar.guid", "{225AFBE5-921B-D3FA-E1E3-D9533A55DAA9}");
Gefunden : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.14.1");
Gefunden : user_pref("winamp_toolbar.metrics.activestampdate", "27");
Gefunden : user_pref("winamp_toolbar.metrics.activestampmonth", "6");
Gefunden : user_pref("winamp_toolbar.metrics.activestampyear", "2012");
Gefunden : user_pref("winamp_toolbar.metrics.originalDate", "15");
Gefunden : user_pref("winamp_toolbar.metrics.originalHours", "15");
Gefunden : user_pref("winamp_toolbar.metrics.originalMinutes", "35");
Gefunden : user_pref("winamp_toolbar.metrics.originalMonth", "2");
Gefunden : user_pref("winamp_toolbar.metrics.originalSeconds", "52");
Gefunden : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Gefunden : user_pref("winamp_toolbar.remote.publish.xml", "1343378766257");
Gefunden : user_pref("winamp_toolbar.search.cid", "22-06-2011");
Gefunden : user_pref("winamp_toolbar.search.instd", "20110622203055990");
Gefunden : user_pref("winamp_toolbar.search.oid", "15-02-2011");
Gefunden : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gefunden : user_pref("winamp_toolbar.search.searchtype", "web");
Gefunden : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Gefunden : user_pref("winamp_toolbar.skin.custom", true);
Gefunden : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Gefunden : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gefunden : user_pref("winamp_toolbar.winamp.appversion", "1");
Gefunden : user_pref("winamp_toolbar.winamp.artist", "");
Gefunden : user_pref("winamp_toolbar.winamp.button.focus", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.forward", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.open", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.pause", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.play", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.rewind", true);
Gefunden : user_pref("winamp_toolbar.winamp.button.stop", false);
Gefunden : user_pref("winamp_toolbar.winamp.button.volume", true);
Gefunden : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Gefunden : user_pref("winamp_toolbar.winamp.ticker.show", true);
Gefunden : user_pref("winamp_toolbar.winamp.title", "-999999");
Gefunden : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gefunden : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
*************************
AdwCleaner[R1].txt - [22832 octets] - [31/08/2012 11:35:55]
########## EOF - C:\AdwCleaner[R1].txt - [22893 octets] ##########
|
|
31.08.2012, 11:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.09.2012, 17:56
| #11 |
| | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/02/2012 um 18:50:07 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Paul - PAUL-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LZD2VRN\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
Datei Gelöscht : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Datei Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\searchplugins\aol-web-search.xml
Ordner Gelöscht : C:\Program Files\Common Files\Software Update Utility
Ordner Gelöscht : C:\Program Files\Winamp Toolbar
Ordner Gelöscht : C:\ProgramData\Winamp Toolbar
Ordner Gelöscht : C:\Users\Paul\AppData\Local\Winamp Toolbar
Ordner Gelöscht : C:\Users\Paul\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\Conduit
Ordner Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\CT2269050
Ordner Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\WinampToolbarData
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2857573
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\Software\Winamp Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v3.0.5 (de)
Profilname : default
Datei : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\prefs.js
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "27-7-2012");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Fri Jul 27 2012 10:51:05 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "7-8-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Sat Aug 07 2010 18:15:23 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Jul 27 2012 10:46:04 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Fri Jul 27 2012 10:46:04 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gelöscht : user_pref("CT2269050.UserID", "UN75293547708824586");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Fri Jul 27 2012 10:46:05 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "2423");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F7273746D6E7272");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737578797A73747878242F4B4947[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6F6A3F72427071707A4279717620497D784E25207B4E252A21[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "686E3B3E407171447A4373747B73474C4D794D7E4D");
Gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F7273746D6E7278727979");
Gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 27 2012 10:46:03 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{edbce42a-7b3d-4ed2-83a2-af4ce181bf83}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Feb 15 2011 11:35:49 GMT+0100");
Gelöscht : user_pref("aol_toolbar.surf.date", "8");
Gelöscht : user_pref("aol_toolbar.surf.lastDate", "27");
Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "6");
Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
Gelöscht : user_pref("aol_toolbar.surf.month", "8");
Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "5");
Gelöscht : user_pref("aol_toolbar.surf.total", "426");
