Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Loadtbs-3.0 entfernen, Schäden beseitigen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.02.2013, 12:51   #1
Mitchbox
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Hallo zusammen,

ich habe mit Avira Internetsecurity 2012 einen Vollscan durchgeführt, und das ist das Ergebnis:


Code:
ATTFilter
Avira Internet Security 2012
Erstellungsdatum der Reportdatei: Montag, 4. Februar 2013  17:26

Es wird nach 4925249 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : ***
Seriennummer   :***
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : MITCH-PC

Versionsinformationen:
BUILD.DAT      : 12.1.9.1197    48681 Bytes  11.10.2012 15:22:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  13.11.2012 15:43:44
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  20.06.2012 17:56:38
LUKE.DLL       : 12.3.0.15      68304 Bytes  20.06.2012 17:58:02
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  20.06.2012 18:00:05
AVREG.DLL      : 12.3.0.17     232200 Bytes  20.06.2012 18:00:04
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 17:50:44
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 17:50:44
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 17:52:41
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 17:53:18
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 17:53:53
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 15:17:27
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 15:02:15
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 11:56:50
VBASE008.VDF   : 7.11.55.142  2214912 Bytes  03.01.2013 12:43:20
VBASE009.VDF   : 7.11.55.143     2048 Bytes  03.01.2013 12:43:24
VBASE010.VDF   : 7.11.55.144     2048 Bytes  03.01.2013 12:43:24
VBASE011.VDF   : 7.11.55.145     2048 Bytes  03.01.2013 12:43:29
VBASE012.VDF   : 7.11.55.146     2048 Bytes  03.01.2013 12:43:30
VBASE013.VDF   : 7.11.55.196   260096 Bytes  04.01.2013 12:59:36
VBASE014.VDF   : 7.11.56.23    206848 Bytes  07.01.2013 19:27:46
VBASE015.VDF   : 7.11.56.83    186880 Bytes  08.01.2013 16:47:20
VBASE016.VDF   : 7.11.56.145   135168 Bytes  09.01.2013 21:10:31
VBASE017.VDF   : 7.11.56.211   139776 Bytes  11.01.2013 15:41:21
VBASE018.VDF   : 7.11.57.11    153088 Bytes  13.01.2013 17:35:03
VBASE019.VDF   : 7.11.57.75    165888 Bytes  15.01.2013 10:28:56
VBASE020.VDF   : 7.11.57.163   190976 Bytes  17.01.2013 22:20:01
VBASE021.VDF   : 7.11.57.219   119808 Bytes  18.01.2013 20:35:20
VBASE022.VDF   : 7.11.58.7     167936 Bytes  21.01.2013 15:20:50
VBASE023.VDF   : 7.11.58.49    140288 Bytes  22.01.2013 16:02:28
VBASE024.VDF   : 7.11.58.119   137728 Bytes  24.01.2013 15:24:48
VBASE025.VDF   : 7.11.58.175   132608 Bytes  25.01.2013 23:11:17
VBASE026.VDF   : 7.11.58.213   116736 Bytes  27.01.2013 11:04:43
VBASE027.VDF   : 7.11.59.68   1887744 Bytes  31.01.2013 12:40:46
VBASE028.VDF   : 7.11.59.159   431104 Bytes  04.02.2013 16:20:26
VBASE029.VDF   : 7.11.59.160     2048 Bytes  04.02.2013 16:20:26
VBASE030.VDF   : 7.11.59.161     2048 Bytes  04.02.2013 16:20:27
VBASE031.VDF   : 7.11.59.162     2048 Bytes  04.02.2013 16:20:27
Engineversion  : 8.2.10.246
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 17:02:09
AESCRIPT.DLL   : 8.1.4.86      467323 Bytes  01.02.2013 00:53:24
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 16:36:03
AESBX.DLL      : 8.2.5.12      606578 Bytes  20.06.2012 17:55:09
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 17:07:41
AEPACK.DLL     : 8.3.1.2       819574 Bytes  20.12.2012 23:21:18
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 22:52:30
AEHEUR.DLL     : 8.1.4.194    5710199 Bytes  01.02.2013 18:18:16
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 21:17:29
AEGEN.DLL      : 8.1.6.16      434549 Bytes  24.01.2013 15:24:51
AEEXP.DLL      : 8.3.0.18      188789 Bytes  01.02.2013 00:53:25
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 17:02:05
AECORE.DLL     : 8.1.30.0      201079 Bytes  13.12.2012 16:35:57
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 22:52:10
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  20.06.2012 17:50:44
AVPREF.DLL     : 12.3.0.32      50720 Bytes  13.11.2012 15:43:42
AVREP.DLL      : 12.3.0.15     179208 Bytes  20.06.2012 18:00:05
AVARKT.DLL     : 12.3.0.33     209696 Bytes  13.11.2012 15:43:38
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  20.06.2012 17:56:03
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  20.06.2012 17:58:55
AVSMTP.DLL     : 12.3.0.32      63992 Bytes  31.07.2012 08:39:51
NETNT.DLL      : 12.3.0.15      17104 Bytes  20.06.2012 17:58:22
RCIMAGE.DLL    : 12.3.0.31    4819704 Bytes  31.07.2012 08:39:44
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  13.11.2012 15:43:34

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20130204-172521-33BDC1E9.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, F:, G:, H:, O:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 4. Februar 2013  17:26

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD3
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD4
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD5
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD6
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'F:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'G:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'H:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'O:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Versteckter Treiber

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'AVWEBGRD.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'Reader_sl.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarWindServiceAE.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '6948' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'F:\' <spiele>
Beginne mit der Suche in 'G:\' <Ungeschnitten>
Beginne mit der Suche in 'H:\' <Musik & Clips>
Beginne mit der Suche in 'O:\' <Sicherung>


Ende des Suchlaufs: Montag, 4. Februar 2013  17:55
Benötigte Zeit: 29:05 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  27308 Verzeichnisse wurden überprüft
 504035 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 504034 Dateien ohne Befall
   5439 Archive wurden durchsucht
      1 Warnungen
      0 Hinweise
     48 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
         
Danach habe ich mit Mailwarebytes gescant:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MITCH :: MITCH-PC [Administrator]

Schutz: Aktiviert

04.02.2013 19:29:43
mbam-log-2013-02-04 (19-29-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|O:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354022
Laufzeit: 17 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\MITCH\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 19
C:\Users\MITCH\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\data\npm.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\data\ytdl.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\html\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MITCH\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Die in Quarantäne gestellten Dateien habe ich gelöscht.
Nach den Scanaktionen ist mir erst aufgefallen das Loadtbs-3.0 sich als Addon in Fiirefox installiert hat. Das Addon habe ich entfehrnt.

Windows hat gestern die neuesten Systemupdates installiert (Fals das ne Rolle spielt)

So und jetzt kommt die Frage aller Fragen:

Kann mir bitte jemand weiter helfen?

MFG Mitch

Geändert von Mitchbox (14.02.2013 um 12:57 Uhr)

Alt 14.02.2013, 12:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________

__________________

Alt 15.02.2013, 23:22   #3
Mitchbox
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Hallo Cosinus,

danke für deine Hilfe. Ich habe deine Anweisungen gelesen und soweit durchgeführt.
Hier sind die Logs:

Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 15/02/2013 um 00:34:56 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : MITCH - MITCH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MITCH\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\fr1nr1rq.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Uninstall.exe
Ordner Gelöscht : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\software@loadtubes.com
Ordner Gelöscht : C:\Users\MITCH\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\fr1nr1rq.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js

C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\user.js ... Gelöscht !

Gelöscht : user_pref("pttl.menu-search-groups-tab", false);
Gelöscht : user_pref("pttl.menu-search-groups-win", false);

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Chromium v     window_placement: {
         bottom: 988

Datei : C:\Users\MITCH\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2243 octets] - [15/02/2013 00:34:56]

########## EOF - C:\AdwCleaner[S1].txt - [2303 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 15.02.2013 12:57:37 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MITCH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,76 Gb Available Physical Memory | 84,46% Memory free
16,00 Gb Paging File | 14,66 Gb Available in Paging File | 91,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 65,35 Gb Free Space | 54,85% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 81,49 Gb Free Space | 83,45% Space Free | Partition Type: NTFS
Drive G: | 423,03 Gb Total Space | 150,68 Gb Free Space | 35,62% Space Free | Partition Type: NTFS
Drive H: | 199,09 Gb Total Space | 155,16 Gb Free Space | 77,94% Space Free | Partition Type: NTFS
Drive O: | 119,92 Gb Total Space | 20,60 Gb Free Space | 17,18% Space Free | Partition Type: NTFS
 
Computer Name: MITCH-PC | User Name: MITCH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MITCH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NTIOLib_1_0_6) -- C:\Program Files (x86)\Setup Files\Ms7642v1D0\NTIOLib_X64.sys (MSI)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 87 59 65 78 16 CD 01  [binary data]
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\SearchScopes\{75DE8DA1-9E23-422C-9F40-450857FE28F9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.0
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1
FF - prefs.js..extensions.enabledAddons: %7B6bdc61ae-7b80-44a3-9476-e1d121ec2238%7D:0.85
FF - prefs.js..extensions.enabledAddons: %7Bfa8476cf-a98c-4e08-99b4-65a69cb4b7d4%7D:1.5.0.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:11:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.17 20:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Extensions
[2013.02.06 19:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions
[2013.01.30 13:19:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.02.17 00:05:40 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\clickclean@hotcleaner.com
[2012.09.15 18:59:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\ich@maltegoetz.de
[2013.02.15 00:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2011.12.17 13:26:23 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2012.07.30 22:41:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.07.30 22:41:17 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org
[2011.12.17 13:26:24 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach
[2011.11.17 20:29:34 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.02.09 23:32:14 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2013.01.30 13:19:51 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.10.03 17:45:15 | 000,048,875 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
[2012.03.21 20:35:25 | 000,447,072 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi
[2012.07.30 22:41:17 | 000,526,190 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.30 22:41:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.30 12:46:09 | 000,044,727 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
[2012.02.24 21:40:47 | 000,002,419 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\englische-ergebnisse.xml
[2012.02.24 21:40:47 | 000,010,525 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\gmx-suche.xml
[2012.02.24 21:40:47 | 000,002,457 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\lastminute.xml
[2012.02.24 21:40:47 | 000,005,508 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\webde-suche.xml
[2013.02.06 17:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.02.06 17:11:29 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.21 01:53:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 12:06:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.21 01:53:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.21 01:53:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.21 01:53:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.21 01:53:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - Extension: WOT = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.9_0\
CHR - Extension: YouTube = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Click&Clean = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\
CHR - Extension: Click&Clean App = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Google Mail = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~2\FRESHD~1\FRESHD~1\fdiebar.dll File not found
O3 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: FreshDownload - {0112EFE4-D779-47C0-90DC-E4170B88D340} - C:\Program Files (x86)\FreshDevices\FreshDownload\fd.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD673351-AEB8-44A4-A92F-351229691467}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{91df1ea0-5d63-11e2-9181-6c626d05970a}\Shell - "" = AutoRun
O33 - MountPoints2\{91df1ea0-5d63-11e2-9181-6c626d05970a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.13 23:59:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 23:59:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 23:59:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 23:59:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 23:59:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 23:59:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 23:59:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 23:59:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 23:59:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 23:59:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 23:59:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 23:59:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 23:59:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 23:59:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 23:59:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 23:50:02 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 23:50:01 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 23:50:01 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 23:48:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 23:48:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 23:48:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 23:48:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 23:48:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 23:48:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 23:48:46 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.11 17:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.11 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.02.06 17:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.04 20:45:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MITCH\Desktop\OTL.exe
[2013.02.04 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\Malwarebytes
[2013.02.04 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.04 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.04 19:25:37 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.04 19:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.04 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Local\Programs
[2013.02.02 21:07:23 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\BitTorrent
[2013.02.02 21:04:59 | 001,053,520 | ---- | C] (BitTorrent Inc.) -- C:\Program Files (x86)\BitTorrent_7.8.exe
[2013.02.02 15:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD PVR Editor
[2013.02.02 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD PVR Editor
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.15 12:50:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000UA.job
[2013.02.15 12:32:28 | 000,023,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 12:32:28 | 000,023,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 12:29:10 | 001,622,486 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.15 12:29:10 | 000,699,776 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.15 12:29:10 | 000,654,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.15 12:29:10 | 000,149,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.15 12:29:10 | 000,122,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.15 12:25:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 12:24:59 | 2146,815,999 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.15 01:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.14 14:29:03 | 000,587,671 | ---- | M] () -- C:\Users\MITCH\Desktop\adwcleaner0.exe
[2013.02.14 10:50:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000Core.job
[2013.02.14 00:10:57 | 000,268,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.11 14:08:31 | 000,050,477 | ---- | M] () -- C:\Users\MITCH\Desktop\Defogger.exe
[2013.02.10 00:27:47 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.10 00:27:47 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.04 20:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MITCH\Desktop\OTL.exe
[2013.02.04 19:25:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.03 15:57:56 | 000,001,309 | ---- | M] () -- C:\Users\MITCH\Desktop\BitTorrent_7.8 - Verknüpfung.lnk
[2013.02.02 21:05:05 | 001,053,520 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\BitTorrent_7.8.exe
[2013.02.01 00:47:43 | 000,002,364 | ---- | M] () -- C:\Users\MITCH\Desktop\Google Chrome.lnk
[2013.01.20 10:55:13 | 000,019,968 | ---- | M] () -- C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2013.02.14 14:29:02 | 000,587,671 | ---- | C] () -- C:\Users\MITCH\Desktop\adwcleaner0.exe
[2013.02.11 14:08:31 | 000,050,477 | ---- | C] () -- C:\Users\MITCH\Desktop\Defogger.exe
[2013.02.04 19:25:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.03 15:57:56 | 000,001,309 | ---- | C] () -- C:\Users\MITCH\Desktop\BitTorrent_7.8 - Verknüpfung.lnk
[2012.06.25 17:16:28 | 000,000,292 | ---- | C] () -- C:\Users\MITCH\AppData\Local\HamsterBookConverter.cfg
[2012.06.16 10:07:41 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\VBRUN100.DLL
[2012.05.06 10:31:20 | 000,017,408 | ---- | C] () -- C:\Users\MITCH\AppData\Local\WebpageIcons.db
[2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.09 00:04:20 | 000,019,968 | ---- | C] () -- C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.11 16:09:42 | 001,599,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.02 22:19:34 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.09.02 21:20:01 | 000,007,604 | ---- | C] () -- C:\Users\MITCH\AppData\Local\resmon.resmoncfg
[2011.08.25 15:33:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B6AC352B

