| |
| |||||||
Log-Analyse und Auswertung: EXP/JAVA.Rettilic.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
07.02.2013, 18:25
| #1 |
 |  EXP/JAVA.Rettilic.Gen Hy, ich habe ein Problem mit meinem Pc und brauche dringend hilfe, weil ich nicht weis, was ich tun soll um das Problem zu lösen. Das Bild verzehrt sich nach der Zeit und ich habe über Avira einen Exploit.gen gefunden. Als ich ihn in quarantäne schickte, kam er irgendwie zurück. Also er war noch drin, aber mein Bildschirm verzehrte sich wieder. Ich habe Malwarebytes suchen geschickt und habe ihn gefunden. Ich habe wie hier beschrieben die scans mit OLD und so durchgeführt. Das kam dabei raus: Vielen Dank im Vorraus :-) OTL EXTRA: OTL Extras logfile created on: 07.02.2013 17:54:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,60% Memory free 7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,92 Gb Total Space | 1806,44 Gb Free Space | 96,97% Space Free | Partition Type: NTFS Drive D: | 570,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 3,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SANCTUARY | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{4A85E8AD-6CF6-D3D1-2280-420452F5E1EE}" = ATI AVIVO64 Codecs "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6AB4EC25-677C-4735-5623-1CCC90E759E4}" = ccc-utility64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{A9417107-5107-C6E7-9649-CF3294E9C491}" = WMV9/VC-1 Video Playback "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{D241AC96-11AC-45C1-A4BA-7A7C6DDCDADD}" = Nitro Reader 2 "{ECA0FDBA-70C2-D23A-6BD3-3D3118DD90B4}" = AMD Drag and Drop Transcoding "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Theme Resource Changer X64 v1.0" = Theme Resource Changer X64 v1.0 "WNLT" = IB Updater Service [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1 "{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish "{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French "{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11 "{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor "{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common "{35A33CA3-9B1B-3653-6C71-0ADB85E96154}" = ccc-core-static "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1 "{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai "{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German "{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish "{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian "{5BE5DB79-685E-46FD-A231-CD7467B69DD7}" = TP-LINK Wireless Utility "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader "{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard "{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian "{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish "{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC "{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian "{BE5D79E8-0B8E-4E97-97E1-3CDEBAB2DEB1}" = Sven XXX - XXL "{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4 "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1 "{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese "{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek "{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision "{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "7tsp_GUI" = 7tsp v0.3 Build(3003) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "APB Reloaded" = APB Reloaded "Avira AntiVir Desktop" = Avira Free Antivirus "Bandicam" = Bandicam "BandiMPEG1" = Bandisoft MPEG-1 Decoder "DAEMON Tools Lite" = DAEMON Tools Lite "Die Polizei" = Die Polizei "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212 "Google Chrome" = Google Chrome "Hoffmanns Email & Netzwerk Schach_is1" = Hoffmans E&N Schach V1.9 "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "PunkBusterSvc" = PunkBuster Services "theHunter" = theHunter (remove only) "TrueCrypt" = TrueCrypt "Wildlife Park 3_is1" = Wildlife Park 3 v1.07 "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GamersFirst LIVE!" = GamersFirst LIVE! "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.01.2013 13:01:14 | Computer Name = Sanctuary | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: police.exe, Version: 0.0.0.0, Zeitstempel: 0x4de64211 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000006e ID des fehlerhaften Prozesses: 0xbcc Startzeit der fehlerhaften Anwendung: 0x01cdf72a2ecaefe1 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Quadriga Games\Die Polizei\bin.x86\police.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: fee1afe1-6322-11e2-8a83-1c6f65aac9d9 Error - 25.01.2013 11:00:48 | Computer Name = Sanctuary | Source = Application Hang | ID = 1002 Description = Programm chrome.exe, Version 24.0.1312.52 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11cc Startzeit: 01cdfafe7181901f Endzeit: 2451 Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Berichts-ID: f873ced9-66ff-11e2-987a-1c6f65aac9d9 Error - 25.01.2013 11:33:01 | Computer Name = Sanctuary | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ca81 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000cd812 ID des fehlerhaften Prozesses: 0xce4 Startzeit der fehlerhaften Anwendung: 0x01cdfb10f340a89d Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\wmp.dll Berichtskennung: 8098c5b7-6704-11e2-92f7-1c6f65aac9d9 Error - 31.01.2013 13:15:16 | Computer Name = Sanctuary | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.56, Zeitstempel: 0x50f8e9e4 Name des fehlerhaften Moduls: chrome.dll, Version: 24.0.1312.56, Zeitstempel: 0x50f8e979 Ausnahmecode: 0x80000003 Fehleroffset: 0x005932c4 ID des fehlerhaften Prozesses: 0x654 Startzeit der fehlerhaften Anwendung: 0x01cdffd6812d7cee Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\chrome.dll Berichtskennung: c7c8709d-6bc9-11e2-bac6-1c6f65aac9d9 Error - 31.01.2013 14:40:31 | Computer Name = Sanctuary | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.56, Zeitstempel: 0x50f8e9e4 Name des fehlerhaften Moduls: chrome.dll, Version: 24.0.1312.56, Zeitstempel: 0x50f8e979 Ausnahmecode: 0x80000003 Fehleroffset: 0x005932c4 ID des fehlerhaften Prozesses: 0xac8 Startzeit der fehlerhaften Anwendung: 0x01cdffe2562e7520 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\chrome.dll Berichtskennung: b01ff101-6bd5-11e2-bb74-1c6f65aac9d9 Error - 31.01.2013 14:40:31 | Computer Name = Sanctuary | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.56, Zeitstempel: 0x50f8e9e4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000008 Fehleroffset: 0x000827b8 ID des fehlerhaften Prozesses: 0xfc4 Startzeit der fehlerhaften Anwendung: 0x01cdffe271f5f7ee Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: b09597ea-6bd5-11e2-bb74-1c6f65aac9d9 Error - 02.02.2013 07:58:43 | Computer Name = Sanctuary | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ca81 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000cd812 ID des fehlerhaften Prozesses: 0xd3c Startzeit der fehlerhaften Anwendung: 0x01ce013c5428624e Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\wmp.dll Berichtskennung: e39a19bb-6d2f-11e2-91d4-1c6f65aac9d9 Error - 02.02.2013 11:27:57 | Computer Name = Sanctuary | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.57, Zeitstempel: 0x510326ea Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba59 Ausnahmecode: 0xc0020043 Fehleroffset: 0x0005cd99 ID des fehlerhaften Prozesses: 0x238 Startzeit der fehlerhaften Anwendung: 0x01ce0159dee9b83a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: 1e6b3f82-6d4d-11e2-bbe8-1c6f65aac9d9 Error - 05.02.2013 12:00:35 | Computer Name = Sanctuary | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2 ID des fehlerhaften Prozesses: 0xb94 Startzeit der fehlerhaften Anwendung: 0x01ce03b9664cebd4 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2cd72fe0-6fad-11e2-93f3-1c6f65aac9d9 Error - 05.02.2013 12:29:31 | Computer Name = Sanctuary | Source = VaudiXUpdater | ID = 0 Description = [ Media Center Events ] Error - 07.11.2012 09:33:52 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0 Description = 14:33:52 - Fehler beim Herstellen der Internetverbindung. 14:33:52 - Serververbindung konnte nicht hergestellt werden.. Error - 07.11.2012 09:34:26 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0 Description = 14:34:26 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 07.11.2012 09:34:26 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0 Description = 14:34:26 - MCEClientUX konnte nicht abgerufen werden (Fehler: Der Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com') Error - 07.11.2012 09:34:31 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0 Description = 14:34:26 - Broadband konnte nicht abgerufen werden (Fehler: Der Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com') Error - 07.11.2012 10:34:43 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0 Description = 15:34:43 - Fehler beim Herstellen der Internetverbindung. 15:34:43 - Serververbindung konnte nicht hergestellt werden.. Error - 07.11.2012 10:34:53 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0 Description = 15:34:48 - Fehler beim Herstellen der Internetverbindung. 15:34:48 - Serververbindung konnte nicht hergestellt werden.. Error - 10.11.2012 06:33:20 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0 Description = 11:33:20 - Fehler beim Herstellen der Internetverbindung. 11:33:20 - Serververbindung konnte nicht hergestellt werden.. Error - 10.11.2012 06:33:30 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0 Description = 11:33:25 - Fehler beim Herstellen der Internetverbindung. 11:33:25 - Serververbindung konnte nicht hergestellt werden.. Error - 17.12.2012 14:12:00 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0 Description = 19:12:00 - Fehler beim Herstellen der Internetverbindung. 19:12:00 - Serververbindung konnte nicht hergestellt werden.. Error - 17.12.2012 14:12:13 | Computer Name = Sanctuary | Source = MCUpdate | ID = 0 Description = 19:12:06 - Fehler beim Herstellen der Internetverbindung. 19:12:06 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 19.10.2012 07:44:51 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 19.10.2012 07:44:51 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error - 19.10.2012 08:08:55 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 19.10.2012 08:08:55 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error - 19.10.2012 08:09:37 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 19.10.2012 08:09:37 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error - 19.10.2012 08:09:58 | Computer Name = Sanctuary | Source = bowser | ID = 8003 Description = Error - 19.10.2012 08:11:21 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 19.10.2012 08:11:21 | Computer Name = Sanctuary | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error - 19.10.2012 08:12:56 | Computer Name = Sanctuary | Source = bowser | ID = 8003 Description = < End of report > OTL: OTL logfile created on: 07.02.2013 17:54:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,60% Memory free 7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,92 Gb Total Space | 1806,44 Gb Free Space | 96,97% Space Free | Partition Type: NTFS Drive D: | 570,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 3,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SANCTUARY | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.07 17:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe PRC - [2012.11.21 08:20:20 | 002,878,616 | ---- | M] (GamersFirst) -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe PRC - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.08 10:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ========== Modules (No Company Name) ========== MOD - [2012.11.08 10:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2012.11.08 10:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2012.11.08 10:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2012.11.08 10:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2012.11.08 10:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2012.11.08 10:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2012.11.08 10:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2012.11.08 10:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2012.11.08 10:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2012.11.08 10:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2012.11.08 10:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2012.11.08 10:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2012.11.08 10:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2012.11.08 10:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2012.10.23 21:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2012.04.26 23:38:30 | 020,758,016 | ---- | M] () -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\libcef.dll MOD - [2011.08.09 16:00:37 | 000,035,840 | ---- | M] () -- C:\Windows\SysWOW64\slc.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.10.23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2012.08.22 16:40:58 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.08.19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Programme\Cyberlink\Shared files\RichVideo64.exe -- (RichVideo64) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.13 19:52:47 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.09.07 18:55:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.04.27 10:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.01.20 23:10:54 | 001,102,112 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2013.02.07 16:40:44 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = ${SEARCH_URL}{searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={920131C6-DE40-11E1-9D6D-1C6F65AAC9D9} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchab.com/?aff=7&uid=c0565a3e-567d-11e2-8369-1c6f65aac9d9 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 DC 78 26 D2 6B CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=114162&tt=3412_4&babsrc=SP_iclro&mntrId=9ea0a3230000000000001c6f65aac9d9 IE - HKCU\..\SearchScopes\{911710C2-A94D-4946-8AB7-01413055E623}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyXm44qXC&i=26 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={681C8A58-101E-41C7-A648-1EBB0DA3FA5F}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://searchab.com/?aff=7&uid=c0565a3e-567d-11e2-8369-1c6f65aac9d9&q={searchTerms} IE - HKCU\..