Gelöscht : user_pref("aol_toolbar.surf.week", "8");
Gelöscht : user_pref("aol_toolbar.surf.year", "36");
Gelöscht : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.guid", "{225AFBE5-921B-D3FA-E1E3-D9533A55DAA9}");
Gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.14.1");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "27");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "6");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2012");
Gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "15");
Gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "15");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "35");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "2");
Gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "52");
Gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1343378766257");
Gelöscht : user_pref("winamp_toolbar.search.cid", "22-06-2011");
Gelöscht : user_pref("winamp_toolbar.search.instd", "20110622203055990");
Gelöscht : user_pref("winamp_toolbar.search.oid", "15-02-2011");
Gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
Gelöscht : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Gelöscht : user_pref("winamp_toolbar.skin.custom", true);
Gelöscht : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.winamp.appversion", "1");
Gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
Gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
Gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
Gelöscht : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
Gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
*************************
AdwCleaner[R1].txt - [22963 octets] - [31/08/2012 11:35:55]
AdwCleaner[S1].txt - [23338 octets] - [02/09/2012 18:50:07]
########## EOF - C:\AdwCleaner[S1].txt - [23399 octets] ##########
|
|
03.09.2012, 19:30
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.09.2012, 23:01
| #13 |
| | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.09.2012 23:24:41 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,58% Memory free
4,94 Gb Paging File | 4,09 Gb Available in Paging File | 82,87% Paging File free
Paging file location(s): c:\pagefile.sys 3067 12000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 5,79 Gb Free Space | 2,60% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,03 Gb Free Space | 60,30% Space Free | Partition Type: NTFS
Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{194D1F7D-D3C6-4E1B-B7C1-84624B59EFB8}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{31BF0651-1F24-43AB-A5DB-FABC6B267A47}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A5F0A65B-B9AB-4350-A55D-EBFC9A91847C}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{8E5E79BA-3867-4D70-854D-103C2AAF3401}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{D2283D54-46A5-46CB-A32E-7C2F9A5685D1}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{E93636B0-BD1C-4068-A410-AA48E2234F1A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{150C58DD-54ED-4697-AAA5-16F037C9F7EF}" = Kane and Lynch Dead Men Demo
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F28E36-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne Demo
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.2.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{3D26D137-EA12-4D31-8326-226EA0A819A9}" = Moorhuhn Kart XL
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{501BB464-E875-4E1E-9CF4-8C445DDAE01E}" = Tom Clancy's Splinter Cell Double Agent Demo
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo
"{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins
"{70D52D20-82A5-43CC-85C1-C994FA2EC591}" = Tom Clancy's Rainbow Six: Lockdown Demo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C8DECD-5948-F3DB-6B38-B7AF881647A6}" = ATI Catalyst Install Manager
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"ASIO4ALL" = ASIO4ALL
"Aston Martin Screensaver" = Aston Martin Screensaver
"Aston Martin Vanquish V12 S Screensaver" = Aston Martin Vanquish V12 S Screensaver
"ATITool" = ATITool Overclocking Utility
"avast" = avast! Free Antivirus
"Clean Virus MSN_is1" = Clean Virus MSN
"Collab" = Collab
"Counter-Strike: Source" = Counter-Strike: Source
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driving Speed 2_is1" = Driving Speed 2.0
"eMule" = eMule
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FL Studio 7" = FL Studio 7
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"InstallShield_{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"MAGIX Music Maker 2008 Producer Edition Trial D" = MAGIX Music Maker 2008 Producer Edition Trial 13.0.1.11 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"myGamersCam" = myGamersCam 1.2
"Need For Speed II SE" = Need For Speed II SE
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Operation Flashpoint" = Operation Flashpoint (Uninstall via Start Menu shortcut)
"Ots CD Scratch 1200" = Ots CD Scratch 1200 1.00.044
"OtsTurntables Free" = OtsTurntables Free 1.00.027
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.111
"RealPlayer 15.0" = RealPlayer
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"StationRipper" = StationRipper 2.87
"SystemRequirementsLab" = System Requirements Lab
"TmNationsForever_is1" = TmNationsForever
"tt2_demo_is1" = Terrorist Takedown 2 DEMO (1.01)
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2215733643-3358093249-3991178509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.08.2012 05:32:35 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xb00, Anwendungsstartzeit
01cd875b8596f639.