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 15.02.2013 12:57:37 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MITCH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,76 Gb Available Physical Memory | 84,46% Memory free
16,00 Gb Paging File | 14,66 Gb Available in Paging File | 91,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 65,35 Gb Free Space | 54,85% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 81,49 Gb Free Space | 83,45% Space Free | Partition Type: NTFS
Drive G: | 423,03 Gb Total Space | 150,68 Gb Free Space | 35,62% Space Free | Partition Type: NTFS
Drive H: | 199,09 Gb Total Space | 155,16 Gb Free Space | 77,94% Space Free | Partition Type: NTFS
Drive O: | 119,92 Gb Total Space | 20,60 Gb Free Space | 17,18% Space Free | Partition Type: NTFS
 
Computer Name: MITCH-PC | User Name: MITCH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0896509A-86AB-4E3E-B55F-E93C1BB76008}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{235BD6DF-CC63-4FD1-A65B-873017720E94}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2D0F3EE3-432A-42E3-A586-BF3A6E157B88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2FC6E7FC-C9F7-47E9-8B44-B6E25FFB582B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3B05E0B5-C227-4C46-A1D1-B1602679DF9D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6048750D-A204-4ECE-A065-248F18D6DB2E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{608FB095-3F51-4442-81E5-EAE9CA3F2C42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{67056C47-2006-4AEC-AB2E-CE8449DE9018}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{72425582-A4DC-4B98-A110-1908EA32CCDF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{75294EED-B704-4AAC-BAEE-C446CA763BF2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9D410372-E819-4022-9F5B-15063F3634B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AFD8EA5E-CA05-4B13-8515-DDC9AF677A74}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B914FA62-E2E3-477D-B15D-99B71B13AD85}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA8BDCB1-FED7-4BDC-AAD5-C9CF8686F406}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA3E5C6D-19FD-44AA-8C09-B7D200857DBC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E0F69884-C1F3-4182-AD6B-56C9FC0E242D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E72E56B6-6B44-439F-B562-A883C199F6CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EE09C395-8F44-4314-9FAA-1A70411C09F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FAFC504B-C285-4C5A-BC13-72A5BBE61C9A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FE09AD30-FFC9-438F-BC4A-AE24FFFF657C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FE224476-E5A7-490A-AE47-EFA152E5ABE6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18945855-611F-4022-9574-56B535E25C54}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{334E2ADE-39A3-421A-859E-141F94192833}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{557DC502-5343-4E56-8226-AC2CBA9D0998}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5629ACDD-3391-4535-AE21-471636FF2F7B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{5AC12CFD-7351-4A7F-A2BE-14F67CCB48C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{649E8AF9-BD2A-4B1F-9C39-2ED3FF72FA82}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{676C76BD-0904-4B57-B61F-5166AF0A7D3C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E2EF138-F161-4373-B64B-7A3EE2C21DDF}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent_7.8.exe | 
"{77CBABD5-0193-4344-884B-0957085842A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent_7.8.exe | 
"{77E3EC31-8C6C-49A0-9FD2-D64EEDF07E21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D527085-9AAB-4E0E-95FA-A05340E6D934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7ED139D5-DA75-40B0-A563-D90FA094933F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{90724341-B414-4300-8926-8ED6D93DDA67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9838B095-28BC-4651-A35C-4AB161975CD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A15462F3-8EC2-4A9C-901B-5783820C9727}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AA781861-FBD5-4ADA-A5A1-BC0C00E49AE3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AB177CB1-90FB-4FB6-9039-84347FE72CDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AE6B921D-BF14-4C57-9CC5-059FABA4F81D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB67FFFF-E50B-4562-9BD1-59D95E64D46B}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{C8200822-18C7-4033-A3AE-4DC4E803588B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D3424554-0B9E-4195-BACF-9D4E9BB5743E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E35F975F-571C-4DEA-A0FD-0F34DBF4BAEA}" = protocol=6 | dir=out | app=system | 
"{EB41979B-AF59-4C06-868F-DA1FBAEAEABA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE176FDB-C254-47EC-8CCC-DEF2816A0201}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{F5422D29-D615-45C0-94CF-AD1748ADFEE1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F8707C83-BEAE-4F08-8D3B-75C97323AF55}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{FFC3EF5A-FA08-4500-BAFE-B01AB81D157E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{57BE2C44-E41F-46B4-93DC-746FD54E2ECB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{8DC304EE-DDDB-48BC-B656-24323B2EA75A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{C2FBB88A-65AA-6751-25EC-6A9046FA5F3B}" = Windows Driver Kit
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{f65530f7-1696-4fcd-8876-37cdcacdbd4c}" = Windows Driver Kit
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FBDF7205-0CD2-435A-A595-58166C4C7953}" = Vector 12.04.073
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Internet Security 2012
"BitTorrent" = BitTorrent
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"HD PVR Editor_is1" = HD PVR Editor 2.0
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"JAP" = JAP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Notepad++" = Notepad++
"Orbit_is1" = Orbit Downloader
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.01.2013 11:04:56 | Computer Name = MITCH-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_InstallShield, Version:
 14.0.0.162, Zeitstempel: 0x4626b2f4  Name des fehlerhaften Moduls: ISSetup.dll, Version:
 14.0.0.162, Zeitstempel: 0x4626b290  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0009a0ef
ID
 des fehlerhaften Prozesses: 0x790  Startzeit der fehlerhaften Anwendung: 0x01cdedb18321a642
Pfad
 der fehlerhaften Anwendung: D:\Drv\Setup.exe  Pfad des fehlerhaften Moduls: C:\Users\MITCH\AppData\Local\Temp\{DC17C0E7-3F03-476F-BD0F-5A95A6D3B7CB}\Disk1\ISSetup.dll
Berichtskennung:
 c2f8c215-59a4-11e2-a006-6c626d05970a
 
Error - 08.01.2013 11:06:39 | Computer Name = MITCH-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
 14.0.0.162, Zeitstempel: 0x4626b2f4  Name des fehlerhaften Moduls: ISSetup.dll, Version:
 14.0.0.162, Zeitstempel: 0x4626b290  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0009a0ef
ID
 des fehlerhaften Prozesses: 0x82c  Startzeit der fehlerhaften Anwendung: 0x01cdedb1c2047d80
Pfad
 der fehlerhaften Anwendung: C:\Users\MITCH\AppData\Local\Temp\{CC8ACC3D-BB74-4F65-A613-ED518C991144}\setup.exe
Pfad
 des fehlerhaften Moduls: C:\Users\MITCH\AppData\Local\Temp\{CC8ACC3D-BB74-4F65-A613-ED518C991144}\ISSetup.dll
Berichtskennung:
 009a4f3b-59a5-11e2-a006-6c626d05970a
 
Error - 08.01.2013 11:27:43 | Computer Name = MITCH-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails.   hr=0x80072EE7
 
Error - 08.01.2013 11:27:43 | Computer Name = MITCH-PC | Source = Software Protection Platform Service | ID = 8208
Description = Fehler bei der Erfassung des authentischen Tickets (hr=0x80072EE7)
 für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
 
Error - 08.01.2013 11:38:03 | Computer Name = MITCH-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 09.01.2013 11:35:53 | Computer Name = MITCH-PC | Source = Dvd Maker | ID = 155649001
Description = 
 
Error - 09.01.2013 11:36:37 | Computer Name = MITCH-PC | Source = Dvd Maker | ID = 155649001
Description = 
 
Error - 10.01.2013 12:19:44 | Computer Name = MITCH-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mmc.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc808  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0x8f8  Startzeit der fehlerhaften Anwendung: 0x01cdef4d633c45b1
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\mmc.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 8ad08ec1-5b41-11e2-b7f5-6c626d05970a
 
Error - 12.01.2013 08:50:31 | Computer Name = MITCH-PC | Source = Dvd Maker | ID = 155649001
Description = 
 
Error - 12.01.2013 09:09:36 | Computer Name = MITCH-PC | Source = Dvd Maker | ID = 155649001
Description = 
 
Error - 20.01.2013 04:57:12 | Computer Name = MITCH-PC | Source = Dvd Maker | ID = 155649001
Description = 
 
[ System Events ]
Error - 10.02.2013 14:08:43 | Computer Name = MITCH-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 11.02.2013 05:32:27 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 12.02.2013 05:44:13 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 13.02.2013 05:59:22 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 13.02.2013 18:34:54 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 13.02.2013 19:10:57 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 14.02.2013 05:08:56 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 14.02.2013 18:39:24 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 14.02.2013 19:38:27 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 15.02.2013 07:25:02 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
 
< End of report >
         
__________________

Alt 16.02.2013, 16:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.02.2013, 19:22   #5
Mitchbox
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Ok alles erledigt, ohne Absturz:

Code:
ATTFilter
GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-16 19:53:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_470_Series_SSD rev.AXM09B1Q 119,24GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\MITCH\AppData\Local\Temp\fgloypog.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload                                                                                              fffff88004058d64 12 bytes {MOV RAX, 0xfffffa80078a02a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000074b41465 2 bytes [B4, 74]
.text   C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000074b414bb 2 bytes [B4, 74]
.text   ...                                                                                                                                            * 2
.text   C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000074b41465 2 bytes [B4, 74]
.text   C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 0000000074b414bb 2 bytes [B4, 74]
.text   ...                                                                                                                                            * 2
.text   C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074b41465 2 bytes [B4, 74]
.text   C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074b414bb 2 bytes [B4, 74]
.text   ...                                                                                                                                            * 2

---- Kernel IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                 [fffff8800104a0c0] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                        [fffff88001049e4c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                       [fffff8800104a838] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong]                                                                       [fffff88001049600] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                [fffff8800104aa8c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ExAllocatePoolWithTag]                                                                   [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx]                                                                   [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoWMIRegistrationControl]                                                                [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ExFreePoolWithTag]                                                                       [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoWMIWriteEvent]                                                                         [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString]                                                            [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection]                                                        [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoRegisterDeviceInterface]                                                               [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState]                                                               [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoStartPacket]                                                                           [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoStartTimer]                                                                            [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlInitUnicodeString]                                                                    [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoDeleteDevice]                                                                          [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeSetEvent]                                                                              [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoFreeWorkItem]                                                                          [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress]                                                               [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeInitializeEvent]                                                                       [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlQueryRegistryValues]                                                                  [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlInitAnsiString]                                                                       [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlGetVersion]                                                                           [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoDetachDevice]                                                                          [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!PoRequestPowerIrp]                                                                       [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoCancelIrp]                                                                             [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize]                                                             [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoStopTimer]                                                                             [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoStartNextPacket]                                                                       [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAllocateWorkItem]                                                                      [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!_vsnwprintf]                                                                             [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!PoStartNextPowerIrp]                                                                     [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!_vsnprintf]                                                                              [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ZwClose]                                                                                 [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IofCompleteRequest]                                                                      [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx]                                                            [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoInitializeTimer]                                                                       [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoFreeIrp]                                                                               [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx]                                                                [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                             [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!PoCallDriver]                                                                            [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAllocateIrp]                                                                           [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!RtlCompareMemory]                                                                        [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ObfReferenceObject]                                                                      [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoSetStartIoAttributes]                                                                  [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx]                                                                [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey]                                                                 [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoCreateDevice]                                                                          [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IofCallDriver]                                                                           [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel]                                                [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock]                                                          [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoBuildPartialMdl]                                                                       [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx]                                                                   [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock]                                                          [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool]                                                               [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoFreeMdl]                                                                               [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeDelayExecutionThread]                                                                  [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache]                                                            [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier]                                                               [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue]                                                                [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoQueueWorkItem]                                                                         [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock]                                                                 [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock]                                                                 [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAllocateMdl]                                                                           [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel]                                              [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations]                                                             [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ZwEnumerateValueKey]                                                                     [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoGetDeviceInterfaces]                                                                   [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!ZwOpenKey]                                                                               [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeBugCheckEx]                                                                            [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!KeWaitForSingleObject]                                                                   [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!NlsMbCodePageTag]                                                                        [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoIs32bitProcess]                                                                        [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!MmProbeAndLockPages]                                                                     [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!MmUnlockPages]                                                                           [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier]                                                          [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier]                                                              [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!IoGetIoPriorityHint]                                                                     [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!EtwUnregister]                                                                           [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!EtwRegister]                                                                             [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!EtwEventEnabled]                                                                         [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!EtwWrite]                                                                                [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!EtwProviderEnabled]                                                                      [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[ntoskrnl.exe!__C_specific_handler]                                                                    [?]
IAT     C:\Windows\System32\Drivers\aaro7b4o.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx]                                                           [?]

---- Devices - GMER 2.1 ----

Device  \Driver\atapi \Device\Ide\IdePort4                                                                                                             fffffa80069e52c0
Device  \Driver\atapi \Device\Ide\IdePort0                                                                                                             fffffa80069e52c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-7                                                                                                    fffffa80069e52c0
Device  \Driver\atapi \Device\Ide\IdePort5                                                                                                             fffffa80069e52c0
Device  \Driver\atapi \Device\Ide\IdePort1                                                                                                             fffffa80069e52c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-6                                                                                                    fffffa80069e52c0
Device  \Driver\atapi \Device\Ide\IdePort6                                                                                                             fffffa80069e52c0
Device  \Driver\atapi \Device\Ide\IdePort2                                                                                                             fffffa80069e52c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4                                                                                                    fffffa80069e52c0
Device  \Driver\atapi \Device\Ide\IdePort7                                                                                                             fffffa80069e52c0
Device  \Driver\atapi \Device\Ide\IdePort3                                                                                                             fffffa80069e52c0
Device  \Driver\aaro7b4o \Device\Scsi\aaro7b4o1                                                                                                        fffffa80079132c0
Device  \Driver\aaro7b4o \Device\Scsi\aaro7b4o1Port8Path0Target0Lun0                                                                                   fffffa80079132c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                                         fffffa8006aab2c0
Device  \Driver\USBSTOR \Device\0000007e                                                                                                               fffffa80076ef2c0
Device  \Driver\atapi \Device\ScsiPort7                                                                                                                fffffa80069e52c0
Device  \Driver\aaro7b4o \Device\ScsiPort8                                                                                                             fffffa80079132c0
Device  \Driver\usbohci \Device\USBPDO-5                                                                                                               fffffa80078a22c0
Device  \Driver\usbehci \Device\USBFDO-3                                                                                                               fffffa80078af2c0
Device  \Driver\usbehci \Device\USBPDO-1                                                                                                               fffffa80078af2c0
Device  \Driver\USBSTOR \Device\00000080                                                                                                               fffffa80076ef2c0
Device  \Driver\cdrom \Device\CdRom0                                                                                                                   fffffa80076c02c0
Device  \Driver\cdrom \Device\CdRom1                                                                                                                   fffffa80076c02c0
Device  \Driver\USBSTOR \Device\0000007f                                                                                                               fffffa80076ef2c0
Device  \Driver\usbehci \Device\USBPDO-6                                                                                                               fffffa80078af2c0
Device  \Driver\usbohci \Device\USBFDO-4                                                                                                               fffffa80078a22c0
Device  \Driver\usbohci \Device\USBPDO-2                                                                                                               fffffa80078a22c0
Device  \Driver\usbohci \Device\USBFDO-0                                                                                                               fffffa80078a22c0
Device  \Driver\USBSTOR \Device\00000081                                                                                                               fffffa80076ef2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{FD673351-AEB8-44A4-A92F-351229691467}                                                                       fffffa80077d42c0
Device  \Driver\usbohci \Device\USBFDO-5                                                                                                               fffffa80078a22c0
Device  \Driver\usbehci \Device\USBPDO-3                                                                                                               fffffa80078af2c0
Device  \Driver\usbehci \Device\USBFDO-1                                                                                                               fffffa80078af2c0
Device  \Driver\USBSTOR \Device\00000082                                                                                                               fffffa80076ef2c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                        fffffa80077d42c0
Device  \Driver\usbehci \Device\USBFDO-6                                                                                                               fffffa80078af2c0
Device  \Driver\usbohci \Device\USBPDO-4                                                                                                               fffffa80078a22c0
Device  \Driver\atapi \Device\ScsiPort0                                                                                                                fffffa80069e52c0
Device  \Driver\usbohci \Device\USBFDO-2                                                                                                               fffffa80078a22c0
Device  \Driver\usbohci \Device\USBPDO-0                                                                                                               fffffa80078a22c0
Device  \Driver\atapi \Device\ScsiPort1                                                                                                                fffffa80069e52c0
Device  \Driver\USBSTOR \Device\00000083                                                                                                               fffffa80076ef2c0
Device  \Driver\atapi \Device\ScsiPort2                                                                                                                fffffa80069e52c0
Device  \Driver\atapi \Device\ScsiPort3                                                                                                                fffffa80069e52c0
Device  \Driver\atapi \Device\ScsiPort4                                                                                                                fffffa80069e52c0
Device  \Driver\atapi \Device\ScsiPort5                                                                                                                fffffa80069e52c0
Device  \Driver\atapi \Device\ScsiPort6                                                                                                                fffffa80069e52c0

---- Trace I/O - GMER 2.1 ----

Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80069e52c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys                        fffffa80069e52c0
Trace   1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80072a1060]                                                                                fffffa80072a1060
Trace   3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80070501f0]                                      fffffa80070501f0
Trace   \Driver\atapi[0xfffffa8006b1ce70] -> IRP_MJ_CREATE -> 0xfffffa80069e52c0                                                                       fffffa80069e52c0

---- Modules - GMER 2.1 ----

Module  \SystemRoot\System32\Drivers\aaro7b4o.SYS (USB Mass Storage Class Driver/Microsoft Corporation SIGNED)(2011-08-24 20:39:41)                    fffff880044ed000-fffff88004531000 (278528 bytes)

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                             771343423
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                             285507792
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                             1
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                            (null)
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                            0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                         0x99 0xC8 0x38 0x55 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                   0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                0x42 0xCA 0xE6 0x04 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                         0xDB 0x77 0xF4 0xDC ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                (null)
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                             0x99 0xC8 0x38 0x55 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                  
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                       0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                    0x42 0xCA 0xE6 0x04 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                             0xDB 0x77 0xF4 0xDC ...

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MITCH :: MITCH-PC [administrator]

16.02.2013 20:10:35
mbar-log-2013-02-16 (20-10-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29142
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 16.02.2013, 19:26   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Loadtbs-3.0 entfernen, Schäden beseitigen

Alt 16.02.2013, 20:53   #7
Mitchbox
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Bei aswMBR-Scan war diese Zeile in rot geschrieben:
21:19:20.851 \Driver\atapi[0xfffffa8006b1ce70] -> IRP_MJ_CREATE -> 0xfffffa80069e52c0

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-16 21:17:45
-----------------------------
21:17:45.316    OS Version: Windows x64 6.1.7601 Service Pack 1
21:17:45.316    Number of processors: 4 586 0x403
21:17:45.316    ComputerName: MITCH-PC  UserName: MITCH
21:17:45.644    Initialize success
21:17:53.881    AVAST engine defs: 13021600
21:19:10.945    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-7
21:19:10.945    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 11
21:19:10.945    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4
21:19:10.945    Disk 1 Vendor: SAMSUNG_470_Series_SSD AXM09B1Q Size: 122104MB BusType: 11
21:19:10.960    Disk 1 MBR read successfully
21:19:10.960    Disk 1 MBR scan
21:19:10.960    Disk 1 Windows 7 default MBR code
21:19:10.960    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:19:10.960    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
21:19:10.976    Disk 1 scanning C:\Windows\system32\drivers
21:19:14.065    Service scanning
21:19:20.835    Modules scanning
21:19:20.835    Disk 1 trace - called modules:
21:19:20.835    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80069e52c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
21:19:20.835    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80072a1060]
21:19:20.835    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80070501f0]
21:19:20.851    \Driver\atapi[0xfffffa8006b1ce70] -> IRP_MJ_CREATE -> 0xfffffa80069e52c0
21:19:21.163    AVAST engine scan C:\Windows
21:19:21.568    AVAST engine scan C:\Windows\system32
21:20:29.007    AVAST engine scan C:\Windows\system32\drivers
21:20:31.987    AVAST engine scan C:\Users\MITCH
21:20:53.577    AVAST engine scan C:\ProgramData
21:20:59.147    Scan finished successfully
21:21:46.914    Disk 1 MBR has been saved successfully to "C:\Users\MITCH\Desktop\MBR.dat"
21:21:46.914    The log file has been saved successfully to "C:\Users\MITCH\Desktop\aswMBR.txt"
         