\SearchScopes\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=302C37D5-BF37-4B11-A519-9F092AFD1314&apn_sauid=B755F661-004F-4FE8-9033-871F10086F7E IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={920131C6-DE40-11E1-9D6D-1C6F65AAC9D9} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012.08.03 14:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions [2012.08.03 14:00:10 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.12.16 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.08.12 12:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2012.09.07 18:22:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012.12.16 11:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions [2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.08 21:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\OneClickDownload@OneClickDownload.com [2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.12.16 11:55:25 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi [2012.08.25 22:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll CHR - plugin: Free Studio (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1\Plugins/PerionNewTabChrome-32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\ CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\ CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Visual Elements] C:\Users\******\AppData\Local\Temp\windlog.exe File not found O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24981B71-F5EA-46AE-B7FD-4803BFFAE4ED}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll () O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.06.19 18:39:08 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2002.08.22 12:41:50 | 000,098,304 | R--- | M] () - D:\autoplay.exe -- [ CDFS ] O32 - AutoRun File - [2011.03.17 11:57:07 | 001,635,680 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2009.10.26 11:06:38 | 000,000,042 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{2abce4a0-f911-11e1-83c7-1c6f65aac9d9}\Shell - "" = AutoRun O33 - MountPoints2\{2abce4a0-f911-11e1-83c7-1c6f65aac9d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 11:57:07 | 001,635,680 | R--- | M] () O33 - MountPoints2\{45211992-d75e-11e1-b80d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{45211992-d75e-11e1-b80d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe -- [2002.08.22 12:41:50 | 000,098,304 | R--- | M] () O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 11:57:07 | 001,635,680 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.07 17:53:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2013.02.07 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes [2013.02.07 14:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.07 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.07 14:21:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.07 14:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.07 14:21:43 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Programs [2013.02.05 17:28:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.26 12:39:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.22 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\SChach [2013.01.20 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Unity [2013.01.20 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Unity [2013.01.18 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\.ZMatrix [2013.01.18 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2013.01.18 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZMatrix [2013.01.14 21:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.14 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.01.13 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\TuneUp Software [2013.01.13 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.01.13 16:56:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2013.02.07 17:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2013.02.07 17:51:57 | 000,000,168 | ---- | M] () -- C:\Users\******\defogger_reenable [2013.02.07 17:51:00 | 000,050,477 | ---- | M] () -- C:\Users\******\Desktop\Defogger.exe [2013.02.07 17:50:16 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.07 16:48:05 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.07 16:48:05 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.07 16:41:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.07 16:41:11 | 000,000,364 | -H-- | M] () -- C:\Windows\tasks\ZoomExUpdaterTask{094CBAB5-E71B-40C3-B9AB-3AE5B16F4696}.job [2013.02.07 16:40:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.07 16:40:36 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2013.02.07 14:21:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 17:41:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.05 17:41:52 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.05 17:41:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.05 17:41:52 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.05 17:41:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.19 13:04:26 | 000,299,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.13 20:38:35 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2013.01.09 19:23:53 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2013.02.07 17:51:57 | 000,000,168 | ---- | C] () -- C:\Users\******\defogger_reenable [2013.02.07 17:50:49 | 000,050,477 | ---- | C] () -- C:\Users\******\Desktop\Defogger.exe [2013.02.07 14:21:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.18 20:05:59 | 000,016,180 | ---- | C] () -- C:\Windows\SysNative\Dscene.reg [2013.01.18 19:51:56 | 000,016,180 | ---- | C] () -- C:\Windows\Dscene.reg [2013.01.18 19:41:32 | 001,413,862 | ---- | C] () -- C:\Users\******\Documents\Blob.mpg [2013.01.14 21:45:42 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.14 21:45:39 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.03 23:11:15 | 000,000,044 | ---- | C] () -- C:\Windows\MAILRCV.INI [2012.12.27 21:09:08 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.01 20:18:13 | 000,003,584 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.10 13:12:55 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.11.07 14:46:08 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.07 14:45:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.31 23:19:43 | 000,022,090 | ---- | C] () -- C:\Users\******\AppData\Local\recently-used.xbel [2012.09.13 19:14:02 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\mslck.dat [2012.09.13 19:13:48 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\Mlkf.dll [2012.09.13 19:06:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe.vir [2012.09.13 19:06:05 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\fldlckun.exe [2012.08.01 21:42:00 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2012.07.29 14:37:12 | 000,011,867 | ---- | C] () -- C:\Users\******\AppData\Roaming\TheHunterSettings_live.bin [2012.07.28 17:06:30 | 000,173,235 | ---- | C] () -- C:\Users\******\theHunter-uninstall.exe [2012.07.27 13:17:26 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2012.07.27 13:08:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.07.27 11:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.27 11:47:53 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.09 21:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 21:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\L [2013.01.15 22:03:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\U [2012.08.09 22:19:41 | 000,002,048 | -HS- | M] () -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.18 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\.ZMatrix [2012.08.12 12:19:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\BANDISOFT [2012.09.07 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite [2012.08.08 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Pro [2012.09.07 18:22:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Downloaded Installations [2013.01.13 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft [2012.11.13 21:40:12 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.25 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ExpressFiles [2012.08.23 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Foxit Software [2012.08.25 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Freemium [2013.01.02 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Kongregate [2013.02.07 17:53:32 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nitro PDF [2013.01.13 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\OpenCandy [2012.08.09 10:34:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Origin [2012.12.10 18:45:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhotoScape [2012.12.16 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PowerISO [2012.12.17 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProtectDISC [2012.09.13 19:55:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TrueCrypt [2013.01.13 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TuneUp Software [2013.01.20 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Unity [2012.11.11 20:26:45 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\YourFileDownloader ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C5760A8B < End of report > defogger_disable: defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:51 on 07/02/2013 (Nadine) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU  AEMON Tools Lite -> RemovedChecking for services/drivers... -=E.O.F=- |
|
07.02.2013, 19:37
| #2 |
| /// TB-Ausbilder   | EXP/JAVA.Rettilic.Gen Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
07.02.2013, 20:31
| #3 |
| | EXP/JAVA.Rettilic.Gen Hy,
__________________Ja ich würde sehr gerne mit Ihrer Hilfe eine Bereinigung starten. Ich habe den suchlauf gestartet. Leider hat er nichts gefunden. Kann das sein, weil ich den in Quarantäne habe? Hier ist der Bericht: 20:24:19.0113 0112 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:24:19.0201 0112 ============================================================ 20:24:19.0201 0112 Current date / time: 2013/02/07 20:24:19.0201 20:24:19.0201 0112 SystemInfo: 20:24:19.0201 0112 20:24:19.0201 0112 OS Version: 6.1.7601 ServicePack: 1.0 20:24:19.0201 0112 Product type: Workstation 20:24:19.0201 0112 ComputerName: SANCTUARY 20:24:19.0201 0112 UserName: 20:24:19.0201 0112 Windows directory: C:\Windows 20:24:19.0201 0112 System windows directory: C:\Windows 20:24:19.0201 0112 Running under WOW64 20:24:19.0201 0112 Processor architecture: Intel x64 20:24:19.0201 0112 Number of processors: 3 20:24:19.0201 0112 Page size: 0x1000 20:24:19.0201 0112 Boot type: Normal boot 20:24:19.0201 0112 ============================================================ 20:24:21.0220 0112 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3F161, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 20:24:21.0223 0112 ============================================================ 20:24:21.0223 0112 \Device\Harddisk0\DR0: 20:24:21.0223 0112 MBR partitions: 20:24:21.0223 0112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:24:21.0223 0112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800 20:24:21.0223 0112 ============================================================ 20:24:21.0251 0112 C: <-> \Device\Harddisk0\DR0\Partition2 20:24:21.0251 0112 ============================================================ 20:24:21.0251 0112 Initialize success 20:24:21.0251 0112 ============================================================ 20:24:25.0599 2804 ============================================================ 20:24:25.0599 2804 Scan started 20:24:25.0599 2804 Mode: Manual; 20:24:25.0599 2804 ============================================================ 20:24:27.0402 2804 ================ Scan system memory ======================== 20:24:27.0402 2804 System memory - ok 20:24:27.0403 2804 ================ Scan services ============================= 20:24:27.0526 2804 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:24:27.0528 2804 1394ohci - ok 20:24:27.0567 2804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:24:27.0570 2804 ACPI - ok 20:24:27.0596 2804 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:24:27.0599 2804 AcpiPmi - ok 20:24:27.0646 2804 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 20:24:27.0657 2804 adp94xx - ok 20:24:27.0676 2804 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 20:24:27.0685 2804 adpahci - ok 20:24:27.0701 2804 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 20:24:27.0708 2804 adpu320 - ok 20:24:27.0741 2804 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:24:27.0747 2804 AeLookupSvc - ok 20:24:27.0792 2804 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:24:27.0828 2804 AFD - ok 20:24:27.0873 2804 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:24:27.0892 2804 agp440 - ok 20:24:27.0932 2804 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:24:27.0945 2804 ALG - ok 20:24:27.0963 2804 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:24:27.0974 2804 aliide - ok 20:24:28.0024 2804 [ DCEEE24E57E8176115207312F827C130 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 20:24:28.0043 2804 AMD External Events Utility - ok 20:24:28.0053 2804 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:24:28.0058 2804 amdide - ok 20:24:28.0073 2804 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 20:24:28.0078 2804 AmdK8 - ok 20:24:28.0221 2804 [ F6640D83AF0FD74C50E23E68548EA9A0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:24:28.0304 2804 amdkmdag - ok 20:24:28.0329 2804 [ 20B63276A1920B41E1C56720B395049B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 20:24:28.0337 2804 amdkmdap - ok 20:24:28.0385 2804 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 20:24:28.0386 2804 AmdPPM - ok 20:24:28.0413 2804 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:24:28.0419 2804 amdsata - ok 20:24:28.0450 2804 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 20:24:28.0458 2804 amdsbs - ok 20:24:28.0473 2804 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:24:28.0488 2804 amdxata - ok 20:24:28.0567 2804 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 20:24:28.0593 2804 AntiVirSchedulerService - ok 20:24:28.0626 2804 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 20:24:28.0647 2804 AntiVirService - ok 20:24:28.0708 2804 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:24:28.0713 