Error - 01.09.2012 03:50:10 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xef0, Anwendungsstartzeit
01cd881658bb8eb3.
Error - 01.09.2012 03:51:55 | Computer Name = Paul-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 5e8 Anfangszeit: 01cd88167e55a7f3 Zeitpunkt
der Beendigung: 0
Error - 02.09.2012 12:41:18 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xd40, Anwendungsstartzeit
01cd8929a67b2557.
Error - 02.09.2012 12:52:15 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xf08, Anwendungsstartzeit
01cd892b496610e5.
Error - 02.09.2012 16:45:50 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x435c6465, Prozess-ID 0x20c, Anwendungsstartzeit
01cd894b83cdcba5.
Error - 03.09.2012 04:39:34 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xf9c, Anwendungsstartzeit
01cd89af659d2211.
Error - 03.09.2012 10:34:55 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xe64, Anwendungsstartzeit
01cd89e1319ffa67.
Error - 03.09.2012 11:27:26 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x01ad6200, Prozess-ID 0xe98, Anwendungsstartzeit
01cd89e89a9f62cb.
Error - 03.09.2012 17:14:48 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel
0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xe44, Anwendungsstartzeit
01cd8a1920867f3e.
[ System Events ]
Error - 30.08.2012 18:39:44 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.08.2012 05:33:30 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.09.2012 03:50:47 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.09.2012 12:41:41 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.09.2012 12:53:18 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.09.2012 16:30:14 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.09.2012 04:38:56 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.09.2012 10:35:30 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.09.2012 11:28:24 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.09.2012 17:15:40 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
04.09.2012, 13:36
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) Wieso nur die Extras? Das andere Log ist viel wichtiger
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.09.2012, 21:54
| #15 |
| | Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) sry, hatte mich verguckt... OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.09.2012 23:24:41 - Run 1 OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Paul\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,58% Memory free 4,94 Gb Paging File | 4,09 Gb Available in Paging File | 82,87% Paging File free Paging file location(s): c:\pagefile.sys 3067 12000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,78 Gb Total Space | 5,79 Gb Free Space | 2,60% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,03 Gb Free Space | 60,30% Space Free | Partition Type: NTFS Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.03 23:23:37 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.15 11:41:33 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.05.29 16:55:56 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe ========== Modules (No Company Name) ========== MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.04.04 15:05:56 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.05.31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\562B.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.04.04 15:05:54 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.10.10 08:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.10.10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.10.10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.10.10 08:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3071221 IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - No CLSID value found IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1 FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.15 20:28:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.08.21 21:15:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.15 11:45:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.02 18:50:13 | 000,000,000 | ---D | M] [2008.11.08 21:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions [2012.09.02 18:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions [2009.11.21 09:31:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.02 00:53:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.27 20:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.12 01:05:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.21 21:15:56 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2012.08.12 01:05:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.15 20:28:57 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT File not found (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V13IL3TT.DEFAULT\EXTENSIONS\{0B38152B-1B20-484D-A11F-5E04A9B0661F} File not found (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V13IL3TT.