Code:
ATTFilter
21:24:46.0367 1564  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:24:46.0382 1564  ============================================================
21:24:46.0382 1564  Current date / time: 2013/02/16 21:24:46.0382
21:24:46.0382 1564  SystemInfo:
21:24:46.0382 1564  
21:24:46.0382 1564  OS Version: 6.1.7601 ServicePack: 1.0
21:24:46.0382 1564  Product type: Workstation
21:24:46.0382 1564  ComputerName: MITCH-PC
21:24:46.0382 1564  UserName: MITCH
21:24:46.0382 1564  Windows directory: C:\Windows
21:24:46.0382 1564  System windows directory: C:\Windows
21:24:46.0382 1564  Running under WOW64
21:24:46.0382 1564  Processor architecture: Intel x64
21:24:46.0382 1564  Number of processors: 4
21:24:46.0382 1564  Page size: 0x1000
21:24:46.0382 1564  Boot type: Normal boot
21:24:46.0382 1564  ============================================================
21:24:46.0569 1564  Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:24:54.0245 1564  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:24:54.0260 1564  ============================================================
21:24:54.0260 1564  \Device\Harddisk1\DR1:
21:24:54.0276 1564  MBR partitions:
21:24:54.0276 1564  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:24:54.0276 1564  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
21:24:54.0276 1564  \Device\Harddisk0\DR0:
21:24:54.0276 1564  MBR partitions:
21:24:54.0276 1564  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC34F800
21:24:54.0276 1564  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x34E0F000
21:24:54.0276 1564  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x493E0800, BlocksNum 0x18E2D800
21:24:54.0369 1564  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x6220E800, BlocksNum 0xEFD8000
21:24:54.0369 1564  ============================================================
21:24:54.0369 1564  C: <-> \Device\Harddisk1\DR1\Partition2
21:24:54.0791 1564  G: <-> \Device\Harddisk0\DR0\Partition2
21:24:55.0181 1564  H: <-> \Device\Harddisk0\DR0\Partition3
21:24:55.0586 1564  O: <-> \Device\Harddisk0\DR0\Partition4
21:24:55.0836 1564  F: <-> \Device\Harddisk0\DR0\Partition1
21:24:55.0836 1564  ============================================================
21:24:55.0836 1564  Initialize success
21:24:55.0836 1564  ============================================================
21:25:43.0073 3620  ============================================================
21:25:43.0073 3620  Scan started
21:25:43.0073 3620  Mode: Manual; SigCheck; TDLFS; 
21:25:43.0073 3620  ============================================================
21:25:43.0369 3620  ================ Scan system memory ========================
21:25:43.0369 3620  System memory - ok
21:25:43.0369 3620  ================ Scan services =============================
21:25:43.0416 3620  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:25:43.0432 3620  1394ohci - ok
21:25:43.0447 3620  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:25:43.0463 3620  ACPI - ok
21:25:43.0463 3620  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:25:43.0463 3620  AcpiPmi - ok
21:25:43.0478 3620  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:25:43.0478 3620  AdobeARMservice - ok
21:25:43.0510 3620  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:25:43.0525 3620  AdobeFlashPlayerUpdateSvc - ok
21:25:43.0525 3620  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:25:43.0541 3620  adp94xx - ok
21:25:43.0541 3620  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:25:43.0556 3620  adpahci - ok
21:25:43.0556 3620  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:25:43.0572 3620  adpu320 - ok
21:25:43.0572 3620  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:25:43.0603 3620  AeLookupSvc - ok
21:25:43.0603 3620  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:25:43.0619 3620  AFD - ok
21:25:43.0619 3620  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:25:43.0634 3620  agp440 - ok
21:25:43.0634 3620  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:25:43.0634 3620  ALG - ok
21:25:43.0650 3620  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:25:43.0650 3620  aliide - ok
21:25:43.0650 3620  [ 962227630779043B5C1D4CD157ABB912 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:25:43.0681 3620  AMD External Events Utility - ok
21:25:43.0681 3620  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:25:43.0697 3620  amdide - ok
21:25:43.0697 3620  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
21:25:43.0712 3620  amdiox64 - ok
21:25:43.0712 3620  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:25:43.0728 3620  AmdK8 - ok
21:25:43.0822 3620  [ 56D6631761EC37745F0DF16BCDC4CAF4 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:25:43.0915 3620  amdkmdag - ok
21:25:43.0915 3620  [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:25:43.0931 3620  amdkmdap - ok
21:25:43.0931 3620  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:25:43.0946 3620  AmdPPM - ok
21:25:43.0946 3620  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:25:43.0962 3620  amdsata - ok
21:25:43.0962 3620  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:25:43.0962 3620  amdsbs - ok
21:25:43.0978 3620  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:25:43.0978 3620  amdxata - ok
21:25:43.0993 3620  [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
21:25:44.0009 3620  AntiVirFirewallService - ok
21:25:44.0009 3620  [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
21:25:44.0024 3620  AntiVirMailService - ok
21:25:44.0024 3620  [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:25:44.0024 3620  AntiVirSchedulerService - ok
21:25:44.0040 3620  [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:25:44.0040 3620  AntiVirService - ok
21:25:44.0040 3620  [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:25:44.0056 3620  AntiVirWebService - ok
21:25:44.0056 3620  AODDriver4.01 - ok
21:25:44.0056 3620  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:25:44.0087 3620  AppID - ok
21:25:44.0087 3620  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:25:44.0118 3620  AppIDSvc - ok
21:25:44.0118 3620  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:25:44.0134 3620  Appinfo - ok
21:25:44.0134 3620  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:25:44.0149 3620  arc - ok
21:25:44.0149 3620  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:25:44.0165 3620  arcsas - ok
21:25:44.0180 3620  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:25:44.0180 3620  aspnet_state - ok
21:25:44.0180 3620  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:44.0212 3620  AsyncMac - ok
21:25:44.0212 3620  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:25:44.0212 3620  atapi - ok
21:25:44.0227 3620  [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:25:44.0243 3620  AtiHDAudioService - ok
21:25:44.0258 3620  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:25:44.0274 3620  AudioEndpointBuilder - ok
21:25:44.0290 3620  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:25:44.0305 3620  AudioSrv - ok
21:25:44.0321 3620  [ C5B223B2C174147D00F64E0D783459C7 ] avfwim          C:\Windows\system32\DRIVERS\avfwim.sys
21:25:44.0336 3620  avfwim - ok
21:25:44.0336 3620  [ C7B2A376DCF4E1528B26358A9B341F4C ] avfwot          C:\Windows\system32\DRIVERS\avfwot.sys
21:25:44.0368 3620  avfwot - ok
21:25:44.0368 3620  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:25:44.0383 3620  avgntflt - ok
21:25:44.0383 3620  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:25:44.0414 3620  avipbb - ok
21:25:44.0414 3620  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:25:44.0430 3620  avkmgr - ok
21:25:44.0430 3620  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:25:44.0446 3620  AxInstSV - ok
21:25:44.0461 3620  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:25:44.0461 3620  b06bdrv - ok
21:25:44.0477 3620  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:25:44.0477 3620  b57nd60a - ok
21:25:44.0492 3620  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:25:44.0492 3620  BDESVC - ok
21:25:44.0492 3620  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:25:44.0524 3620  Beep - ok
21:25:44.0524 3620  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:25:44.0555 3620  BFE - ok
21:25:44.0570 3620  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:25:44.0602 3620  BITS - ok
21:25:44.0602 3620  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:25:44.0602 3620  blbdrive - ok
21:25:44.0602 3620  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:25:44.0617 3620  bowser - ok
21:25:44.0617 3620  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:25:44.0633 3620  BrFiltLo - ok
21:25:44.0633 3620  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:25:44.0633 3620  BrFiltUp - ok
21:25:44.0648 3620  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:25:44.0648 3620  Browser - ok
21:25:44.0664 3620  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:25:44.0664 3620  Brserid - ok
21:25:44.0664 3620  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:44.0680 3620  BrSerWdm - ok
21:25:44.0680 3620  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:44.0695 3620  BrUsbMdm - ok
21:25:44.0695 3620  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:44.0711 3620  BrUsbSer - ok
21:25:44.0711 3620  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:25:44.0711 3620  BTHMODEM - ok
21:25:44.0726 3620  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:25:44.0742 3620  bthserv - ok
21:25:44.0742 3620  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:25:44.0773 3620  cdfs - ok
21:25:44.0773 3620  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:25:44.0789 3620  cdrom - ok
21:25:44.0789 3620  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:25:44.0804 3620  CertPropSvc - ok
21:25:44.0820 3620  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:25:44.0820 3620  circlass - ok
21:25:44.0820 3620  [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC           C:\Windows\system32\CISVC.EXE
21:25:44.0836 3620  CISVC - ok
21:25:44.0836 3620  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:25:44.0851 3620  CLFS - ok
21:25:44.0851 3620  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:44.0867 3620  clr_optimization_v2.0.50727_32 - ok
21:25:44.0867 3620  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:25:44.0882 3620  clr_optimization_v2.0.50727_64 - ok
21:25:44.0898 3620  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:25:44.0898 3620  clr_optimization_v4.0.30319_32 - ok
21:25:44.0898 3620  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:25:44.0914 3620  clr_optimization_v4.0.30319_64 - ok
21:25:44.0914 3620  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:25:44.0929 3620  CmBatt - ok
21:25:44.0929 3620  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:25:44.0929 3620  cmdide - ok
21:25:44.0945 3620  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
21:25:44.0960 3620  CNG - ok
21:25:44.0960 3620  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:25:44.0960 3620  Compbatt - ok
21:25:44.0976 3620  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:25:44.0976 3620  CompositeBus - ok
21:25:44.0976 3620  COMSysApp - ok
21:25:45.0007 3620  cpuz135 - ok
21:25:45.0007 3620  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:25:45.0007 3620  crcdisk - ok
21:25:45.0023 3620  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:25:45.0023 3620  CryptSvc - ok
21:25:45.0038 3620  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:25:45.0070 3620  DcomLaunch - ok
21:25:45.0070 3620  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:25:45.0085 3620  defragsvc - ok
21:25:45.0101 3620  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:25:45.0116 3620  DfsC - ok
21:25:45.0132 3620  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:25:45.0132 3620  Dhcp - ok
21:25:45.0148 3620  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:25:45.0163 3620  discache - ok
21:25:45.0163 3620  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:25:45.0179 3620  Disk - ok
21:25:45.0179 3620  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:25:45.0194 3620  Dnscache - ok
21:25:45.0194 3620  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:25:45.0210 3620  dot3svc - ok
21:25:45.0226 3620  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:25:45.0241 3620  DPS - ok
21:25:45.0241 3620  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:25:45.0257 3620  drmkaud - ok
21:25:45.0272 3620  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:25:45.0288 3620  DXGKrnl - ok
21:25:45.0288 3620  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:25:45.0319 3620  EapHost - ok
21:25:45.0350 3620  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:25:45.0366 3620  ebdrv - ok
21:25:45.0382 3620  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:25:45.0382 3620  EFS - ok
21:25:45.0397 3620  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:25:45.0413 3620  elxstor - ok
21:25:45.0413 3620  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:25:45.0413 3620  ErrDev - ok
21:25:45.0428 3620  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:25:45.0444 3620  EventSystem - ok
21:25:45.0460 3620  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:25:45.0475 3620  exfat - ok
21:25:45.0491 3620  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:25:45.0506 3620  fastfat - ok
21:25:45.0522 3620  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:25:45.0538 3620  Fax - ok
21:25:45.0538 3620  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:25:45.0538 3620  fdc - ok
21:25:45.0553 3620  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:25:45.0569 3620  fdPHost - ok
21:25:45.0569 3620  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:25:45.0600 3620  FDResPub - ok
21:25:45.0600 3620  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:25:45.0600 3620  FileInfo - ok
21:25:45.0616 3620  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:25:45.0631 3620  Filetrace - ok
21:25:45.0631 3620  FLASHSYS - ok
21:25:45.0631 3620  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:25:45.0647 3620  flpydisk - ok
21:25:45.0647 3620  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:25:45.0662 3620  FltMgr - ok
21:25:45.0678 3620  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:25:45.0694 3620  FontCache - ok
21:25:45.0694 3620  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:25:45.0694 3620  FontCache3.0.0.0 - ok
21:25:45.0709 3620  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:25:45.0709 3620  FsDepends - ok
21:25:45.0709 3620  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:25:45.0725 3620  Fs_Rec - ok
21:25:45.0725 3620  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:25:45.0740 3620  fvevol - ok
21:25:45.0740 3620  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:25:45.0756 3620  gagp30kx - ok
21:25:45.0756 3620  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:25:45.0787 3620  gpsvc - ok
21:25:45.0787 3620  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:25:45.0803 3620  hcw85cir - ok
21:25:45.0803 3620  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:25:45.0818 3620  HdAudAddService - ok
21:25:45.0818 3620  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:25:45.0834 3620  HDAudBus - ok
21:25:45.0834 3620  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:25:45.0834 3620  HidBatt - ok
21:25:45.0850 3620  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:25:45.0850 3620  HidBth - ok
21:25:45.0850 3620  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:25:45.0865 3620  HidIr - ok
21:25:45.0865 3620  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:25:45.0896 3620  hidserv - ok
21:25:45.0896 3620  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:25:45.0896 3620  HidUsb - ok
21:25:45.0912 3620  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:25:45.0928 3620  hkmsvc - ok
21:25:45.0943 3620  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:25:45.0943 3620  HomeGroupListener - ok
21:25:45.0943 3620  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:25:45.0959 3620  HomeGroupProvider - ok
21:25:45.0959 3620  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:25:45.0974 3620  HpSAMD - ok
21:25:45.0974 3620  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:25:46.0006 3620  HTTP - ok
21:25:46.0006 3620  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:25:46.0021 3620  hwpolicy - ok
21:25:46.0021 3620  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:25:46.0021 3620  i8042prt - ok
21:25:46.0037 3620  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:25:46.0052 3620  iaStorV - ok
21:25:46.0052 3620  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:25:46.0052 3620  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:25:46.0052 3620  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:25:46.0068 3620  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:25:46.0084 3620  idsvc - ok
21:25:46.0084 3620  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:25:46.0084 3620  iirsp - ok
21:25:46.0099 3620  [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
21:25:46.0099 3620  IJPLMSVC - ok
21:25:46.0115 3620  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:25:46.0146 3620  IKEEXT - ok
21:25:46.0146 3620  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:25:46.0146 3620  intelide - ok
21:25:46.0162 3620  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:25:46.0162 3620  intelppm - ok
21:25:46.0162 3620  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:25:46.0193 3620  IPBusEnum - ok
21:25:46.0193 3620  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:46.0208 3620  IpFilterDriver - ok
21:25:46.0224 3620  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:25:46.0240 3620  iphlpsvc - ok
21:25:46.0240 3620  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:25:46.0240 3620  IPMIDRV - ok
21:25:46.0255 3620  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:25:46.0271 3620  IPNAT - ok
21:25:46.0271 3620  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:25:46.0286 3620  IRENUM - ok
21:25:46.0286 3620  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:25:46.0302 3620  isapnp - ok
21:25:46.0302 3620  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:25:46.0318 3620  iScsiPrt - ok
21:25:46.0318 3620  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:25:46.0333 3620  kbdclass - ok
21:25:46.0333 3620  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:25:46.0333 3620  kbdhid - ok
21:25:46.0333 3620  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:25:46.0349 3620  KeyIso - ok
21:25:46.0349 3620  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:25:46.0364 3620  KSecDD - ok
21:25:46.0364 3620  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:25:46.0380 3620  KSecPkg - ok
21:25:46.0380 3620  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:25:46.0396 3620  ksthunk - ok
21:25:46.0411 3620  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:25:46.0427 3620  KtmRm - ok
21:25:46.0442 3620  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:25:46.0458 3620  LanmanServer - ok
21:25:46.0458 3620  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:25:46.0489 3620  LanmanWorkstation - ok
21:25:46.0489 3620  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:25:46.0520 3620  lltdio - ok
21:25:46.0520 3620  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:25:46.0552 3620  lltdsvc - ok
21:25:46.0552 3620  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:25:46.0567 3620  lmhosts - ok
21:25:46.0583 3620  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:25:46.0583 3620  LSI_FC - ok
21:25:46.0583 3620  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:25:46.0598 3620  LSI_SAS - ok
21:25:46.0598 3620  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:25:46.0614 3620  LSI_SAS2 - ok
21:25:46.0614 3620  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:25:46.0614 3620  LSI_SCSI - ok
21:25:46.0630 3620  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:25:46.0645 3620  luafv - ok
21:25:46.0645 3620  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:25:46.0661 3620  MBAMProtector - ok
21:25:46.0676 3620  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:25:46.0676 3620  MBAMScheduler - ok
21:25:46.0692 3620  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:25:46.0708 3620  MBAMService - ok
21:25:46.0708 3620  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:25:46.0708 3620  megasas - ok
21:25:46.0723 3620  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:25:46.0723 3620  MegaSR - ok
21:25:46.0739 3620  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:25:46.0754 3620  MMCSS - ok
21:25:46.0754 3620  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:25:46.0786 3620  Modem - ok
21:25:46.0786 3620  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:25:46.0801 3620  monitor - ok
21:25:46.0801 3620  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:25:46.0801 3620  mouclass - ok
21:25:46.0817 3620  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:25:46.0817 3620  mouhid - ok
21:25:46.0817 3620  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:25:46.0832 3620  mountmgr - ok
21:25:46.0832 3620  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:25:46.0848 3620  MozillaMaintenance - ok
21:25:46.0848 3620  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:25:46.0848 3620  mpio - ok
21:25:46.0864 3620  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:25:46.0879 3620  mpsdrv - ok
21:25:46.0895 3620  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:25:46.0926 3620  MpsSvc - ok
21:25:46.0926 3620  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:25:46.0942 3620  MRxDAV - ok
21:25:46.0942 3620  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:46.0942 3620  mrxsmb - ok
21:25:46.0957 3620  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:46.0957 3620  mrxsmb10 - ok
21:25:46.0973 3620  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:46.0973 3620  mrxsmb20 - ok
21:25:46.0973 3620  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:25:46.0988 3620  msahci - ok
21:25:46.0988 3620  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:25:47.0004 3620  msdsm - ok
21:25:47.0004 3620  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:25:47.0004 3620  MSDTC - ok
21:25:47.0020 3620  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:25:47.0035 3620  Msfs - ok
21:25:47.0035 3620  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:25:47.0066 3620  mshidkmdf - ok
21:25:47.0066 3620  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:25:47.0082 3620  msisadrv - ok
21:25:47.0082 3620  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:25:47.0098 3620  MSiSCSI - ok
21:25:47.0113 3620  msiserver - ok
21:25:47.0113 3620  MSI_MSIBIOS_010507 - ok
21:25:47.0113 3620  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:25:47.0129 3620  MSKSSRV - ok
21:25:47.0144 3620  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:47.0160 3620  MSPCLOCK - ok
21:25:47.0160 3620  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:25:47.0191 3620  MSPQM - ok
21:25:47.0191 3620  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:25:47.0207 3620  MsRPC - ok
21:25:47.0207 3620  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:25:47.0222 3620  mssmbios - ok
21:25:47.0222 3620  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:25:47.0238 3620  MSTEE - ok
21:25:47.0238 3620  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:25:47.0254 3620  MTConfig - ok
21:25:47.0254 3620  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:25:47.0269 3620  Mup - ok
21:25:47.0269 3620  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:25:47.0300 3620  napagent - ok
21:25:47.0300 3620  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:25:47.0316 3620  NativeWifiP - ok
21:25:47.0332 3620  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:25:47.0347 3620  NDIS - ok
21:25:47.0347 3620  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:47.0363 3620  NdisCap - ok
21:25:47.0378 3620  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:47.0394 3620  NdisTapi - ok
21:25:47.0394 3620  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:47.0425 3620  Ndisuio - ok
21:25:47.0425 3620  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:47.0441 3620  NdisWan - ok
21:25:47.0456 3620  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:25:47.0472 3620  NDProxy - ok
21:25:47.0472 3620  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:25:47.0503 3620  NetBIOS - ok