2804 AppID - ok 20:24:28.0739 2804 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:24:28.0743 2804 AppIDSvc - ok 20:24:28.0794 2804 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:24:28.0800 2804 Appinfo - ok 20:24:28.0837 2804 [ 301AA64F9643BC453D90A66C4C0E7204 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys 20:24:28.0841 2804 AppleCharger - ok 20:24:28.0857 2804 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe 20:24:28.0877 2804 AppleChargerSrv - ok 20:24:28.0903 2804 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 20:24:28.0923 2804 arc - ok 20:24:28.0938 2804 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 20:24:28.0945 2804 arcsas - ok 20:24:29.0065 2804 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:24:29.0106 2804 aspnet_state - ok 20:24:29.0126 2804 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:24:29.0129 2804 AsyncMac - ok 20:24:29.0151 2804 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:24:29.0152 2804 atapi - ok 20:24:29.0237 2804 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 20:24:29.0253 2804 AtiHDAudioService - ok 20:24:29.0287 2804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:24:29.0303 2804 AudioEndpointBuilder - ok 20:24:29.0312 2804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:24:29.0315 2804 AudioSrv - ok 20:24:29.0326 2804 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 20:24:29.0333 2804 avgntflt - ok 20:24:29.0342 2804 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 20:24:29.0350 2804 avipbb - ok 20:24:29.0365 2804 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 20:24:29.0383 2804 avkmgr - ok 20:24:29.0417 2804 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:24:29.0432 2804 AxInstSV - ok 20:24:29.0479 2804 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 20:24:29.0489 2804 b06bdrv - ok 20:24:29.0531 2804 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:24:29.0540 2804 b57nd60a - ok 20:24:29.0629 2804 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:24:29.0658 2804 BDESVC - ok 20:24:29.0803 2804 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:24:29.0819 2804 Beep - ok 20:24:30.0015 2804 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:24:30.0030 2804 BFE - ok 20:24:30.0052 2804 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 20:24:30.0068 2804 BITS - ok 20:24:30.0094 2804 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:24:30.0098 2804 blbdrive - ok 20:24:30.0135 2804 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:24:30.0141 2804 bowser - ok 20:24:30.0154 2804 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:24:30.0157 2804 BrFiltLo - ok 20:24:30.0193 2804 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:24:30.0195 2804 BrFiltUp - ok 20:24:30.0226 2804 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys 20:24:30.0242 2804 Bridge - ok 20:24:30.0245 2804 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 20:24:30.0246 2804 BridgeMP - ok 20:24:30.0273 2804 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:24:30.0280 2804 Browser - ok 20:24:30.0301 2804 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:24:30.0310 2804 Brserid - ok 20:24:30.0327 2804 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:24:30.0343 2804 BrSerWdm - ok 20:24:30.0381 2804 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:24:30.0395 2804 BrUsbMdm - ok 20:24:30.0430 2804 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:24:30.0455 2804 BrUsbSer - ok 20:24:30.0529 2804 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 20:24:30.0560 2804 BthEnum - ok 20:24:30.0632 2804 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 20:24:30.0665 2804 BTHMODEM - ok 20:24:30.0697 2804 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 20:24:30.0717 2804 BthPan - ok 20:24:30.0754 2804 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 20:24:30.0765 2804 BTHPORT - ok 20:24:30.0791 2804 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:24:30.0796 2804 bthserv - ok 20:24:30.0811 2804 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 20:24:30.0817 2804 BTHUSB - ok 20:24:30.0837 2804 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:24:30.0842 2804 cdfs - ok 20:24:30.0886 2804 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:24:30.0902 2804 cdrom - ok 20:24:30.0944 2804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:24:30.0949 2804 CertPropSvc - ok 20:24:30.0970 2804 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 20:24:30.0975 2804 circlass - ok 20:24:31.0011 2804 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:24:31.0027 2804 CLFS - ok 20:24:31.0091 2804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:24:31.0121 2804 clr_optimization_v2.0.50727_32 - ok 20:24:31.0177 2804 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:24:31.0184 2804 clr_optimization_v2.0.50727_64 - ok 20:24:31.0265 2804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:24:31.0501 2804 clr_optimization_v4.0.30319_32 - ok 20:24:31.0519 2804 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:24:31.0521 2804 clr_optimization_v4.0.30319_64 - ok 20:24:31.0549 2804 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:24:31.0570 2804 CmBatt - ok 20:24:31.0594 2804 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:24:31.0598 2804 cmdide - ok 20:24:31.0643 2804 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 20:24:31.0655 2804 CNG - ok 20:24:31.0671 2804 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:24:31.0675 2804 Compbatt - ok 20:24:31.0700 2804 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 20:24:31.0704 2804 CompositeBus - ok 20:24:31.0708 2804 COMSysApp - ok 20:24:31.0717 2804 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 20:24:31.0729 2804 crcdisk - ok 20:24:31.0772 2804 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:24:31.0780 2804 CryptSvc - ok 20:24:31.0836 2804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:24:31.0842 2804 DcomLaunch - ok 20:24:31.0869 2804 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:24:31.0879 2804 defragsvc - ok 20:24:31.0912 2804 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:24:31.0926 2804 DfsC - ok 20:24:31.0979 2804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:24:31.0990 2804 Dhcp - ok 20:24:32.0021 2804 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:24:32.0035 2804 discache - ok 20:24:32.0058 2804 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 20:24:32.0064 2804 Disk - ok 20:24:32.0103 2804 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:24:32.0112 2804 Dnscache - ok 20:24:32.0138 2804 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:24:32.0147 2804 dot3svc - ok 20:24:32.0176 2804 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:24:32.0177 2804 DPS - ok 20:24:32.0209 2804 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:24:32.0212 2804 drmkaud - ok 20:24:32.0304 2804 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 20:24:32.0311 2804 dtsoftbus01 - ok 20:24:32.0350 2804 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:24:32.0376 2804 DXGKrnl - ok 20:24:32.0403 2804 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:24:32.0408 2804 EapHost - ok 20:24:32.0478 2804 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 20:24:32.0524 2804 ebdrv - ok 20:24:32.0534 2804 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:24:32.0548 2804 EFS - ok 20:24:32.0586 2804 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:24:32.0601 2804 ehRecvr - ok 20:24:32.0644 2804 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:24:32.0651 2804 ehSched - ok 20:24:32.0683 2804 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 20:24:32.0695 2804 elxstor - ok 20:24:32.0712 2804 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:24:32.0715 2804 ErrDev - ok 20:24:32.0767 2804 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE 20:24:32.0786 2804 ES lite Service - ok 20:24:32.0878 2804 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:24:32.0895 2804 EventSystem - ok 20:24:32.0911 2804 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:24:32.0918 2804 exfat - ok 20:24:32.0931 2804 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:24:32.0938 2804 fastfat - ok 20:24:32.0969 2804 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:24:32.0974 2804 Fax - ok 20:24:32.0990 2804 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:24:32.0994 2804 fdc - ok 20:24:33.0010 2804 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:24:33.0013 2804 fdPHost - ok 20:24:33.0022 2804 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:24:33.0026 2804 FDResPub - ok 20:24:33.0042 2804 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:24:33.0073 2804 FileInfo - ok 20:24:33.0087 2804 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:24:33.0091 2804 Filetrace - ok 20:24:33.0126 2804 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:24:33.0130 2804 flpydisk - ok 20:24:33.0146 2804 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:24:33.0156 2804 FltMgr - ok 20:24:33.0274 2804 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:24:33.0303 2804 FontCache - ok 20:24:33.0370 2804 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:24:33.0386 2804 FontCache3.0.0.0 - ok 20:24:33.0411 2804 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:24:33.0416 2804 FsDepends - ok 20:24:33.0438 2804 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:24:33.0442 2804 Fs_Rec - ok 20:24:33.0485 2804 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:24:33.0495 2804 fvevol - ok 20:24:33.0518 2804 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 20:24:33.0540 2804 gagp30kx - ok 20:24:33.0577 2804 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys 20:24:33.0581 2804 gdrv - ok 20:24:33.0614 2804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:24:33.0629 2804 gpsvc - ok 20:24:33.0699 2804 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:24:33.0700 2804 gupdate - ok 20:24:33.0710 2804 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:24:33.0711 2804 gupdatem - ok 20:24:33.0743 2804 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:24:33.0748 2804 hcw85cir - ok 20:24:33.0807 2804 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:24:33.0818 2804 HdAudAddService - ok 20:24:33.0847 2804 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 20:24:33.0848 2804 HDAudBus - ok 20:24:33.0879 2804 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 20:24:33.0883 2804 HidBatt - ok 20:24:33.0893 2804 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 20:24:33.0898 2804 HidBth - ok 20:24:33.0910 2804 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 20:24:33.0914 2804 HidIr - ok 20:24:33.0940 2804 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:24:33.0944 2804 hidserv - ok 20:24:33.0968 2804 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:24:33.0972 2804 HidUsb - ok 20:24:33.0997 2804 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:24:34.0003 2804 hkmsvc - ok 20:24:34.0057 2804 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:24:34.0082 2804 HomeGroupListener - ok 20:24:34.0102 2804 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:24:34.0110 2804 HomeGroupProvider - ok 20:24:34.0127 2804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:24:34.0133 2804 HpSAMD - ok 20:24:34.0158 2804 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:24:34.0176 2804 HTTP - ok 20:24:34.0185 2804 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:24:34.0189 2804 hwpolicy - ok 20:24:34.0200 2804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:24:34.0206 2804 i8042prt - ok 20:24:34.0233 2804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:24:34.0252 2804 iaStorV - ok 20:24:34.0325 2804 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:24:34.0382 2804 IDriverT - ok 20:24:34.0432 2804 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:24:34.0467 2804 idsvc - ok 20:24:34.0484 2804 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 20:24:34.0489 2804 iirsp - ok 20:24:34.0527 2804 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:24:34.0545 2804 IKEEXT - ok 20:24:34.0617 2804 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:24:34.0651 2804 IntcAzAudAddService - ok 20:24:34.0685 2804 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:24:34.0701 2804 intelide - ok 20:24:34.0744 2804 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:24:34.0749 2804 intelppm - ok 20:24:34.0799 2804 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:24:34.0805 2804 IPBusEnum - ok 20:24:34.0851 2804 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:24:34.0878 2804 IpFilterDriver - ok 20:24:34.0934 2804 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:24:34.0941 2804 IPMIDRV - ok 20:24:34.0974 2804 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:24:34.0995 2804 IPNAT - ok 20:24:35.0059 2804 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:24:35.0062 2804 IRENUM - ok 20:24:35.0066 2804 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:24:35.0070 2804 isapnp - ok 20:24:35.0094 2804 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:24:35.0105 2804 iScsiPrt - ok 20:24:35.0224 2804 [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe 20:24:35.0311 2804 JMB36X - ok 20:24:35.0360 2804 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 20:24:35.0372 2804 JRAID - ok 20:24:35.0423 2804 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:24:35.0428 2804 kbdclass - ok 20:24:35.0485 2804 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:24:35.0489 2804 kbdhid - ok 20:24:35.0536 2804 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:24:35.0537 2804 KeyIso - ok 20:24:35.0591 2804 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys 20:24:35.0607 2804 KMWDFILTER - ok 20:24:35.0650 2804 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:24:35.0668 2804 KSecDD - ok 20:24:35.0699 2804 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:24:35.0707 2804 KSecPkg - ok 20:24:35.0738 2804 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:24:35.0755 2804 ksthunk - ok 20:24:35.0796 2804 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:24:35.0824 2804 KtmRm - ok 20:24:35.0886 2804 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:24:35.0896 2804 LanmanServer - ok 20:24:35.0938 2804 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:24:35.0957 2804 