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} [2012.06.15 11:42:37 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.01.01 16:58:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000..\Run: [] File not found O4 - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp;jsessionid=F9C9205408D9F59EAA745678E7F76607.icc_euro?RT=1337443640288" File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2215733643-3358093249-3991178509-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6493CB48-7F85-46D7-AE1F-8F60556E23B4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA9BFC4-8DE8-4444-8520-41FCAFD46533}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\AutoRun\command - "" = gjn2pjlw.exe O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\explore\Command - "" = gjn2pjlw.exe O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\open\Command - "" = gjn2pjlw.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: 24085153.sys - Driver SafeBootMin: 48571756.sys - Driver SafeBootMin: 65557285.sys - Driver SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 24085153.sys - Driver SafeBootNet: 48571756.sys - Driver SafeBootNet: 65557285.sys - Driver SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: ccc-core-static - msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.03 23:23:32 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe [2012.08.19 18:34:44 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2012.08.16 14:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.08.16 13:27:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support [2012.08.16 12:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.08.15 21:44:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Winamp [2012.08.15 19:03:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Dateien Umzug [2012.08.15 10:19:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\AV [2012.08.15 08:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.08.14 23:11:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.08.12 01:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2010.03.26 07:48:53 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Paul\mbam-setup.exe [2010.03.26 00:48:02 | 058,172,520 | ---- | C] (Kaspersky Lab) -- C:\Users\Paul\kav9.0.0.459DE.exe [2010.03.26 00:38:52 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Paul\HJTInstall.exe [2010.03.26 00:20:04 | 009,823,176 | ---- | C] (Microsoft Corporation) -- C:\Users\Paul\windows-kb890830-v3.5.exe [2009.10.15 17:11:07 | 021,128,536 | ---- | C] (DivX, Inc.) -- C:\Users\Paul\DivXInstaller72.exe [2009.08.27 20:20:30 | 001,875,076 | ---- | C] (Password Recovery Magic Studio Ltd. ) -- C:\Users\Paul\RAR-Password-Recovery-Magic.exe [2009.07.01 14:39:57 | 077,690,152 | ---- | C] (Apple Inc.) -- C:\Users\Paul\iTunesSetup.exe [2007.12.29 19:21:46 | 044,575,761 | ---- | C] (Phenomedia AG ) -- C:\Program Files\Setup_Moorhuhn_Kart_XL.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.03 23:23:37 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe [2012.09.03 23:14:00 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 23:14:00 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 23:13:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.03 19:06:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.08.26 14:34:23 | 000,308,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.26 14:34:23 | 000,210,908 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.26 14:34:23 | 000,061,620 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.26 14:34:23 | 000,038,804 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.21 21:23:06 | 000,000,005 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mbam.context.scan [2012.08.21 21:15:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.08.15 21:44:59 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.08.15 20:55:18 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.15 20:51:17 | 000,338,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.15 20:32:16 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.08.15 09:26:16 | 000,000,000 | ---- | M] () -- C:\Users\Paul\defogger_reenable [2012.08.12 01:04:15 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.09 12:55:36 | 000,002,912 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.21 21:23:06 | 000,000,005 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\mbam.context.scan [2012.08.15 21:44:59 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.08.15 20:32:16 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.08.15 09:26:16 | 000,000,000 | ---- | C] () -- C:\Users\Paul\defogger_reenable [2012.08.14 22:36:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.12 01:04:15 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.01.18 13:50:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.01.18 13:50:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.01.18 13:49:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.01.02 17:41:30 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.01.02 17:41:26 