21:25:47.0503 3620  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:25:47.0519 3620  NetBT - ok
21:25:47.0534 3620  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:25:47.0534 3620  Netlogon - ok
21:25:47.0550 3620  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:25:47.0566 3620  Netman - ok
21:25:47.0566 3620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:47.0581 3620  NetMsmqActivator - ok
21:25:47.0581 3620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:47.0597 3620  NetPipeActivator - ok
21:25:47.0597 3620  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:25:47.0628 3620  netprofm - ok
21:25:47.0628 3620  [ 618C55B392238B9467F9113E13525C49 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
21:25:47.0644 3620  netr28ux - ok
21:25:47.0659 3620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:47.0659 3620  NetTcpActivator - ok
21:25:47.0659 3620  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:47.0675 3620  NetTcpPortSharing - ok
21:25:47.0675 3620  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:25:47.0675 3620  nfrd960 - ok
21:25:47.0690 3620  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:25:47.0690 3620  NlaSvc - ok
21:25:47.0706 3620  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:25:47.0722 3620  Npfs - ok
21:25:47.0722 3620  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:25:47.0753 3620  nsi - ok
21:25:47.0753 3620  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:25:47.0768 3620  nsiproxy - ok
21:25:47.0800 3620  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:25:47.0815 3620  Ntfs - ok
21:25:47.0815 3620  NTIOLib_1_0_2 - ok
21:25:47.0815 3620  NTIOLib_1_0_4 - ok
21:25:47.0831 3620  [ C02F70960FA934B8DEFA16A03D7F6556 ] NTIOLib_1_0_6   C:\Program Files (x86)\Setup Files\Ms7642v1D0\NTIOLib_X64.sys
21:25:47.0846 3620  NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - warning
21:25:47.0846 3620  NTIOLib_1_0_6 - detected UnsignedFile.Multi.Generic (1)
21:25:47.0846 3620  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:25:47.0878 3620  Null - ok
21:25:47.0878 3620  [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
21:25:47.0878 3620  nusb3hub - ok
21:25:47.0893 3620  [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:25:47.0893 3620  nusb3xhc - ok
21:25:47.0893 3620  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:25:47.0909 3620  nvraid - ok
21:25:47.0909 3620  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:25:47.0924 3620  nvstor - ok
21:25:47.0924 3620  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:25:47.0924 3620  nv_agp - ok
21:25:47.0940 3620  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:25:47.0940 3620  ohci1394 - ok
21:25:47.0956 3620  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:25:47.0956 3620  p2pimsvc - ok
21:25:47.0971 3620  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:25:47.0971 3620  p2psvc - ok
21:25:47.0987 3620  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:25:47.0987 3620  Parport - ok
21:25:47.0987 3620  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:25:48.0002 3620  partmgr - ok
21:25:48.0002 3620  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:25:48.0018 3620  PcaSvc - ok
21:25:48.0018 3620  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:25:48.0034 3620  pci - ok
21:25:48.0034 3620  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:25:48.0034 3620  pciide - ok
21:25:48.0049 3620  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:25:48.0049 3620  pcmcia - ok
21:25:48.0065 3620  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:25:48.0065 3620  pcw - ok
21:25:48.0080 3620  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:25:48.0096 3620  PEAUTH - ok
21:25:48.0127 3620  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:25:48.0127 3620  PerfHost - ok
21:25:48.0158 3620  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:25:48.0190 3620  pla - ok
21:25:48.0190 3620  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:25:48.0205 3620  PlugPlay - ok
21:25:48.0205 3620  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:25:48.0221 3620  PNRPAutoReg - ok
21:25:48.0221 3620  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:25:48.0236 3620  PNRPsvc - ok
21:25:48.0236 3620  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:25:48.0268 3620  PolicyAgent - ok
21:25:48.0268 3620  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:25:48.0299 3620  Power - ok
21:25:48.0299 3620  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:25:48.0330 3620  PptpMiniport - ok
21:25:48.0330 3620  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:25:48.0330 3620  Processor - ok
21:25:48.0346 3620  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:25:48.0346 3620  ProfSvc - ok
21:25:48.0346 3620  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:25:48.0361 3620  ProtectedStorage - ok
21:25:48.0361 3620  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:25:48.0392 3620  Psched - ok
21:25:48.0408 3620  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:25:48.0424 3620  ql2300 - ok
21:25:48.0424 3620  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:25:48.0439 3620  ql40xx - ok
21:25:48.0439 3620  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:25:48.0455 3620  QWAVE - ok
21:25:48.0455 3620  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:25:48.0470 3620  QWAVEdrv - ok
21:25:48.0470 3620  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:25:48.0486 3620  RasAcd - ok
21:25:48.0502 3620  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:25:48.0517 3620  RasAgileVpn - ok
21:25:48.0517 3620  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:25:48.0548 3620  RasAuto - ok
21:25:48.0548 3620  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:25:48.0580 3620  Rasl2tp - ok
21:25:48.0580 3620  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:25:48.0611 3620  RasMan - ok
21:25:48.0611 3620  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:25:48.0626 3620  RasPppoe - ok
21:25:48.0642 3620  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:25:48.0658 3620  RasSstp - ok
21:25:48.0658 3620  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:25:48.0689 3620  rdbss - ok
21:25:48.0689 3620  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:25:48.0704 3620  rdpbus - ok
21:25:48.0704 3620  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:25:48.0720 3620  RDPCDD - ok
21:25:48.0736 3620  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:25:48.0751 3620  RDPENCDD - ok
21:25:48.0751 3620  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:25:48.0782 3620  RDPREFMP - ok
21:25:48.0782 3620  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:25:48.0798 3620  RdpVideoMiniport - ok
21:25:48.0798 3620  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:25:48.0814 3620  RDPWD - ok
21:25:48.0814 3620  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:25:48.0829 3620  rdyboost - ok
21:25:48.0829 3620  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:25:48.0845 3620  RemoteAccess - ok
21:25:48.0860 3620  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:25:48.0876 3620  RemoteRegistry - ok
21:25:48.0876 3620  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:25:48.0907 3620  RpcEptMapper - ok
21:25:48.0907 3620  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:25:48.0923 3620  RpcLocator - ok
21:25:48.0923 3620  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:25:48.0954 3620  RpcSs - ok
21:25:48.0954 3620  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:25:48.0970 3620  rspndr - ok
21:25:48.0985 3620  [ 39A719875F572241C585A629EE62EB14 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:25:49.0016 3620  RTL8167 - ok
21:25:49.0016 3620  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:25:49.0016 3620  SamSs - ok
21:25:49.0032 3620  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:25:49.0032 3620  sbp2port - ok
21:25:49.0032 3620  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:25:49.0063 3620  SCardSvr - ok
21:25:49.0063 3620  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:25:49.0094 3620  scfilter - ok
21:25:49.0094 3620  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:25:49.0126 3620  Schedule - ok
21:25:49.0141 3620  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:25:49.0157 3620  SCPolicySvc - ok
21:25:49.0157 3620  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:25:49.0172 3620  SDRSVC - ok
21:25:49.0172 3620  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:25:49.0204 3620  secdrv - ok
21:25:49.0204 3620  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:25:49.0219 3620  seclogon - ok
21:25:49.0235 3620  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:25:49.0250 3620  SENS - ok
21:25:49.0250 3620  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:25:49.0266 3620  SensrSvc - ok
21:25:49.0266 3620  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:25:49.0266 3620  Serenum - ok
21:25:49.0282 3620  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:25:49.0282 3620  Serial - ok
21:25:49.0282 3620  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:25:49.0297 3620  sermouse - ok
21:25:49.0297 3620  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:25:49.0328 3620  SessionEnv - ok
21:25:49.0328 3620  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:25:49.0344 3620  sffdisk - ok
21:25:49.0344 3620  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:25:49.0344 3620  sffp_mmc - ok
21:25:49.0344 3620  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:25:49.0360 3620  sffp_sd - ok
21:25:49.0360 3620  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:25:49.0375 3620  sfloppy - ok
21:25:49.0375 3620  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:25:49.0406 3620  SharedAccess - ok
21:25:49.0406 3620  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:25:49.0438 3620  ShellHWDetection - ok
21:25:49.0438 3620  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:25:49.0438 3620  SiSRaid2 - ok
21:25:49.0453 3620  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:25:49.0453 3620  SiSRaid4 - ok
21:25:49.0453 3620  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:25:49.0484 3620  Smb - ok
21:25:49.0484 3620  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:25:49.0500 3620  SNMPTRAP - ok
21:25:49.0500 3620  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:25:49.0516 3620  spldr - ok
21:25:49.0516 3620  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:25:49.0531 3620  Spooler - ok
21:25:49.0562 3620  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:25:49.0609 3620  sppsvc - ok
21:25:49.0609 3620  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:25:49.0640 3620  sppuinotify - ok
21:25:49.0640 3620  [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd            C:\Windows\system32\Drivers\sptd.sys
21:25:49.0640 3620  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97
21:25:49.0640 3620  sptd ( LockedFile.Multi.Generic ) - warning
21:25:49.0640 3620  sptd - detected LockedFile.Multi.Generic (1)
21:25:49.0656 3620  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:25:49.0672 3620  srv - ok
21:25:49.0672 3620  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:25:49.0687 3620  srv2 - ok
21:25:49.0687 3620  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:25:49.0687 3620  srvnet - ok
21:25:49.0703 3620  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:25:49.0718 3620  SSDPSRV - ok
21:25:49.0734 3620  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:25:49.0750 3620  SstpSvc - ok
21:25:49.0765 3620  [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
21:25:49.0765 3620  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
21:25:49.0765 3620  StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
21:25:49.0765 3620  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:25:49.0781 3620  stexstor - ok
21:25:49.0781 3620  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
21:25:49.0781 3620  StillCam - ok
21:25:49.0796 3620  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:25:49.0812 3620  stisvc - ok
21:25:49.0812 3620  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:25:49.0828 3620  swenum - ok
21:25:49.0828 3620  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:25:49.0859 3620  swprv - ok
21:25:49.0874 3620  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:25:49.0890 3620  SysMain - ok
21:25:49.0906 3620  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:25:49.0906 3620  TabletInputService - ok
21:25:49.0921 3620  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:25:49.0937 3620  TapiSrv - ok
21:25:49.0952 3620  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:25:49.0968 3620  TBS - ok
21:25:49.0984 3620  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:25:50.0015 3620  Tcpip - ok
21:25:50.0030 3620  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:25:50.0062 3620  TCPIP6 - ok
21:25:50.0062 3620  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:25:50.0077 3620  tcpipreg - ok
21:25:50.0077 3620  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:25:50.0077 3620  TDPIPE - ok
21:25:50.0093 3620  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:25:50.0093 3620  TDTCP - ok
21:25:50.0093 3620  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:25:50.0124 3620  tdx - ok
21:25:50.0124 3620  [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service      C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
21:25:50.0124 3620  Te.Service ( UnsignedFile.Multi.Generic ) - warning
21:25:50.0124 3620  Te.Service - detected UnsignedFile.Multi.Generic (1)
21:25:50.0155 3620  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
21:25:50.0202 3620  TeamViewer8 - ok
21:25:50.0202 3620  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:25:50.0218 3620  TermDD - ok
21:25:50.0218 3620  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:25:50.0249 3620  TermService - ok
21:25:50.0249 3620  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:25:50.0264 3620  Themes - ok
21:25:50.0264 3620  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:25:50.0296 3620  THREADORDER - ok
21:25:50.0296 3620  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:25:50.0327 3620  TrkWks - ok
21:25:50.0327 3620  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:25:50.0342 3620  TrustedInstaller - ok
21:25:50.0358 3620  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:50.0374 3620  tssecsrv - ok
21:25:50.0374 3620  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:25:50.0389 3620  TsUsbFlt - ok
21:25:50.0389 3620  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:25:50.0405 3620  tunnel - ok
21:25:50.0420 3620  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:25:50.0420 3620  uagp35 - ok
21:25:50.0436 3620  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:25:50.0452 3620  udfs - ok
21:25:50.0467 3620  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:25:50.0467 3620  UI0Detect - ok
21:25:50.0467 3620  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:25:50.0483 3620  uliagpkx - ok
21:25:50.0483 3620  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:25:50.0498 3620  umbus - ok
21:25:50.0498 3620  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:25:50.0498 3620  UmPass - ok
21:25:50.0514 3620  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:25:50.0530 3620  upnphost - ok
21:25:50.0545 3620  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:50.0545 3620  usbccgp - ok
21:25:50.0545 3620  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:25:50.0561 3620  usbcir - ok
21:25:50.0561 3620  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:25:50.0576 3620  usbehci - ok
21:25:50.0576 3620  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:25:50.0592 3620  usbhub - ok
21:25:50.0592 3620  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:25:50.0592 3620  usbohci - ok
21:25:50.0592 3620  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:25:50.0608 3620  usbprint - ok
21:25:50.0608 3620  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:50.0623 3620  USBSTOR - ok
21:25:50.0623 3620  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:25:50.0623 3620  usbuhci - ok
21:25:50.0639 3620  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:25:50.0654 3620  UxSms - ok
21:25:50.0654 3620  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:25:50.0670 3620  VaultSvc - ok
21:25:50.0670 3620  [ 9E607F6240EADC4C0B3570F3E5E0358C ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:25:50.0686 3620  VBoxNetAdp - ok
21:25:50.0701 3620  VBoxNetFlt - ok
21:25:50.0701 3620  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:25:50.0701 3620  vdrvroot - ok
21:25:50.0717 3620  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:25:50.0732 3620  vds - ok
21:25:50.0748 3620  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:50.0748 3620  vga - ok
21:25:50.0748 3620  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:25:50.0779 3620  VgaSave - ok
21:25:50.0779 3620  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:25:50.0795 3620  vhdmp - ok
21:25:50.0795 3620  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:25:50.0810 3620  viaide - ok
21:25:50.0810 3620  vmci - ok
21:25:50.0810 3620  VMnetAdapter - ok
21:25:50.0810 3620  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:25:50.0826 3620  volmgr - ok
21:25:50.0826 3620  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:25:50.0842 3620  volmgrx - ok
21:25:50.0842 3620  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:25:50.0857 3620  volsnap - ok
21:25:50.0857 3620  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:25:50.0873 3620  vsmraid - ok
21:25:50.0888 3620  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:25:50.0920 3620  VSS - ok
21:25:50.0920 3620  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:25:50.0935 3620  vwifibus - ok
21:25:50.0935 3620  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:25:50.0951 3620  vwififlt - ok
21:25:50.0951 3620  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:25:50.0982 3620  W32Time - ok
21:25:50.0982 3620  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:25:50.0998 3620  WacomPen - ok
21:25:50.0998 3620  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:25:51.0013 3620  WANARP - ok
21:25:51.0013 3620  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:25:51.0044 3620  Wanarpv6 - ok
21:25:51.0060 3620  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:25:51.0076 3620  WatAdminSvc - ok
21:25:51.0091 3620  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:25:51.0107 3620  wbengine - ok
21:25:51.0107 3620  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:25:51.0122 3620  WbioSrvc - ok
21:25:51.0138 3620  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:25:51.0154 3620  wcncsvc - ok
21:25:51.0154 3620  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:25:51.0154 3620  WcsPlugInService - ok
21:25:51.0154 3620  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:25:51.0169 3620  Wd - ok
21:25:51.0185 3620  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:25:51.0200 3620  Wdf01000 - ok
21:25:51.0200 3620  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:25:51.0216 3620  WdiServiceHost - ok
21:25:51.0216 3620  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:25:51.0232 3620  WdiSystemHost - ok
21:25:51.0232 3620  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:25:51.0247 3620  WebClient - ok
21:25:51.0247 3620  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:25:51.0278 3620  Wecsvc - ok
21:25:51.0278 3620  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:25:51.0294 3620  wercplsupport - ok
21:25:51.0310 3620  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:25:51.0325 3620  WerSvc - ok
21:25:51.0325 3620  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:51.0356 3620  WfpLwf - ok
21:25:51.0356 3620  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:25:51.0372 3620  WIMMount - ok
21:25:51.0372 3620  WinDefend - ok
21:25:51.0372 3620  WinHttpAutoProxySvc - ok
21:25:51.0388 3620  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:25:51.0403 3620  Winmgmt - ok
21:25:51.0434 3620  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:25:51.0466 3620  WinRM - ok
21:25:51.0466 3620  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:25:51.0481 3620  WinUsb - ok
21:25:51.0497 3620  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:25:51.0512 3620  Wlansvc - ok
21:25:51.0528 3620  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:25:51.0559 3620  wlidsvc - ok
21:25:51.0559 3620  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:25:51.0575 3620  WmiAcpi - ok
21:25:51.0575 3620  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:25:51.0590 3620  wmiApSrv - ok
21:25:51.0590 3620  WMPNetworkSvc - ok
21:25:51.0590 3620  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:25:51.0606 3620  WPCSvc - ok
21:25:51.0606 3620  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:25:51.0622 3620  WPDBusEnum - ok
21:25:51.0622 3620  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:25:51.0637 3620  ws2ifsl - ok
21:25:51.0637 3620  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:25:51.0653 3620  wscsvc - ok
21:25:51.0653 3620  WSearch - ok
21:25:51.0684 3620  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:25:51.0715 3620  wuauserv - ok
21:25:51.0715 3620  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:25:51.0731 3620  WudfPf - ok
21:25:51.0731 3620  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:51.0746 3620  WUDFRd - ok
21:25:51.0746 3620  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:25:51.0746 3620  wudfsvc - ok
21:25:51.0762 3620  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:25:51.0778 3620  WwanSvc - ok
21:25:51.0778 3620  ================ Scan global ===============================
21:25:51.0778 3620  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:25:51.0778 3620  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:25:51.0778 3620  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:25:51.0793 3620  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:25:51.0793 3620  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:25:51.0793 3620  [Global] - ok
21:25:51.0793 3620  ================ Scan MBR ==================================
21:25:51.0793 3620  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:25:51.0871 3620  \Device\Harddisk1\DR1 - ok
21:25:51.0871 3620  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:25:51.0918 3620  \Device\Harddisk0\DR0 - ok
21:25:51.0918 3620  ================ Scan VBR ==================================
21:25:51.0918 3620  [ A20B692F4B7C1988C50B025811349D8C ] \Device\Harddisk1\DR1\Partition1
21:25:51.0918 3620  \Device\Harddisk1\DR1\Partition1 - ok
21:25:51.0918 3620  [ C47CB2C5D9E3CE77E06EA6D495EEF8DD ] \Device\Harddisk1\DR1\Partition2
21:25:51.0918 3620  \Device\Harddisk1\DR1\Partition2 - ok
21:25:51.0918 3620  [ 9C080BD7AC4CAAF789FB7C8725FD31EA ] \Device\Harddisk0\DR0\Partition1
21:25:51.0918 3620  \Device\Harddisk0\DR0\Partition1 - ok
21:25:51.0918 3620  [ 22DA2A1F88839784DCCE389C343DEBF4 ] \Device\Harddisk0\DR0\Partition2
21:25:51.0918 3620  \Device\Harddisk0\DR0\Partition2 - ok
21:25:51.0934 3620  [ 0AC8289E08EC261E067861309C724C57 ] \Device\Harddisk0\DR0\Partition3
21:25:51.0934 3620  \Device\Harddisk0\DR0\Partition3 - ok
21:25:51.0934 3620  [ 3417EA08D4EC4243BBA877A8998462EF ] \Device\Harddisk0\DR0\Partition4
21:25:51.0934 3620  \Device\Harddisk0\DR0\Partition4 - ok
21:25:51.0934 3620  ============================================================
21:25:51.0934 3620  Scan finished
21:25:51.0934 3620  ============================================================
21:25:51.0934 2184  Detected object count: 5
21:25:51.0934 2184  Actual detected object count: 5
21:28:41.0087 2184  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:41.0087 2184  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:28:41.0087 2184  NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:41.0087 2184  NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:28:41.0087 2184  sptd ( LockedFile.Multi.Generic ) - skipped by user
21:28:41.0087 2184  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:41.0087 2184  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:41.0087 2184  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:28:41.0102 2184  Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:28:41.0102 2184  Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:34:15.0085 3820  Deinitialize success
         