LanmanWorkstation - ok 20:24:36.0005 2804 LckFldService - ok 20:24:36.0049 2804 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:24:36.0054 2804 lltdio - ok 20:24:36.0122 2804 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:24:36.0161 2804 lltdsvc - ok 20:24:36.0188 2804 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:24:36.0192 2804 lmhosts - ok 20:24:36.0246 2804 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 20:24:36.0252 2804 LSI_FC - ok 20:24:36.0283 2804 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 20:24:36.0288 2804 LSI_SAS - ok 20:24:36.0317 2804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:24:36.0322 2804 LSI_SAS2 - ok 20:24:36.0355 2804 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:24:36.0360 2804 LSI_SCSI - ok 20:24:36.0418 2804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:24:36.0424 2804 luafv - ok 20:24:36.0456 2804 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:24:36.0468 2804 Mcx2Svc - ok 20:24:36.0502 2804 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 20:24:36.0507 2804 megasas - ok 20:24:36.0575 2804 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 20:24:36.0593 2804 MegaSR - ok 20:24:36.0615 2804 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:24:36.0620 2804 MMCSS - ok 20:24:36.0674 2804 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:24:36.0678 2804 Modem - ok 20:24:36.0711 2804 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:24:36.0711 2804 monitor - ok 20:24:36.0742 2804 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:24:36.0748 2804 mouclass - ok 20:24:36.0789 2804 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:24:36.0793 2804 mouhid - ok 20:24:36.0846 2804 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:24:36.0864 2804 mountmgr - ok 20:24:36.0894 2804 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:24:36.0903 2804 mpio - ok 20:24:36.0924 2804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:24:36.0929 2804 mpsdrv - ok 20:24:36.0990 2804 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:24:37.0007 2804 MpsSvc - ok 20:24:37.0044 2804 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:24:37.0051 2804 MRxDAV - ok 20:24:37.0112 2804 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:24:37.0134 2804 mrxsmb - ok 20:24:37.0157 2804 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:24:37.0187 2804 mrxsmb10 - ok 20:24:37.0214 2804 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:24:37.0223 2804 mrxsmb20 - ok 20:24:37.0257 2804 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:24:37.0262 2804 msahci - ok 20:24:37.0334 2804 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:24:37.0360 2804 msdsm - ok 20:24:37.0399 2804 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:24:37.0406 2804 MSDTC - ok 20:24:37.0482 2804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:24:37.0485 2804 Msfs - ok 20:24:37.0515 2804 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:24:37.0517 2804 mshidkmdf - ok 20:24:37.0545 2804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:24:37.0566 2804 msisadrv - ok 20:24:37.0603 2804 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:24:37.0609 2804 MSiSCSI - ok 20:24:37.0613 2804 msiserver - ok 20:24:37.0674 2804 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:24:37.0688 2804 MSKSSRV - ok 20:24:37.0703 2804 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:24:37.0706 2804 MSPCLOCK - ok 20:24:37.0709 2804 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:24:37.0712 2804 MSPQM - ok 20:24:37.0771 2804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:24:37.0780 2804 MsRPC - ok 20:24:37.0809 2804 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 20:24:37.0810 2804 mssmbios - ok 20:24:37.0921 2804 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:24:37.0924 2804 MSTEE - ok 20:24:37.0951 2804 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 20:24:37.0954 2804 MTConfig - ok 20:24:37.0972 2804 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:24:37.0977 2804 Mup - ok 20:24:38.0023 2804 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:24:38.0038 2804 napagent - ok 20:24:38.0079 2804 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:24:38.0089 2804 NativeWifiP - ok 20:24:38.0167 2804 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:24:38.0175 2804 NDIS - ok 20:24:38.0234 2804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:24:38.0238 2804 NdisCap - ok 20:24:38.0273 2804 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:24:38.0277 2804 NdisTapi - ok 20:24:38.0302 2804 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:24:38.0307 2804 Ndisuio - ok 20:24:38.0373 2804 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:24:38.0386 2804 NdisWan - ok 20:24:38.0427 2804 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:24:38.0432 2804 NDProxy - ok 20:24:38.0481 2804 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:24:38.0485 2804 NetBIOS - ok 20:24:38.0523 2804 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:24:38.0532 2804 NetBT - ok 20:24:38.0561 2804 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:24:38.0580 2804 Netlogon - ok 20:24:38.0631 2804 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:24:38.0634 2804 Netman - ok 20:24:38.0690 2804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:24:38.0708 2804 NetMsmqActivator - ok 20:24:38.0723 2804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:24:38.0724 2804 NetPipeActivator - ok 20:24:38.0758 2804 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:24:38.0789 2804 netprofm - ok 20:24:38.0830 2804 [ 04D2EDAB3CFB5A31BB8F53B39693846E ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys 20:24:38.0848 2804 netr28ux - ok 20:24:38.0852 2804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:24:38.0853 2804 NetTcpActivator - ok 20:24:38.0856 2804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:24:38.0857 2804 NetTcpPortSharing - ok 20:24:38.0931 2804 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 20:24:38.0952 2804 nfrd960 - ok 20:24:39.0096 2804 [ B7CF5462B7C275A7AA1E569340058C57 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe 20:24:39.0103 2804 NitroReaderDriverReadSpool2 - ok 20:24:39.0143 2804 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:24:39.0154 2804 NlaSvc - ok 20:24:39.0182 2804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:24:39.0187 2804 Npfs - ok 20:24:39.0226 2804 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:24:39.0230 2804 nsi - ok 20:24:39.0262 2804 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:24:39.0274 2804 nsiproxy - ok 20:24:39.0338 2804 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:24:39.0364 2804 Ntfs - ok 20:24:39.0373 2804 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:24:39.0375 2804 Null - ok 20:24:39.0413 2804 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 20:24:39.0418 2804 nusb3hub - ok 20:24:39.0455 2804 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 20:24:39.0461 2804 nusb3xhc - ok 20:24:39.0511 2804 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:24:39.0517 2804 nvraid - ok 20:24:39.0543 2804 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:24:39.0550 2804 nvstor - ok 20:24:39.0580 2804 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:24:39.0587 2804 nv_agp - ok 20:24:39.0619 2804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:24:39.0625 2804 ohci1394 - ok 20:24:39.0686 2804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:24:39.0690 2804 p2pimsvc - ok 20:24:39.0729 2804 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:24:39.0740 2804 p2psvc - ok 20:24:39.0788 2804 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 20:24:39.0794 2804 Parport - ok 20:24:39.0838 2804 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:24:39.0844 2804 partmgr - ok 20:24:39.0882 2804 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:24:39.0891 2804 PcaSvc - ok 20:24:39.0929 2804 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:24:39.0931 2804 pci - ok 20:24:39.0977 2804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:24:39.0980 2804 pciide - ok 20:24:40.0034 2804 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 20:24:40.0052 2804 pcmcia - ok 20:24:40.0086 2804 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:24:40.0091 2804 pcw - ok 20:24:40.0131 2804 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:24:40.0148 2804 PEAUTH - ok 20:24:40.0203 2804 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:24:40.0224 2804 PerfHost - ok 20:24:40.0288 2804 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:24:40.0310 2804 pla - ok 20:24:40.0340 2804 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:24:40.0353 2804 PlugPlay - ok 20:24:40.0380 2804 PnkBstrA - ok 20:24:40.0419 2804 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:24:40.0424 2804 PNRPAutoReg - ok 20:24:40.0430 2804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:24:40.0432 2804 PNRPsvc - ok 20:24:40.0543 2804 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:24:40.0563 2804 PolicyAgent - ok 20:24:40.0609 2804 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:24:40.0611 2804 Power - ok 20:24:40.0642 2804 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:24:40.0648 2804 PptpMiniport - ok 20:24:40.0662 2804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 20:24:40.0674 2804 Processor - ok 20:24:40.0705 2804 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 20:24:40.0715 2804 ProfSvc - ok 20:24:40.0724 2804 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:24:40.0725 2804 ProtectedStorage - ok 20:24:40.0774 2804 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:24:40.0776 2804 Psched - ok 20:24:40.0813 2804 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 20:24:40.0843 2804 ql2300 - ok 20:24:40.0859 2804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 20:24:40.0867 2804 ql40xx - ok 20:24:40.0900 2804 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:24:40.0909 2804 QWAVE - ok 20:24:40.0927 2804 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:24:40.0931 2804 QWAVEdrv - ok 20:24:40.0950 2804 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:24:40.0953 2804 RasAcd - ok 20:24:41.0001 2804 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:24:41.0006 2804 RasAgileVpn - ok 20:24:41.0013 2804 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:24:41.0018 2804 RasAuto - ok 20:24:41.0053 2804 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:24:41.0074 2804 Rasl2tp - ok 20:24:41.0096 2804 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:24:41.0117 2804 RasMan - ok 20:24:41.0135 2804 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:24:41.0140 2804 RasPppoe - ok 20:24:41.0149 2804 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:24:41.0154 2804 RasSstp - ok 20:24:41.0164 2804 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:24:41.0174 2804 rdbss - ok 20:24:41.0185 2804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 20:24:41.0204 2804 rdpbus - ok 20:24:41.0220 2804 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:24:41.0222 2804 RDPCDD - ok 20:24:41.0234 2804 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:24:41.0237 2804 RDPENCDD - ok 20:24:41.0272 2804 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:24:41.0285 2804 RDPREFMP - ok 20:24:41.0305 2804 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:24:41.0311 2804 RDPWD - ok 20:24:41.0337 2804 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:24:41.0345 2804 rdyboost - ok 20:24:41.0387 2804 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:24:41.0405 2804 RemoteAccess - ok 20:24:41.0409 2804 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:24:41.0417 2804 RemoteRegistry - ok 20:24:41.0436 2804 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 20:24:41.0441 2804 RFCOMM - ok 20:24:41.0486 2804 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\Cyberlink\Shared files\RichVideo64.exe 20:24:41.0494 2804 RichVideo64 - ok 20:24:41.0514 2804 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:24:41.0519 2804 RpcEptMapper - ok 20:24:41.0527 2804 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:24:41.0530 2804 RpcLocator - ok 20:24:41.0561 2804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:24:41.0564 2804 RpcSs - ok 20:24:41.0591 2804 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:24:41.0596 2804 rspndr - ok 20:24:41.0631 2804 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 20:24:41.0641 2804 RTHDMIAzAudService - ok 20:24:41.0680 2804 [ 4FBDA07EF0A3097CE14C5CABF723B278 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 20:24:41.0688 2804 RTL8167 - ok 20:24:41.0696 2804 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:24:41.0697 2804 SamSs - ok 20:24:41.0725 2804 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:24:41.0731 2804 sbp2port - ok 20:24:41.0763 2804 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:24:41.0770 2804 SCardSvr - ok 20:24:41.0790 2804 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:24:41.0809 2804 scfilter - ok 20:24:41.0847 2804 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:24:41.0870 2804 Schedule - ok 20:24:41.0894 2804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:24:41.0895 2804 SCPolicySvc - ok 20:24:41.0921 2804 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:24:41.0932 2804 SDRSVC - ok 20:24:41.0948 2804 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:24:41.0951 2804 secdrv - ok 20:24:41.0986 2804 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:24:41.0991 2804 seclogon - ok 20:24:42.0009 2804 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:24:42.0010 2804 SENS - ok 20:24:42.0021 2804 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:24:42.0025 2804 SensrSvc - ok 20:24:42.0029 2804 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:24:42.0038 2804 Serenum - ok 20:24:42.0065 2804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:24:42.0085 2804 Serial - ok 20:24:42.0124 2804 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 20:24:42.0127 2804 sermouse - ok 20:24:42.0162 2804 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:24:42.0169 2804 SessionEnv - ok 20:24:42.0181 2804 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:24:42.0184 2804 sffdisk - ok 20:24:42.0199 2804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:24:42.0203 