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2011.01.02 17:41:26 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.01.02 17:41:26 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.01.02 17:41:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.01.02 17:32:27 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat [2010.08.25 11:15:06 | 000,221,584 | ---- | C] () -- C:\Users\Paul\controller.pdf [2010.08.08 18:49:20 | 077,796,050 | ---- | C] () -- C:\Users\Paul\gameskeebrake.zip [2010.07.11 10:14:25 | 003,364,153 | ---- | C] () -- C:\Users\Paul\Upside_(feat._Michelle_Breeze).mp3 [2010.06.02 01:34:57 | 057,817,611 | ---- | C] () -- C:\Users\Paul\Kano_-_Kano_Mixtape.rar [2010.06.02 00:28:59 | 068,414,451 | ---- | C] () -- C:\Users\Paul\Kano_-_Beats_And_Bars__2005___www.beatboxradioshow.blogspot.com_.rar [2010.06.01 23:48:36 | 056,687,361 | ---- | C] () -- C:\Users\Paul\Kano-Beats_&_Bars_(2005).zip [2010.05.29 17:19:04 | 010,871,495 | ---- | C] () -- C:\Users\Paul\Usher_-_OMG_(Feat._Will.I.Am).mp3 [2010.05.13 12:46:05 | 006,469,101 | ---- | C] () -- C:\Users\Paul\Justin_Timberlake_-_Rock_Your_Body.mp3 [2010.05.13 12:25:33 | 003,966,046 | ---- | C] () -- C:\Users\Paul\three 6 mafia feat. tiesto, sean kingston & flo rida - feel it.mp3.mp3 [2010.05.13 12:17:21 | 007,670,478 | ---- | C] () -- C:\Users\Paul\10__Dizzee_Rascal_-_Holiday_[Ft._Chrome].mp3 [2010.05.08 19:26:30 | 007,946,244 | ---- | C] () -- C:\Users\Paul\Surkin_-_Radio_Fireworks_(Riot_In_Belgium_Second_Remix).mp3 [2010.05.08 18:56:11 | 004,235,328 | ---- | C] () -- C:\Users\Paul\Bob_Marley_Vs._Funkstar_Deluxe_-_Sun_Is_Shining.mp3 [2010.04.04 21:44:24 | 000,017,089 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\UserTile.png [2010.03.25 23:55:29 | 004,103,298 | ---- | C] () -- C:\Users\Paul\cleanvirusmsn.zip [2010.03.19 18:00:00 | 008,655,505 | ---- | C] () -- C:\Users\Paul\11 Pursuit Of Happiness.mp3 [2010.03.19 18:00:00 | 008,035,880 | ---- | C] () -- C:\Users\Paul\08 Back Home.mp3 [2010.03.19 18:00:00 | 005,467,521 | ---- | C] () -- C:\Users\Paul\09 Kinda Like A Big Deal (KA Freestyle).mp3 [2010.03.19 18:00:00 | 005,063,145 | ---- | C] () -- C:\Users\Paul\10 Kano In The House (Pon De Floor).mp3 [2010.03.19 17:59:59 | 007,281,464 | ---- | C] () -- C:\Users\Paul\07 Chip Roll, Sausage In Batter.mp3 [2010.03.19 17:59:58 | 009,437,088 | ---- | C] () -- C:\Users\Paul\05 Game Over.mp3 [2010.03.19 17:59:58 | 008,561,464 | ---- | C] () -- C:\Users\Paul\04 Pass Out (KA Freestyle).mp3 [2010.03.19 17:59:58 | 007,593,888 | ---- | C] () -- C:\Users\Paul\03 Track Burglar.mp3 [2010.03.19 17:59:58 | 006,496,745 | ---- | C] () -- C:\Users\Paul\06 Rude Boy.mp3 [2010.03.19 17:59:57 | 008,962,705 | ---- | C] () -- C:\Users\Paul\02 You Are Young.mp3 [2010.03.19 17:59:57 | 000,806,231 | ---- | C] () -- C:\Users\Paul\01 Intro.mp3 [2010.03.19 17:59:05 | 076,615,102 | ---- | C] () -- C:\Users\Paul\Jack Bauer- The 7 Day Edition (www.kanosworld.com).zip [2010.02.21 14:42:23 | 001,579,618 | ---- | C] () -- C:\Users\Paul\img004.jpg [2010.01.07 17:45:56 | 000,953,919 | ---- | C] () -- C:\Users\Paul\Apple Store - Deutschland.mht [2010.01.07 17:45:34 | 000,190,335 | ---- | C] () -- C:\Users\Paul\Sparkasse Krefeld - Ihr persönliches Finanzportal - Ihr Auftrag.mht [2010.01.06 02:05:19 | 001,901,794 | ---- | C] () -- C:\Users\Paul\02 chase the sun.mp3 [2010.01.06 02:00:58 | 007,686,773 | ---- | C] () -- C:\Users\Paul\Planet_Funk_-_Chase_the_Sun.mp3 [2010.01.05 17:31:36 | 006,513,216 | ---- | C] () -- C:\Users\Paul\Nikkfurie_-_The_A_La_Menthe_Extended.mp3 [2009.12.26 15:43:05 | 007,989,158 | ---- | C] () -- C:\Users\Paul\-_Akon_ft_David_Guetta_-_Sexy_Bitch.mp3 [2009.10.11 10:59:48 | 005,556,136 | ---- | C] () -- C:\Users\Paul\Plane9.exe [2009.08.28 15:19:31 | 010,351,542 | ---- | C] () -- C:\Users\Paul\Jay-Z_-_Death_of_Autotune.mp3 [2009.08.27 20:14:21 | 003,449,769 | ---- | C] () -- C:\Users\Paul\-_Planet_Funk_-_Chase_The_Sun.rar [2009.07.02 19:53:14 | 099,423,964 | ---- | C] () -- C:\Users\Paul\34082008.rar [2009.07.02 16:27:56 | 006,393,388 | ---- | C] () -- C:\Users\Paul\myGamersCam_Setup.zip [2009.06.05 13:37:36 | 015,350,784 | ---- | C] () -- C:\Users\Paul\AppleMobileDeviceSupport.msi [2009.06.03 15:09:15 | 000,041,838 | ---- | C] () -- C:\Users\Paul\John_Brown_-_Suburban_Empire_(Hosted_By_Superstar_Jay)-2009-MIXFIEND.torrent [2009.05.22 19:27:18 | 004,329,056 | ---- | C] () -- C:\Users\Paul\DJ_Size_feat._J._Lourenzo___Big_Steve_-_Sunglasses.mp3 [2009.05.15 16:06:32 | 005,824,446 | ---- | C] () -- C:\Users\Paul\She's Glowing (Remix).mp3 [2009.03.31 19:22:03 | 000,463,360 | ---- | C] () -- C:\Users\Paul\Magischer+Kater+3.pps [2008.08.12 15:07:44 | 000,022,328 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\PnkBstrK.sys [2008.01.05 18:30:08 | 000,222,269 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\NMM-MetaData.db [2007.12.29 19:21:48 | 003,108,049 | ---- | C] () -- C:\Program Files\The Beatles - Come Together.mp3 [2007.12.29 19:21:48 | 000,086,791 | ---- | C] () -- C:\Program