Alt 18.02.2013, 11:38   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.02.2013, 22:23   #9
Mitchbox
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Ähm sorry Cosinus, ich hab vergessen vor dem Scan die Firewall auszuschalten. Der Scan lief aber ganz durch und Probleme sind auch keine aufgetreten. Muß ich jetzt das System zurücksetzten?

Code:
ATTFilter
ComboFix 13-02-18.02 - MITCH 18.02.2013  19:09:49.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.6866 [GMT 1:00]
ausgeführt von:: c:\users\MITCH\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MITCH\AppData\Roaming\convert\convert.exe
c:\windows\desktop
H:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-18 bis 2013-02-18  ))))))))))))))))))))))))))))))
.
.
2013-02-18 18:12 . 2013-02-18 18:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-13 23:00 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 23:00 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 22:50 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 22:50 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 22:50 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 22:49 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 22:48 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 22:48 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 22:48 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 22:48 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 22:48 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 22:48 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 22:48 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 22:48 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-11 16:16 . 2013-02-11 16:16	--------	d-----w-	c:\program files\WinRAR
2013-02-04 18:25 . 2013-02-04 18:25	--------	d-----w-	c:\users\MITCH\AppData\Roaming\Malwarebytes
2013-02-04 18:25 . 2013-02-04 18:25	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-04 18:25 . 2013-02-04 18:25	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-04 18:25 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-04 18:25 . 2013-02-04 18:25	--------	d-----w-	c:\users\MITCH\AppData\Local\Programs
2013-02-02 20:07 . 2013-02-11 16:32	--------	d-----w-	c:\users\MITCH\AppData\Roaming\BitTorrent
2013-02-02 20:04 . 2013-02-02 20:05	1053520	----a-w-	c:\program files (x86)\BitTorrent_7.8.exe
2013-02-02 14:52 . 2013-02-02 14:52	--------	d-----w-	c:\program files (x86)\HD PVR Editor
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 23:01 . 2011-08-24 19:32	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-09 23:27 . 2012-04-13 00:41	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 23:27 . 2012-04-13 00:41	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-15 15:56 . 2012-06-25 18:35	477616	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 15:56 . 2011-12-16 22:26	473520	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 22:48	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 00:30	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 00:30	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:30	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:30	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 15:16	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 15:16	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 15:16	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 15:16	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 15:16	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 15:16	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 15:16	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 15:16	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 15:16	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 15:16	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 15:16	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 15:16	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 15:16	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 15:16	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 15:16	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 15:16	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 15:16	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 15:16	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 15:16	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 15:16	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 15:16	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 15:16	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 15:16	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 15:16	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 15:16	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 15:16	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 15:16	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 15:16	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 15:16	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 15:16	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 15:16	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 15:16	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 15:15	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 15:15	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 15:15	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 15:15	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 15:15	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 15:15	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 15:15	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 15:15	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 15:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-31 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 cpuz135;cpuz135;c:\users\MITCH\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_2;NTIOLib_1_0_2;c:\program files (x86)\MSI\BIOS Code Unlocked Technology\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7642v1D0\NTIOLib_X64.sys [2011-01-06 11888]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-02 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-29 503352]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-11-13 140936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-06-20 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-06-20 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-06-20 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-20 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-06-20 465360]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-11-13 114168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 23:27]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000Core.job
- c:\users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-03 19:29]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000UA.job
- c:\users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-03 19:29]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.orbitdownloader.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: {{0112EFE4-D779-47C0-90DC-E4170B88D340} - c:\program files (x86)\FreshDevices\FreshDownload\fd.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\fr1nr1rq.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-02-02 20:52; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BitTorrent - c:\downloads\BitTorrent.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3879921085-4238989401-138329163-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,ec,34,e9,19,63,89,37,1e,e4,bb,fb,db,fe,f5,82,ae,cc,6c,f9,5a,
   b4,da,ba,94,d6,cf,4b,70,3b,5d,07,2a,eb,87,80,e8,1a,f8,a3,2a,1a,8a,ad,8a,5d,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-18  19:13:44
ComboFix-quarantined-files.txt  2013-02-18 18:13
.
Vor Suchlauf: 10 Verzeichnis(se), 69.695.954.944 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 76.089.708.544 Bytes frei
.
- - End Of File - - 0938606FF9180269B15D87C47FDF7C16
         