2804 sffp_mmc - ok 20:24:42.0214 2804 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:24:42.0217 2804 sffp_sd - ok 20:24:42.0232 2804 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 20:24:42.0235 2804 sfloppy - ok 20:24:42.0267 2804 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:24:42.0278 2804 ShellHWDetection - ok 20:24:42.0303 2804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:24:42.0308 2804 SiSRaid2 - ok 20:24:42.0322 2804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 20:24:42.0328 2804 SiSRaid4 - ok 20:24:42.0350 2804 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:24:42.0356 2804 Smb - ok 20:24:42.0400 2804 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:24:42.0403 2804 SNMPTRAP - ok 20:24:42.0494 2804 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe 20:24:42.0513 2804 Sony SCSI Helper Service - ok 20:24:42.0546 2804 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:24:42.0550 2804 spldr - ok 20:24:42.0602 2804 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 20:24:42.0614 2804 Spooler - ok 20:24:42.0689 2804 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:24:42.0717 2804 sppsvc - ok 20:24:42.0738 2804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:24:42.0743 2804 sppuinotify - ok 20:24:42.0772 2804 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:24:42.0784 2804 srv - ok 20:24:42.0825 2804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:24:42.0837 2804 srv2 - ok 20:24:42.0852 2804 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:24:42.0876 2804 srvnet - ok 20:24:42.0925 2804 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:24:42.0932 2804 SSDPSRV - ok 20:24:42.0950 2804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:24:42.0969 2804 SstpSvc - ok 20:24:42.0986 2804 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 20:24:42.0991 2804 stexstor - ok 20:24:43.0024 2804 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:24:43.0045 2804 stisvc - ok 20:24:43.0080 2804 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 20:24:43.0084 2804 swenum - ok 20:24:43.0120 2804 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:24:43.0131 2804 swprv - ok 20:24:43.0180 2804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:24:43.0195 2804 SysMain - ok 20:24:43.0243 2804 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:24:43.0249 2804 TabletInputService - ok 20:24:43.0263 2804 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:24:43.0273 2804 TapiSrv - ok 20:24:43.0294 2804 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:24:43.0295 2804 TBS - ok 20:24:43.0335 2804 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:24:43.0369 2804 Tcpip - ok 20:24:43.0400 2804 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:24:43.0408 2804 TCPIP6 - ok 20:24:43.0428 2804 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:24:43.0432 2804 tcpipreg - ok 20:24:43.0451 2804 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:24:43.0454 2804 TDPIPE - ok 20:24:43.0476 2804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:24:43.0479 2804 TDTCP - ok 20:24:43.0499 2804 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:24:43.0519 2804 tdx - ok 20:24:43.0522 2804 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 20:24:43.0535 2804 TermDD - ok 20:24:43.0554 2804 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:24:43.0570 2804 TermService - ok 20:24:43.0597 2804 [ B759A6F548A28E262B1456CDBF3B4764 ] Themes C:\Windows\system32\themeservice.dll 20:24:43.0602 2804 Themes - ok 20:24:43.0625 2804 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:24:43.0626 2804 THREADORDER - ok 20:24:43.0643 2804 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:24:43.0651 2804 TrkWks - ok 20:24:43.0695 2804 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys 20:24:43.0706 2804 truecrypt - ok 20:24:43.0737 2804 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:24:43.0744 2804 TrustedInstaller - ok 20:24:43.0774 2804 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:24:43.0778 2804 tssecsrv - ok 20:24:43.0799 2804 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:24:43.0804 2804 TsUsbFlt - ok 20:24:43.0839 2804 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:24:43.0845 2804 tunnel - ok 20:24:43.0854 2804 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 20:24:43.0876 2804 uagp35 - ok 20:24:43.0903 2804 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:24:43.0912 2804 udfs - ok 20:24:43.0950 2804 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:24:43.0956 2804 UI0Detect - ok 20:24:43.0969 2804 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:24:43.0988 2804 uliagpkx - ok 20:24:44.0038 2804 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 20:24:44.0043 2804 umbus - ok 20:24:44.0062 2804 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 20:24:44.0065 2804 UmPass - ok 20:24:44.0086 2804 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:24:44.0094 2804 upnphost - ok 20:24:44.0149 2804 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:24:44.0173 2804 usbaudio - ok 20:24:44.0183 2804 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:24:44.0188 2804 usbccgp - ok 20:24:44.0219 2804 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:24:44.0242 2804 usbcir - ok 20:24:44.0250 2804 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:24:44.0266 2804 usbehci - ok 20:24:44.0283 2804 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:24:44.0293 2804 usbhub - ok 20:24:44.0302 2804 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 20:24:44.0306 2804 usbohci - ok 20:24:44.0335 2804 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:24:44.0338 2804 usbprint - ok 20:24:44.0354 2804 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:24:44.0359 2804 USBSTOR - ok 20:24:44.0376 2804 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:24:44.0380 2804 usbuhci - ok 20:24:44.0410 2804 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:24:44.0416 2804 UxSms - ok 20:24:44.0423 2804 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:24:44.0425 2804 VaultSvc - ok 20:24:44.0434 2804 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:24:44.0438 2804 vdrvroot - ok 20:24:44.0459 2804 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:24:44.0471 2804 vds - ok 20:24:44.0484 2804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:24:44.0488 2804 vga - ok 20:24:44.0491 2804 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:24:44.0495 2804 VgaSave - ok 20:24:44.0513 2804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:24:44.0522 2804 vhdmp - ok 20:24:44.0554 2804 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:24:44.0559 2804 viaide - ok 20:24:44.0578 2804 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:24:44.0597 2804 volmgr - ok 20:24:44.0626 2804 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:24:44.0637 2804 volmgrx - ok 20:24:44.0669 2804 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:24:44.0678 2804 volsnap - ok 20:24:44.0699 2804 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 20:24:44.0706 2804 vsmraid - ok 20:24:44.0761 2804 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:24:44.0784 2804 VSS - ok 20:24:44.0787 2804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 20:24:44.0791 2804 vwifibus - ok 20:24:44.0813 2804 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:24:44.0832 2804 vwififlt - ok 20:24:44.0846 2804 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:24:44.0858 2804 W32Time - ok 20:24:44.0864 2804 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 20:24:44.0868 2804 WacomPen - ok 20:24:44.0897 2804 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:24:44.0903 2804 WANARP - ok 20:24:44.0906 2804 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:24:44.0907 2804 Wanarpv6 - ok 20:24:44.0952 2804 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:24:44.0974 2804 wbengine - ok 20:24:45.0000 2804 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:24:45.0035 2804 WbioSrvc - ok 20:24:45.0069 2804 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:24:45.0078 2804 wcncsvc - ok 20:24:45.0090 2804 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:24:45.0095 2804 WcsPlugInService - ok 20:24:45.0107 2804 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 20:24:45.0111 2804 Wd - ok 20:24:45.0152 2804 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:24:45.0168 2804 Wdf01000 - ok 20:24:45.0185 2804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:24:45.0192 2804 WdiServiceHost - ok 20:24:45.0195 2804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:24:45.0196 2804 WdiSystemHost - ok 20:24:45.0233 2804 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:24:45.0243 2804 WebClient - ok 20:24:45.0255 2804 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:24:45.0263 2804 Wecsvc - ok 20:24:45.0276 2804 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:24:45.0282 2804 wercplsupport - ok 20:24:45.0312 2804 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:24:45.0318 2804 WerSvc - ok 20:24:45.0348 2804 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:24:45.0351 2804 WfpLwf - ok 20:24:45.0354 2804 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:24:45.0359 2804 WIMMount - ok 20:24:45.0365 2804 WinHttpAutoProxySvc - ok 20:24:45.0419 2804 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:24:45.0428 2804 Winmgmt - ok 20:24:45.0467 2804 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:24:45.0494 2804 WinRM - ok 20:24:45.0550 2804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:24:45.0577 2804 Wlansvc - ok 20:24:45.0597 2804 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:24:45.0597 2804 WmiAcpi - ok 20:24:45.0615 2804 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:24:45.0622 2804 wmiApSrv - ok 20:24:45.0656 2804 WMPNetworkSvc - ok 20:24:45.0663 2804 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:24:45.0666 2804 WPCSvc - ok 20:24:45.0681 2804 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:24:45.0688 2804 WPDBusEnum - ok 20:24:45.0706 2804 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:24:45.0710 2804 ws2ifsl - ok 20:24:45.0766 2804 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 20:24:45.0773 2804 wscsvc - ok 20:24:45.0776 2804 WSearch - ok 20:24:45.0842 2804 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:24:45.0864 2804 wuauserv - ok 20:24:45.0886 2804 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:24:45.0891 2804 WudfPf - ok 20:24:45.0930 2804 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:24:45.0937 2804 WUDFRd - ok 20:24:45.0959 2804 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:24:45.0974 2804 wudfsvc - ok 20:24:45.0989 2804 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:24:45.0998 2804 WwanSvc - ok 20:24:46.0027 2804 ================ Scan global =============================== 20:24:46.0052 2804 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:24:46.0086 2804 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 20:24:46.0099 2804 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 20:24:46.0119 2804 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:24:46.0152 2804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:24:46.0164 2804 [Global] - ok 20:24:46.0165 2804 ================ Scan MBR ================================== 20:24:46.0180 2804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 20:24:46.0292 2804 \Device\Harddisk0\DR0 - ok 20:24:46.0292 2804 ================ Scan VBR ================================== 20:24:46.0294 2804 [ A0ED8EAB05DB47B5178A82641F7FE5CC ] \Device\Harddisk0\DR0\Partition1 20:24:46.0295 2804 \Device\Harddisk0\DR0\Partition1 - ok 20:24:46.0298 2804 [ FEE6710962DFE65984D4B357363033F2 ] \Device\Harddisk0\DR0\Partition2 20:24:46.0299 2804 \Device\Harddisk0\DR0\Partition2 - ok 20:24:46.0300 2804 ============================================================ 20:24:46.0300 2804 Scan finished 20:24:46.0300 2804 ============================================================ 20:24:46.0310 3512 Detected object count: 0 20:24:46.0310 3512 Actual detected object count: 0 |
|
07.02.2013, 20:39
| #4 | |
| /// TB-Ausbilder | EXP/JAVA.Rettilic.Gen Servus, Zitat:
 Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.  Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 3 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
|
08.02.2013, 14:01
| #5 |
| | EXP/JAVA.Rettilic.Gen Hy, so ich habe die Programme durchlaufen lassen. Unten sind die Logs. Kann ich denn diese ganzen log dateien und Programme auf dem Desktop löschen, oder muss ich die noch behalten? AdwCleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.111 - Datei am 08/02/2013 um 13:25:09 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ****** - SANCTUARY
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\******\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\Smartdl
Ordner Gelöscht : C:\Program Files (x86)\Zoomex
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Zoomex
Ordner Gelöscht : C:\Users\******\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\******\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\******\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\******\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\******\AppData\Roaming\yourfiledownloader
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchab.com/?aff=7&uid=c0565a3e-567d-11e2-8369-1c6f65aac9d9 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [12708 octets] - [08/02/2013 13:25:09]
########## EOF - C:\AdwCleaner[S1].txt - [12769 octets] ##########
JRT:JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by ****** on 08.02.2013 at 13:33:49,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\******\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Program Files (x86)\vaudix"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2013 at 13:39:51,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 13-02-07.02 - ****** 08.02.2013 13:47:10.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.396 [GMT 1:00]
ausgeführt von:: c:\users\******\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\ntuser.dat
C:\torrent.exe
c:\users\******\theHunter-uninstall.exe
c:\windows\SysWow64\fldlckun.exe
F:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-08 bis 2013-02-08 ))))))))))))))))))))))))))))))
.