Files\575m_rot_front.zip [2007.12.29 19:21:48 | 000,062,874 | ---- | C] () -- C:\Program Files\575m_blau_dreiviertelfront.zip [2007.12.29 19:21:48 | 000,062,613 | ---- | C] () -- C:\Program Files\575m_blau_heck.zip [2007.12.29 19:21:48 | 000,057,566 | ---- | C] () -- C:\Program Files\575m_blau_top.zip [2007.12.29 19:21:48 | 000,053,648 | ---- | C] () -- C:\Program Files\575m_rot_seite.zip [2007.12.29 19:21:46 | 005,316,116 | ---- | C] () -- C:\Program Files\Forsaken_Part2.zip [2007.12.29 19:21:46 | 003,060,864 | ---- | C] () -- C:\Program Files\Infamous.mp3 [2007.12.29 19:21:46 | 002,927,388 | ---- | C] () -- C:\Program Files\Infamous.zip [2007.12.28 23:01:19 | 000,002,912 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat [2007.12.28 21:13:39 | 000,000,552 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d8caps.dat [2007.12.28 20:59:41 | 000,061,440 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.28 20:49:52 | 000,001,356 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2010.01.13 00:52:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Amazon [2010.06.02 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.22 18:44:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo [2008.12.31 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ [2008.03.20 17:08:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ Toolbar [2008.03.09 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ6 [2008.05.03 17:46:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LimeWire [2008.03.05 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MAGIX [2008.03.01 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia [2007.12.30 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite [2010.12.10 23:14:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PCDr [2010.04.04 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PeerNetworking [2009.10.11 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Plane9 [2007.12.28 23:19:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template [2012.03.15 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TP [2012.09.03 19:06:57 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2008.12.23 16:18:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Ubisoft < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.11.08 21:13:34 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Adobe [2010.01.13 00:52:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Amazon [2010.10.29 21:19:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Apple Computer [2007.12.28 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ATI [2008.03.12 15:51:00 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CyberLink [2009.10.18 01:15:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DivX [2010.06.02 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.22 18:44:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo [2007.12.28 23:06:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Google [2008.12.31 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ [2008.03.20 17:08:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ Toolbar [2008.03.09 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ6 [2007.12.28 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Identities [2008.01.02 15:25:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\InstallShield [2008.05.03 17:46:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LimeWire [2007.12.29 17:36:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Macromedia [2008.03.05 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MAGIX [2010.03.26 07:50:53 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Media Center Programs [2011.01.02 17:43:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Media Player Classic [2010.12.10 23:33:31 | 000,000,000 | --SD | M] -- C:\Users\Paul\AppData\Roaming\Microsoft [2008.11.08 21:06:30 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla [2008.03.01 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia [2007.12.30 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite [2010.12.10 23:14:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PCDr [2010.04.04 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PeerNetworking [2009.10.11 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Plane9 [2012.06.15 11:49:21 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Real [2009.07.31 13:05:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Roxio [2008.12.23 16:18:08 | 000,000,000 | RH-D | M] -- C:\Users\Paul\AppData\Roaming\SecuROM [2012.08.12 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Skype [2007.12.28 23:19:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template [2012.03.15 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TP [2012.08.15 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Winamp [2008.02.29 15:05:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2008.02.29 15:15:07 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Users\Paul\AppData\Roaming\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe [2009.07.29 13:42:18 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Paul\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2008.12.23 16:17:03 | 000,010,134 | R--- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe [2011.05.26 01:05:01 | 051,021,472 | ---- | M] (Dell Inc) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5830_10_32_01.