Alt 20.02.2013, 12:01   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2013, 16:00   #11
Mitchbox
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by MITCH on 20.02.2013 at 16:16:42,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\minidumps [204 files]
Emptied folder: C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\minidumps [41 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2013 at 16:20:32,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 20/02/2013 um 16:23:43 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : MITCH - MITCH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MITCH\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\fr1nr1rq.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Chromium v     window_placement: {
         bottom: 988

Datei : C:\Users\MITCH\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2372 octets] - [15/02/2013 00:34:56]
AdwCleaner[S2].txt - [1223 octets] - [20/02/2013 16:23:43]

########## EOF - C:\AdwCleaner[S2].txt - [1283 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 20.02.2013 16:32:07 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MITCH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,57 Gb Available Physical Memory | 82,12% Memory free
16,00 Gb Paging File | 14,47 Gb Available in Paging File | 90,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 70,73 Gb Free Space | 59,36% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 81,49 Gb Free Space | 83,45% Space Free | Partition Type: NTFS
Drive G: | 423,03 Gb Total Space | 151,03 Gb Free Space | 35,70% Space Free | Partition Type: NTFS
Drive H: | 199,09 Gb Total Space | 156,03 Gb Free Space | 78,37% Space Free | Partition Type: NTFS
Drive O: | 119,92 Gb Total Space | 13,49 Gb Free Space | 11,25% Space Free | Partition Type: NTFS
 