.
2013-02-08 12:51 . 2013-02-08 12:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-08 12:33 . 2013-02-08 12:33 -------- d-----w- c:\windows\ERUNT
2013-02-08 12:33 . 2013-02-08 12:33 -------- d-----w- C:\JRT
2013-02-07 13:22 . 2013-02-07 13:22 -------- d-----w- c:\users\******\AppData\Roaming\Malwarebytes
2013-02-07 13:21 . 2013-02-07 13:21 -------- d-----w- c:\programdata\Malwarebytes
2013-02-07 13:21 . 2013-02-07 13:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-07 13:21 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-07 13:21 . 2013-02-07 13:21 -------- d-----w- c:\users\******\AppData\Local\Programs
2013-01-20 18:56 . 2013-01-20 18:56 -------- d-----w- c:\users\******\AppData\Roaming\Unity
2013-01-20 18:55 . 2013-01-20 18:55 -------- d-----w- c:\users\******\AppData\Local\Unity
2013-01-18 19:14 . 2013-01-18 19:14 -------- d-----w- c:\users\******\AppData\Roaming\.ZMatrix
2013-01-18 19:14 . 2013-01-18 19:14 -------- d-----w- c:\program files (x86)\Winamp
2013-01-18 19:14 . 2013-02-05 16:28 -------- d-----w- c:\program files (x86)\ZMatrix
2013-01-18 19:05 . 2008-11-05 05:30 16180 ----a-w- c:\windows\system32\Dscene.reg
2013-01-18 19:05 . 2008-03-18 03:07 275360 ----a-w- c:\windows\system32\DreamScene.dll
2013-01-18 18:51 . 2008-11-05 05:30 16180 ----a-w- c:\windows\Dscene.reg
2013-01-18 18:51 . 2008-03-18 03:07 275360 ----a-w- c:\windows\DreamScene.dll
2013-01-18 18:47 . 2008-03-18 17:55 233888 ----a-w- c:\windows\SysWow64\DreamScene.dll
2013-01-18 17:32 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-14 20:45 . 2013-01-14 20:48 -------- d-----w- c:\program files (x86)\Google
2013-01-13 15:56 . 2013-01-13 15:56 -------- d-----w- c:\users\******\AppData\Roaming\TuneUp Software
2013-01-13 15:56 . 2013-01-13 15:56 -------- d-----w- c:\programdata\TuneUp Software
2013-01-13 15:56 . 2013-01-13 15:56 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-13 15:50 . 2013-01-13 15:50 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-01-13 15:50 . 2013-01-13 15:50 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-01-09 14:40 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 12:53 . 2012-07-27 12:23 25640 ----a-w- c:\windows\gdrv.sys
2013-01-09 18:17 . 2012-07-27 19:18 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-03 20:53 . 2012-11-07 13:48 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-03 20:53 . 2012-11-07 13:46 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-03 19:52 . 2012-11-07 13:46 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-17 19:13 . 2012-11-07 15:36 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-17 19:13 . 2012-11-07 15:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-17 19:13 . 2012-11-01 20:00 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-16 17:11 . 2012-12-20 22:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-20 22:19 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:19 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:19 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 14:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 19:23 . 2012-11-28 19:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-28 19:23 . 2012-11-28 19:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-17 21:55 . 2012-11-07 13:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-14 07:06 . 2012-12-12 21:27 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 21:27 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 21:27 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 21:27 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 21:27 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 21:27 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 21:27 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 21:27 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 21:27 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 21:27 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 21:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 21:27 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 21:27 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 21:27 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 21:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 21:27 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 21:27 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 21:27 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 21:27 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 21:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 21:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 21:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-11 19:44 . 2012-11-11 19:44 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-11 19:44 . 2012-11-11 19:44 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-11 19:44 . 2012-11-11 19:44 188904 ----a-w- c:\windows\system32\java.exe
2012-11-11 19:44 . 2012-11-11 19:44 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-11 19:44 . 2012-08-09 20:22 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-11 19:44 . 2012-08-09 20:22 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-11-08 898952]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
.
c:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\users\******\AppData\Local\GamersFirst\LIVE!\Live.exe [2012-11-21 2878616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-07 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-08-22 216080]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\Cyberlink\Shared files\RichVideo64.exe [2010-08-19 386344]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 14:51 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-14 20:45]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-14 20:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "\Program Files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-APB Reloaded - e:\apb\APB Reloaded\Uninstall.exe
AddRemove-Bandicam - e:\bandicam\uninstall.exe
AddRemove-Folder Access 2.0.0 Full Version - c:\progra~2\FOLDER~1\FOLDER~1.EXE
AddRemove-theHunter - c:\users\******\theHunter-uninstall.exe
AddRemove-Wildlife Park 3_is1 - f:\wlp\Wildlife Park 3\unins000.exe
.
.
"ImagePath"="\"c:\program files\Cyberlink\Shared files\RichVideo64.exe\"\00Z
[\]^_Ï\00\00Ï\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~Ï\00\00Ï\00\00\00\00m\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\USERS\******\DESKTOP\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T16:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T16:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T16:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\users\******\DESKTOP\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-08 13:57:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-08 12:57
.
Vor Suchlauf: 12 Verzeichnis(se), 1.939.385.176.064 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 1.939.194.896.384 Bytes frei
.
- - End Of File - - 2FC4A5C5093A14A53D1E37781E904BE5
L.G. Nadine |
|
08.02.2013, 17:47
| #6 | |
| /// TB-Ausbilder | EXP/JAVA.Rettilic.Gen Servus, Zitat:
 Bitte die Programme auf dem Rechner lassen (kann sein, dass wir sie nochmal benötigen). Am Ende der Bereinigung entfernen wir die Programme auch wieder, keine Sorge. Schritt 1 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Schritt 2 Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror # 1
Wie läuft dein Rechner derzeit? Gibt es noch Probleme, die auf Malware hindeuten? Wenn ja, welche? Bitte poste mit deiner nächsten Antwort
|
|
09.02.2013, 12:52
| #7 |
| | EXP/JAVA.Rettilic.Gen Hy, ne ich bin nicht ungeduldig :-) , es stört mich nur ein klein wenig wenn mein Desktop so vollgeladen ist. Normalerweise halte ich Ordnung. Aber ok, ich mache mal eine Ausnahme :-D. Ja es gibt noch ein paar Probleme. Und und zwar wenn ich den Pc starte kommt noch immer eine kleine Verzerrung. Aber die große Verzerrung, die nach einer Weile beginnt, ist schon mal weg. Aber wie oben schon beschrieben ist der Exploit damit nicht weg, es zeigen sich nur minimale Symptome. So hier ist OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.02.2013 12:29:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 64,58% Memory free 7,99 Gb Paging File | 6,37 Gb Available in Paging File | 79,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,92 Gb Total Space | 1806,14 Gb Free Space | 96,95% Space Free | Partition Type: NTFS Drive D: | 570,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 931,51 Gb Total Space | 841,20 Gb Free Space | 90,31% Space Free | Partition Type: NTFS Computer Name: SANCTUARY | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.09 12:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.11.21 08:20:20 | 002,878,616 | ---- | M] (GamersFirst) -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe PRC - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.08 10:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ========== Modules (No Company Name) ========== MOD - [2013.02.05 18:14:05 | 012,459,888 | ---- | M] () -- C:\Users\******\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll MOD - [2012.11.08 10:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2012.11.08 10:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2012.11.08 10:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2012.11.08 10:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2012.11.08 10:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2012.11.08 10:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2012.11.08 10:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2012.11.08 10:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2012.11.08 10:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2012.11.08 10:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2012.11.08 10:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2012.11.08 10:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2012.11.08 10:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2012.11.08 10:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2012.10.23 21:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2012.04.26 23:38:30 | 020,758,016 | ---- | M] () -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\libcef.dll MOD - [2011.08.09 16:00:37 | 000,035,840 | ---- | M] () -- C:\Windows\SysWOW64\slc.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.10.23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2012.08.22 16:40:58 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.08.19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Programme\Cyberlink\Shared files\RichVideo64.exe -- (RichVideo64) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.13 19:52:47 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.09.07 18:55:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.04.27 10:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.01.20 23:10:54 | 001,102,112 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2013.02.09 12:27:21 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 DC 78 26 D2 6B CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{911710C2-A94D-4946-8AB7-01413055E623}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyXm44qXC&i=26 IE - HKCU\..\SearchScopes\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=302C37D5-BF37-4B11-A519-9F092AFD1314&apn_sauid=B755F661-004F-4FE8-9033-871F10086F7E IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012.08.03 14:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions [2012.08.03 14:00:10 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.12.16 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.08.12 12:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2012.09.07 18:22:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012.12.16 11:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions [2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.08 21:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\OneClickDownload@OneClickDownload.com [2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.12.16 11:55:25 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi [2012.08.25 22:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll CHR - plugin: Free Studio (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1\Plugins/PerionNewTabChrome-32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\ CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\ CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.02.08 13:54:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24981B71-F5EA-46AE-B7FD-4803BFFAE4ED}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll () O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.06.19 18:39:08 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2002.08.22 12:41:50 | 000,098,304 | R--- | M] () - D:\autoplay.exe -- [ CDFS ] O32 - AutoRun File - [2011.04.28 17:44:28 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.09 12:29:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2013.02.08 13:57:47 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.08 13:54:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.02.08 13:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.08 13:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.08 13:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.08 13:44:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.08 13:43:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.08 13:43:07 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\******\Desktop\ComboFix.exe [2013.02.08 13:33:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.08 13:33:38 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.08 13:32:57 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\******\Desktop\JRT.exe [2013.02.07 20:23:53 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\******\Desktop\tdsskiller.exe [2013.02.07 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes [2013.02.07 14:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.07 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.07 14:21:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.07 14:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.07 14:21:43 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Programs [2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.22 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\SChach [2013.01.20 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Unity [2013.01.20 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Unity [2013.01.18 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\.ZMatrix [2013.01.18 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2013.01.18 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZMatrix [2013.01.14 21:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.14 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.01.13 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\TuneUp Software [2013.01.13 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.01.13 16:56:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2013.02.09 12:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2013.02.09 12:27:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.09 12:27:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.09 12:26:58 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2013.02.08 22:56:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.08 21:44:52 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.08 21:44:52 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.08 13:54:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.08 13:43:31 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\******\Desktop\ComboFix.exe [2013.02.08 13:33:02 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\******\Desktop\JRT.exe [2013.02.08 13:24:46 | 000,582,209 | ---- | M] () -- C:\Users\******\Desktop\adwcleaner.exe [2013.02.07 20:24:06 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\******\Desktop\tdsskiller.exe [2013.02.07 17:51:57 | 000,000,168 | ---- | M] () -- C:\Users\******\defogger_reenable [2013.02.07 14:21:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 17:41:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.05 17:41:52 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.05 17:41:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.05 17:41:52 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.05 17:41:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.19 13:04:26 | 000,299,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.13 20:38:35 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2013.02.08 13:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.08 13:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.08 13:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.08 13:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.08 13:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.08 13:24:44 | 000,582,209 | ---- | C] () -- C:\Users\******\Desktop\adwcleaner.exe [2013.02.07 17:51:57 | 000,000,168 | ---- | C] () -- C:\Users\******\defogger_reenable [2013.02.07 14:21:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.18 20:05:59 | 000,016,180 | ---- | C] () -- C:\Windows\SysNative\Dscene.reg [2013.01.18 19:51:56 | 000,016,180 | ---- | C] () -- C:\Windows\Dscene.reg [2013.01.18 19:41:32 | 001,413,862 | ---- | C] () -- C:\Users\******\Documents\Blob.mpg [2013.01.14 21:45:42 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.14 21:45:39 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.03 23:11:15 | 000,000,044 | ---- | C] () -- C:\Windows\MAILRCV.INI [2012.12.27 21:09:08 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.01 20:18:13 | 000,003,584 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.10 13:12:55 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.11.07 14:46:08 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.07 14:45:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.31 23:19:43 | 000,022,090 | ---- | C] () -- C:\Users\******\AppData\Local\recently-used.xbel [2012.09.13 19:14:02 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\mslck.dat [2012.09.13 19:13:48 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\Mlkf.dll [2012.09.13 19:06:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe.vir [2012.08.01 21:42:00 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2012.07.29 14:37:12 | 000,011,867 | ---- | C] () -- C:\Users\******\AppData\Roaming\TheHunterSettings_live.bin [2012.07.27 13:17:26 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2012.07.27 13:08:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.07.27 11:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.27 11:47:53 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.09 21:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 21:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\L [2013.01.15 22:03:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\U [2012.08.09 22:19:41 | 000,002,048 | -HS- | M] () -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.18 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\.ZMatrix [2012.08.12 12:19:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\BANDISOFT [2012.09.07 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite [2012.08.08 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Pro [2012.09.07 18:22:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Downloaded Installations [2013.01.13 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft [2012.08.25 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ExpressFiles [2012.08.23 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Foxit Software [2012.08.25 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Freemium [2013.01.02 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Kongregate [2013.02.08 14:00:29 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nitro PDF [2012.08.09 10:34:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Origin [2012.12.10 18:45:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhotoScape [2012.12.16 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PowerISO [2012.12.17 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProtectDISC [2012.09.13 19:55:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TrueCrypt [2013.01.13 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TuneUp Software [2013.01.20 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Unity ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C5760A8B < End of report > Und SystemLook: ystemLook 30.07.11 by jpshortstuff Log created at 12:37 on 09/02/2013 by ****** Administrator - Elevation successful ========== filefind ========== Searching for "*sweet*" C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx --a---- 9139 bytes [14:27 04/08/2012] [14:27 04/08/2012] 3C1023312970B037B893BA8856B6E727 Searching for "*Conduit*" C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe --a---- 73080 bytes [15:50 13/01/2013] [16:26 20/08/2012] 9A5E999C90861CE9B7906DBF429D4238 C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\ConduitAbstractionLayer.js --a---- 30362 bytes [13:00 03/08/2012] [22:04 16/07/2012] 3A48E45ABF3AA24C74640AFA9EDB7B14 C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [13:00 03/08/2012] [22:04 16/07/2012] 5F8EF9A0B050532B90B2645E9627E3F9 C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [13:00 03/08/2012] [22:04 16/07/2012] 04EC2FEFD3A417F86E983508778A00DD C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\skin\conduitToolBarStyle.css --a---- 3 bytes [13:00 03/08/2012] [22:04 16/07/2012] ECAA88F7FA0BF610A5A26CF545DCD3AA C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\lib\log4conduit.jsm --a---- 760 bytes [13:00 03/08/2012] [22:04 16/07/2012] 93898FE6A232C5FCD838D8168F65D802 Searching for "*Zoomex*" No files found. Searching for "*Babylon*" No files found. Searching for "*Ask Toolbar*" No files found. Searching for "*yourfiledownloader*" No files found. Searching for "*feed.helperbar*" No files found. Searching for "*vaudix*" C:\Windows\Prefetch\VAUDIX.EXE-E8B3B572.pf --a---- 38580 bytes [19:11 26/01/2013] [16:29 05/02/2013] F4E33B6FAC69F52A01BD3EE1364EB052 ========== folderfind ========== Searching for "*sweet*" No folders found. Searching for "*Conduit*" No folders found. Searching for "*Zoomex*" No folders found. Searching for "*Babylon*" No folders found. Searching for "*Ask Toolbar*" No folders found. Searching for "*yourfiledownloader*" No folders found. Searching for "*feed.helperbar*" No folders found. Searching for "*vaudix*" No folders found. ========== regfind ========== Searching for "sweet" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage] "WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\SweetIM] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS] [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage] "WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\SweetIM] Searching for "Conduit" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage] "WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage] "WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q Searching for "Zoomex" [HKEY_CURRENT_USER\Software\PrivitizeVPNInstallDates] "zoomex"="190446206126" [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\PrivitizeVPNInstallDates] "zoomex"="190446206126" Searching for "Babylon" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage] "WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] @="BabylonHelper" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32] @="E:\Babylon\Babylon.exe\1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\HELPDIR] @="E:\Babylon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] @="BabylonHelper" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32] @="E:\Babylon\Babylon.exe\1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\HELPDIR] @="E:\Babylon" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] @="BabylonHelper" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\0\win32] @="E:\Babylon\Babylon.exe\1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\1.0\HELPDIR] @="E:\Babylon" [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\script_storage] "WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q Searching for "Ask Toolbar" No data found. Searching for "yourfiledownloader" [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\YourFileDownloader\YourFile.exe"="YourFile Downloader" [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\YourFileDownloader\YourFile.exe"="YourFile Downloader" [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\YourFileDownloader\YourFile.exe"="YourFile Downloader" Searching for "feed.helperbar" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}" [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c3f55b24-2db9-4511-8fe8-c169cd54e922&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}" Searching for "vaudix" [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\******\AppData\Local\Temp\{C7ECE2A7-E6E7-4095-A27E-AEC51C0FC051}\Addons\vaudix_extension.exe"="7z Setup SFX" [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\******\Downloads\VaudiX.exe"="Installer" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}\InprocServer32] @="C:\ProgramData\Premium\VaudiX\run6730.tmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39D96DA9-1568-022A-2313-CA057A1950C8}] "TizPath"="C:\Users\******\Downloads\VaudiX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}\InprocServer32] @="C:\ProgramData\Premium\VaudiX\run6730.tmp" [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\******\AppData\Local\Temp\{C7ECE2A7-E6E7-4095-A27E-AEC51C0FC051}\Addons\vaudix_extension.exe"="7z Setup SFX" [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\******\Downloads\VaudiX.exe"="Installer" [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\******\AppData\Local\Temp\{C7ECE2A7-E6E7-4095-A27E-AEC51C0FC051}\Addons\vaudix_extension.exe"="7z Setup SFX" [HKEY_USERS\S-1-5-21-1567456602-3534331123-1802769868-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\******\Downloads\VaudiX.exe"="Installer" -= EOF =- -- L.G. Nadine |
|
09.02.2013, 15:08
| #8 |
| /// TB-Ausbilder | EXP/JAVA.Rettilic.Gen Servus, das mit dem Desktop ist ja nur vorübergehend. Du hast deinen Benutzernamen durch ***** unkenntlich gemacht. Füge beim OTL-Fix an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren. Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\SearchScopes\{911710C2-A94D-4946-8AB7-01413055E623}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyXm44qXC&i=26
IE - HKCU\..\SearchScopes\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
[2012.08.03 14:00:10 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
:files
C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}
%LOCALAPPDATA%\{fa9187d7-ddad-308b-0083-8078e799e239}
%LOCALAPPDATA%\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}
C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
%APPDATA%\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\SweetIM]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\YourFileDownloader\YourFile.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39D96DA9-1568-022A-2313-CA057A1950C8}]
:commands
[Emptytemp]
Schritt 2 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Wie läuft der Rechner?  Bitte poste mit deiner nächsten Antwort
|
|
09.02.2013, 15:54
| #9 |
| | EXP/JAVA.Rettilic.Gen Hy, Ja mein Rechner läuft bis jetzt ohne störungen. Ist das mit der Quarantäne egal? Und wozu diente dieser Fix? Hier sind die Daten: OTL-Fix: All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{911710C2-A94D-4946-8AB7-01413055E623}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{911710C2-A94D-4946-8AB7-01413055E623}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5023E1-A739-4C3D-A7F3-8E9FEF935922}\ not found. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\Plugins folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\modules folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\META-INF folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\lib folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\defaults\preferences folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\defaults folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\skin folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\sl folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\lib folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\core folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\WEATHER\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\WEATHER\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\WEATHER folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER\resources folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER\img folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TWITTER folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_POPUP\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_POPUP folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\TESTER_BCAPI folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view\style folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view\script folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\view folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\resources folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\Css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH\buildSettings folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\SEARCH folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\RADIO_PLAYER folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\images folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\PRICE_GONG folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\Optimizer\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\Optimizer folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\images folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\NOTIFICATION folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\img folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\MULTI_RSS folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\HIGHLIGHTER folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa\404 folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\wa folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu\img folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\menu folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gf\img folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gf\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gf folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\gadgetFrame folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\dlg\ftd\images folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\dlg\ftd folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui\dlg folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ui folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\searchProtector folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\js\resources folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\images folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\options folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\myStuffDialogs folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\features\js\resources folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\features\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\features folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\api folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac\res folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac\img folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac\css folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\ac folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\js folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox\images folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al\aboutBox folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb\al folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content\tb folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647\content folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\CT2851647 folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome folder moved successfully. C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} folder moved successfully. File C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll not found. File C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll not found. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found. ========== FILES ========== C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\U folder moved successfully. C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239}\L folder moved successfully. C:\Windows\Installer\{fa9187d7-ddad-308b-0083-8078e799e239} folder moved successfully. C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\U folder moved successfully. C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239}\L folder moved successfully. C:\Users\******\AppData\Local\{fa9187d7-ddad-308b-0083-8078e799e239} folder moved successfully. C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} folder moved successfully. C:\Program Files (x86)\Common Files\DVDVideoSoft\TB folder moved successfully. File/Folder C:\Users\******\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\IB Updater\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1567456602-3534331123-1802769868-1000\Software\SweetIM\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\YourFileDownloader\YourFile.