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\09f4528d-d7f8-4941-a47b-59fdf84eb12d\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\0ca64426-db4d-432a-bd67-aff9107d64cf\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\1594939f-1d82-48a1-a923-1fdd5cf0022f\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\2910aba0-f040-4b76-9f5d-c6345edbcdb3\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\41e3569a-0811-4773-baae-cc43e0a96dbe\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\49317d67-e09e-4ece-8a85-4c6f3e247dd9\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\537f2034-8d80-4ce9-80aa-b8e413fb2c36\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\79ec2210-4aa0-43d5-ad9c-bdd97e016ca7\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\83e38759-ce3b-446d-bc03-c79a822f3bad\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\cc3cd55a-fe6b-4f2f-b318-debd0e98f771\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\e5c5ca82-8ed7-49ce-8a72-974316b62bdc\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Paul\AppData\Roaming\PCDr\Update\Rules\fee9f468-4bd6-4640-90ec-d068b0fecf22\DellSignedAppUpdaterRules\AddCertificate.exe [2010.02.28 15:20:53 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\setup3.09\setup.exe [2010.06.01 22:19:01 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\setup3.10\setup.exe [2010.09.20 22:34:25 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\setup3.12\setup.exe [2011.01.27 01:34:02 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\setup3.13\setup.exe [2012.06.07 19:05:34 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe [2012.05.28 00:01:22 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_de.exe [2012.05.28 00:00:32 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Paul\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_de.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.12.21 05:40:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys [2007.12.21 05:40:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2007.12.21 05:40:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2007.12.21 05:40:56 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2007.12.19 23:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\ATI\SUPPORT\8-4_vista32_dd_ccc_wdm_enu_61008\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2006.12.29 01:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\ATI\SUPPORT\8-4_vista32_dd_ccc_wdm_enu_61008\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.12.21 05:41:22 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2007.12.21 05:50:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys [2007.12.21 05:50:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys [2007.12.21 05:50:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys [2007.12.21 05:50:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys [2007.12.21 05:40:53 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys [2007.12.21 05:40:53 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys [2007.12.21 05:41:22 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2007.12.21 05:41:22 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.04.26 12:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys [2007.04.26 12:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys [2007.04.26 12:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys [2007.04.26 12:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.12.21 05:46:36 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.12.21 05:46:37 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\My Games:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\CyberLink:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\Battlefield 2 Demo:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Desktop\Installationsdateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Nokia:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Netscape:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Codemasters:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\City Interactive:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Activision:Roxio EMC Stream @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
|
| Themen zu Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) |
| adobe, adobe flash player, adware, antivirus, avast, avast antivirus, befall, bytes, ergebnis, erkannt, flash player, gelöscht, gen, google, intranet, kaspersky, malware, malware bytes, plug-in, problem, schnell, sekunden, tables, tdss, trojaner, viren, warum, websites, win, win32, öffnet |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