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASAPI32\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VaudiX_RASMANCS\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39D96DA9-1568-022A-2313-CA057A1950C8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39D96DA9-1568-022A-2313-CA057A1950C8}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ****** ->Temp folder emptied: 354978 bytes ->Temporary Internet Files folder emptied: 4819052 bytes ->Java cache emptied: 3991937 bytes ->Google Chrome cache emptied: 255407114 bytes ->Flash cache emptied: 652 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 252,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02092013_153450 Files\Folders moved on Reboot... C:\Users\******\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... OTL Scann:OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.02.2013 15:45:17 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 0,17 Gb Available Physical Memory | 4,26% Memory free 7,99 Gb Paging File | 3,77 Gb Available in Paging File | 47,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,92 Gb Total Space | 1806,18 Gb Free Space | 96,95% Space Free | Partition Type: NTFS Drive D: | 570,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 931,51 Gb Total Space | 841,20 Gb Free Space | 90,31% Space Free | Partition Type: NTFS Computer Name: SANCTUARY | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.09 12:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.11.21 08:20:20 | 002,878,616 | ---- | M] (GamersFirst) -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe PRC - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.08 10:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ========== Modules (No Company Name) ========== MOD - [2013.02.05 18:14:05 | 012,459,888 | ---- | M] () -- C:\Users\******\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll MOD - [2012.11.08 10:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2012.11.08 10:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2012.11.08 10:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2012.11.08 10:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2012.11.08 10:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2012.11.08 10:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2012.11.08 10:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2012.11.08 10:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2012.11.08 10:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2012.11.08 10:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2012.11.08 10:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2012.11.08 10:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2012.11.08 10:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2012.11.08 10:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2012.10.23 21:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2012.04.26 23:38:30 | 020,758,016 | ---- | M] () -- C:\Users\******\AppData\Local\GamersFirst\LIVE!\libcef.dll MOD - [2011.08.09 16:00:37 | 000,035,840 | ---- | M] () -- C:\Windows\SysWOW64\slc.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2012.11.17 22:55:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.10.23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2012.08.22 16:40:58 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.08.19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Programme\Cyberlink\Shared files\RichVideo64.exe -- (RichVideo64) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.13 19:52:47 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.09.07 18:55:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.04.27 10:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.01.20 23:10:54 | 001,102,112 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2013.02.09 15:37:33 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 DC 78 26 D2 6B CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.02.09 15:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions [2012.12.16 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.08.12 12:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2012.09.07 18:22:23 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012.12.16 11:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions [2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.08 21:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\OneClickDownload@OneClickDownload.com [2012.08.12 12:57:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.12.16 11:55:25 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi [2012.08.25 22:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.11.21.5_0\plugins/np-cwmp.dll CHR - plugin: Free Studio (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_1\Plugins/PerionNewTabChrome-32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\ CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Docs = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\ CHR - Extension: Ti\u00EBsto = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.02.08 13:54:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\******\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24981B71-F5EA-46AE-B7FD-4803BFFAE4ED}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll () O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.06.19 18:39:08 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2002.08.22 12:41:50 | 000,098,304 | R--- | M] () - D:\autoplay.exe -- [ CDFS ] O32 - AutoRun File - [2011.04.28 17:44:28 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.09 15:34:50 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.09 12:29:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2013.02.08 13:57:47 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.08 13:54:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.02.08 13:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.08 13:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.08 13:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.08 13:44:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.08 13:43:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.08 13:43:07 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\******\Desktop\ComboFix.exe [2013.02.08 13:33:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.08 13:33:38 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.08 13:32:57 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\******\Desktop\JRT.exe [2013.02.07 20:23:53 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\******\Desktop\tdsskiller.exe [2013.02.07 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes [2013.02.07 14:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.07 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.07 14:21:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.07 14:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.07 14:21:43 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Programs [2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.22 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\SChach [2013.01.20 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Unity [2013.01.20 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Unity [2013.01.18 20:14:09 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\.ZMatrix [2013.01.18 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2013.01.18 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZMatrix [2013.01.14 21:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.14 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.01.13 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\TuneUp Software [2013.01.13 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.01.13 16:56:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.01.13 16:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2013.02.09 15:44:55 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.09 15:44:55 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.09 15:41:10 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.09 15:37:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.09 15:37:21 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2013.02.09 14:56:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.09 12:37:13 | 000,165,376 | ---- | M] () -- C:\Users\******\Desktop\SystemLook_x64.exe [2013.02.09 12:29:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2013.02.08 13:54:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.08 13:43:31 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\******\Desktop\ComboFix.exe [2013.02.08 13:33:02 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\******\Desktop\JRT.exe [2013.02.08 13:24:46 | 000,582,209 | ---- | M] () -- C:\Users\******\Desktop\adwcleaner.exe [2013.02.07 20:24:06 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\******\Desktop\tdsskiller.exe [2013.02.07 17:51:57 | 000,000,168 | ---- | M] () -- C:\Users\******\defogger_reenable [2013.02.07 14:21:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 17:41:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.05 17:41:52 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.05 17:41:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.05 17:41:52 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.05 17:41:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.19 13:04:26 | 000,299,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.13 20:38:35 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2013.02.09 12:37:11 | 000,165,376 | ---- | C] () -- C:\Users\******\Desktop\SystemLook_x64.exe [2013.02.08 13:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.08 13:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.08 13:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.08 13:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.08 13:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.08 13:24:44 | 000,582,209 | ---- | C] () -- C:\Users\******\Desktop\adwcleaner.exe [2013.02.07 17:51:57 | 000,000,168 | ---- | C] () -- C:\Users\******\defogger_reenable [2013.02.07 14:21:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.18 20:05:59 | 000,016,180 | ---- | C] () -- C:\Windows\SysNative\Dscene.reg [2013.01.18 19:51:56 | 000,016,180 | ---- | C] () -- C:\Windows\Dscene.reg [2013.01.18 19:41:32 | 001,413,862 | ---- | C] () -- C:\Users\******\Documents\Blob.mpg [2013.01.14 21:45:42 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.14 21:45:39 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.03 23:11:15 | 000,000,044 | ---- | C] () -- C:\Windows\MAILRCV.INI [2012.12.27 21:09:08 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.01 20:18:13 | 000,003,584 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.10 13:12:55 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.11.07 14:46:08 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.07 14:45:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.31 23:19:43 | 000,022,090 | ---- | C] () -- C:\Users\******\AppData\Local\recently-used.xbel [2012.09.13 19:14:02 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\mslck.dat [2012.09.13 19:13:48 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\Mlkf.dll [2012.09.13 19:06:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe.vir [2012.08.01 21:42:00 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2012.07.29 14:37:12 | 000,011,867 | ---- | C] () -- C:\Users\******\AppData\Roaming\TheHunterSettings_live.bin [2012.07.27 13:17:26 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2012.07.27 13:08:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.07.27 11:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.27 11:47:53 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.09 21:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 21:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.18 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\.ZMatrix [2012.08.12 12:19:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\BANDISOFT [2012.09.07 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite [2012.08.08 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Pro [2012.09.07 18:22:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Downloaded Installations [2013.01.13 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft [2012.08.25 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ExpressFiles [2012.08.23 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Foxit Software [2012.08.25 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Freemium [2013.01.02 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Kongregate [2013.02.09 15:33:39 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nitro PDF [2012.08.09 10:34:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Origin [2012.12.10 18:45:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhotoScape [2012.12.16 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PowerISO [2012.12.17 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProtectDISC [2012.09.13 19:55:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TrueCrypt [2013.01.13 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TuneUp Software [2013.01.20 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Unity ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C5760A8B < End of report > |
|
09.02.2013, 16:07
| #10 | ||
| /// TB-Ausbilder | EXP/JAVA.Rettilic.Gen Servus, Zitat:
Zitat:
Wir führen noch ein paar Kontrollsuchläufe durch. Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
09.02.2013, 19:38
| #11 |
| | EXP/JAVA.Rettilic.Gen Hy, so ich habe hier wieder die logs. Ist ja gut zu wissen :-) . Aber ich finde dein Wissen diesbezüglich bemerkenswert. Woher weist du dass alles :-D . MBAM: Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.09.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ****** :: SANCTUARY [Administrator] 09.02.2013 17:13:41 mbam-log-2013-02-09 (17-13-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 216306 Laufzeit: 3 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=61acb97f362eea49825d55a95cc74f16 # engine=13093 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-09 06:28:08 # local_time=2013-02-09 07:28:08 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 28871 225857778 74629 0 # compatibility_mode=5893 16776574 100 94 16971303 112064338 0 0 # scanned=107571 # found=0 # cleaned=0 # scan_time=2915 SecurityCheck: Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 TuneUp Utilities Language Pack (de-DE) Java 7 Update 11 Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` L.G.Nadine |
|
09.02.2013, 20:06
| #12 | |
| /// TB-Ausbilder | EXP/JAVA.Rettilic.Gen Servus, Zitat:
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 3 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 4 Downloade dir bitte delfix auf deinen Desktop.
Schritt 5 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
09.02.2013, 22:15
| #13 |
| | EXP/JAVA.Rettilic.Gen Hy, so erstmal dankeschön, dass du mir geholfen hast :-). Ohne deine Hilfe hätte ich das nicht hinbekommen. Aber ein kleines Problem gibt es trotzdem. Und zwar bei Java. Ich kann nicht auf Einstellungen klicken. Da tut sich nichts. Auf Ansicht ( der Button daneben) kann ich klicken aber halt nicht darauf. Ist das schlimm? Und als ich TFC eben mal gestartet habe, kamen ausgeschnittene Daten auf meinen Desktop. Wie z.B. Desktop.ini mit einem Zahnrad drauf. Kann ich das ohne Bedenken löschen? Sonst hat alles geklappt. Und ich wusste gar nicht, dass man hier eine Ausbildung machen kann. Hmm. Find ich aber toll, dass es noch so welche Menschen wie dich gibt. Ich werde dich definitiv in meinem Freundes und Familienkreis weiterempfehlen ;-) L.G. Nadine |
|
10.02.2013, 12:38
| #14 | ||
| /// TB-Ausbilder | EXP/JAVA.Rettilic.Gen Servus, Zitat:
Zitat:
Datei-Endungen unter Windows wieder unsichtbar machen Ich bin froh, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu EXP/JAVA.Rettilic.Gen |
| .com, adblock, avira, bho, bildschirm, browser, converter, dringend, email, error, exp/java.rettilic.gen, firefox, flash player, google, home, homepage, install.exe, logfile, mp3, ntdll.dll, plug-in, problem, programm, realtek, registry, schach, security, software, sweetpacks, usb, virus;trojaner;malware;explit;scanns, windows |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