Computer Name: MITCH-PC | User Name: MITCH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MITCH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NTIOLib_1_0_6) -- C:\Program Files (x86)\Setup Files\Ms7642v1D0\NTIOLib_X64.sys (MSI)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 87 59 65 78 16 CD 01  [binary data]
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\SearchScopes\{75DE8DA1-9E23-422C-9F40-450857FE28F9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.0
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1
FF - prefs.js..extensions.enabledAddons: %7B6bdc61ae-7b80-44a3-9476-e1d121ec2238%7D:0.85
FF - prefs.js..extensions.enabledAddons: %7Bfa8476cf-a98c-4e08-99b4-65a69cb4b7d4%7D:1.5.0.2
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:11:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.17 20:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Extensions
[2013.02.20 15:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions
[2013.01.30 13:19:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.02.17 00:05:40 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\clickclean@hotcleaner.com
[2012.09.15 18:59:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\fr1nr1rq.default\extensions\ich@maltegoetz.de
[2013.02.15 00:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2011.12.17 13:26:23 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2012.07.30 22:41:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.07.30 22:41:17 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org
[2011.12.17 13:26:24 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\MITCH\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach
[2011.11.17 20:29:34 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.02.09 23:32:14 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2013.02.20 15:54:07 | 000,530,982 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.10.03 17:45:15 | 000,048,875 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
[2012.03.21 20:35:25 | 000,447,072 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi
[2012.07.30 22:41:17 | 000,526,190 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.30 22:41:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.12.30 12:46:09 | 000,044,727 | ---- | M] () (No name found) -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
[2012.02.24 21:40:47 | 000,002,419 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\englische-ergebnisse.xml
[2012.02.24 21:40:47 | 000,010,525 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\gmx-suche.xml
[2012.02.24 21:40:47 | 000,002,457 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\lastminute.xml
[2012.02.24 21:40:47 | 000,005,508 | ---- | M] () -- C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\fr1nr1rq.default\searchplugins\webde-suche.xml
[2013.02.06 17:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.06 17:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.02.06 17:11:29 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.21 01:53:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 12:06:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.21 01:53:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.21 01:53:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.21 01:53:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.21 01:53:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\MITCH\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\MITCH\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
 
O1 HOSTS File: ([2013.02.18 19:12:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~2\FRESHD~1\FRESHD~1\fdiebar.dll File not found
O3 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: FreshDownload - {0112EFE4-D779-47C0-90DC-E4170B88D340} - C:\Program Files (x86)\FreshDevices\FreshDownload\fd.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD673351-AEB8-44A4-A92F-351229691467}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.20 16:16:42 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.20 16:16:21 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.20 16:00:51 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\MITCH\Desktop\JRT.exe
[2013.02.18 19:13:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.18 19:09:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.18 19:09:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.18 19:09:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.18 19:08:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.18 19:08:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.18 17:42:35 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\MITCH\Desktop\ComboFix.exe
[2013.02.16 20:35:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MITCH\Desktop\tdsskiller.exe
[2013.02.16 20:34:39 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\MITCH\Desktop\aswMBR.exe
[2013.02.16 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\MITCH\Desktop\mbar
[2013.02.13 23:59:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 23:59:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 23:59:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 23:59:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 23:59:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 23:59:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 23:59:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 23:59:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 23:59:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 23:59:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 23:59:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 23:59:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 23:59:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 23:59:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 23:59:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 23:50:02 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 23:50:01 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 23:50:01 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 23:48:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 23:48:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 23:48:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 23:48:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 23:48:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 23:48:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 23:48:46 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.11 17:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.11 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.02.06 17:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.04 20:45:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MITCH\Desktop\OTL.exe
[2013.02.04 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\Malwarebytes
[2013.02.04 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.04 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.04 19:25:37 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.04 19:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.04 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Local\Programs
[2013.02.02 21:07:23 | 000,000,000 | ---D | C] -- C:\Users\MITCH\AppData\Roaming\BitTorrent
[2013.02.02 21:04:59 | 001,053,520 | ---- | C] (BitTorrent Inc.) -- C:\Program Files (x86)\BitTorrent_7.8.exe
[2013.02.02 15:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD PVR Editor
[2013.02.02 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD PVR Editor
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.20 16:32:49 | 000,023,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.20 16:32:49 | 000,023,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.20 16:29:40 | 001,622,486 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.20 16:29:40 | 000,699,776 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.20 16:29:40 | 000,654,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.20 16:29:40 | 000,149,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.20 16:29:40 | 000,122,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.20 16:25:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.20 16:25:20 | 2146,815,999 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.20 16:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.20 16:00:51 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\MITCH\Desktop\JRT.exe
[2013.02.19 21:50:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000UA.job
[2013.02.18 19:12:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.18 17:43:07 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\MITCH\Desktop\ComboFix.exe
[2013.02.17 10:50:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3879921085-4238989401-138329163-1000Core.job
[2013.02.17 01:05:18 | 654,226,071 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.16 21:21:46 | 000,000,512 | ---- | M] () -- C:\Users\MITCH\Desktop\MBR.dat
[2013.02.16 20:35:52 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\MITCH\Desktop\aswMBR.exe
[2013.02.16 20:35:20 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MITCH\Desktop\tdsskiller.exe
[2013.02.16 19:47:13 | 000,374,784 | ---- | M] () -- C:\Users\MITCH\Desktop\GMER_2.1.18952.exe
[2013.02.14 14:29:03 | 000,587,671 | ---- | M] () -- C:\Users\MITCH\Desktop\adwcleaner0.exe
[2013.02.14 00:10:57 | 000,268,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.11 14:08:31 | 000,050,477 | ---- | M] () -- C:\Users\MITCH\Desktop\Defogger.exe
[2013.02.10 00:27:47 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.10 00:27:47 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.04 20:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MITCH\Desktop\OTL.exe
[2013.02.04 19:25:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.03 15:57:56 | 000,001,309 | ---- | M] () -- C:\Users\MITCH\Desktop\BitTorrent_7.8 - Verknüpfung.lnk
[2013.02.02 21:05:05 | 001,053,520 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\BitTorrent_7.8.exe
[2013.02.01 00:47:43 | 000,002,364 | ---- | M] () -- C:\Users\MITCH\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.18 19:09:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.18 19:09:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.18 19:09:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.18 19:09:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.18 19:09:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.16 21:21:46 | 000,000,512 | ---- | C] () -- C:\Users\MITCH\Desktop\MBR.dat
[2013.02.16 19:47:13 | 000,374,784 | ---- | C] () -- C:\Users\MITCH\Desktop\GMER_2.1.18952.exe
[2013.02.14 14:29:02 | 000,587,671 | ---- | C] () -- C:\Users\MITCH\Desktop\adwcleaner0.exe
[2013.02.11 14:08:31 | 000,050,477 | ---- | C] () -- C:\Users\MITCH\Desktop\Defogger.exe
[2013.02.04 19:25:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.03 15:57:56 | 000,001,309 | ---- | C] () -- C:\Users\MITCH\Desktop\BitTorrent_7.8 - Verknüpfung.lnk
[2012.06.25 17:16:28 | 000,000,292 | ---- | C] () -- C:\Users\MITCH\AppData\Local\HamsterBookConverter.cfg
[2012.06.16 10:07:41 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\VBRUN100.DLL
[2012.05.06 10:31:20 | 000,017,408 | ---- | C] () -- C:\Users\MITCH\AppData\Local\WebpageIcons.db
[2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.09 00:04:20 | 000,019,968 | ---- | C] () -- C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.11 16:09:42 | 001,599,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.02 22:19:34 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.09.02 21:20:01 | 000,007,604 | ---- | C] () -- C:\Users\MITCH\AppData\Local\resmon.resmoncfg
[2011.08.25 15:33:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B6AC352B

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 20.02.2013 16:32:07 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MITCH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,57 Gb Available Physical Memory | 82,12% Memory free
16,00 Gb Paging File | 14,47 Gb Available in Paging File | 90,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 70,73 Gb Free Space | 59,36% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 81,49 Gb Free Space | 83,45% Space Free | Partition Type: NTFS
Drive G: | 423,03 Gb Total Space | 151,03 Gb Free Space | 35,70% Space Free | Partition Type: NTFS
Drive H: | 199,09 Gb Total Space | 156,03 Gb Free Space | 78,37% Space Free | Partition Type: NTFS
Drive O: | 119,92 Gb Total Space | 13,49 Gb Free Space | 11,25% Space Free | Partition Type: NTFS
 
Computer Name: MITCH-PC | User Name: MITCH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0896509A-86AB-4E3E-B55F-E93C1BB76008}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{235BD6DF-CC63-4FD1-A65B-873017720E94}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2D0F3EE3-432A-42E3-A586-BF3A6E157B88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2FC6E7FC-C9F7-47E9-8B44-B6E25FFB582B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3B05E0B5-C227-4C46-A1D1-B1602679DF9D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6048750D-A204-4ECE-A065-248F18D6DB2E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{608FB095-3F51-4442-81E5-EAE9CA3F2C42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{67056C47-2006-4AEC-AB2E-CE8449DE9018}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{72425582-A4DC-4B98-A110-1908EA32CCDF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{75294EED-B704-4AAC-BAEE-C446CA763BF2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9D410372-E819-4022-9F5B-15063F3634B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AFD8EA5E-CA05-4B13-8515-DDC9AF677A74}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B914FA62-E2E3-477D-B15D-99B71B13AD85}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA8BDCB1-FED7-4BDC-AAD5-C9CF8686F406}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA3E5C6D-19FD-44AA-8C09-B7D200857DBC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E0F69884-C1F3-4182-AD6B-56C9FC0E242D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E72E56B6-6B44-439F-B562-A883C199F6CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EE09C395-8F44-4314-9FAA-1A70411C09F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FAFC504B-C285-4C5A-BC13-72A5BBE61C9A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FE09AD30-FFC9-438F-BC4A-AE24FFFF657C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FE224476-E5A7-490A-AE47-EFA152E5ABE6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18945855-611F-4022-9574-56B535E25C54}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{334E2ADE-39A3-421A-859E-141F94192833}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{557DC502-5343-4E56-8226-AC2CBA9D0998}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5629ACDD-3391-4535-AE21-471636FF2F7B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{5AC12CFD-7351-4A7F-A2BE-14F67CCB48C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{649E8AF9-BD2A-4B1F-9C39-2ED3FF72FA82}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{676C76BD-0904-4B57-B61F-5166AF0A7D3C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E2EF138-F161-4373-B64B-7A3EE2C21DDF}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent_7.8.exe | 
"{77CBABD5-0193-4344-884B-0957085842A0}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent_7.8.exe | 
"{77E3EC31-8C6C-49A0-9FD2-D64EEDF07E21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D527085-9AAB-4E0E-95FA-A05340E6D934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7ED139D5-DA75-40B0-A563-D90FA094933F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{90724341-B414-4300-8926-8ED6D93DDA67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9838B095-28BC-4651-A35C-4AB161975CD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A15462F3-8EC2-4A9C-901B-5783820C9727}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AA781861-FBD5-4ADA-A5A1-BC0C00E49AE3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AB177CB1-90FB-4FB6-9039-84347FE72CDE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AE6B921D-BF14-4C57-9CC5-059FABA4F81D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB67FFFF-E50B-4562-9BD1-59D95E64D46B}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{C8200822-18C7-4033-A3AE-4DC4E803588B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D3424554-0B9E-4195-BACF-9D4E9BB5743E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E35F975F-571C-4DEA-A0FD-0F34DBF4BAEA}" = protocol=6 | dir=out | app=system | 
"{EB41979B-AF59-4C06-868F-DA1FBAEAEABA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE176FDB-C254-47EC-8CCC-DEF2816A0201}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{F5422D29-D615-45C0-94CF-AD1748ADFEE1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F8707C83-BEAE-4F08-8D3B-75C97323AF55}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{FFC3EF5A-FA08-4500-BAFE-B01AB81D157E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{57BE2C44-E41F-46B4-93DC-746FD54E2ECB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{8DC304EE-DDDB-48BC-B656-24323B2EA75A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{441AC599-200D-4E04-B274-C6B7B50C281D}_is1" = Hamster Free EbookConverter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{C2FBB88A-65AA-6751-25EC-6A9046FA5F3B}" = Windows Driver Kit
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{f65530f7-1696-4fcd-8876-37cdcacdbd4c}" = Windows Driver Kit
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FBDF7205-0CD2-435A-A595-58166C4C7953}" = Vector 12.04.073
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Internet Security 2012
"BitTorrent" = BitTorrent
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"HD PVR Editor_is1" = HD PVR Editor 2.0
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"JAP" = JAP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Notepad++" = Notepad++
"Orbit_is1" = Orbit Downloader
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3879921085-4238989401-138329163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 20.02.2013 11:25:23 | Computer Name = MITCH-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
 
< End of report >
         

Alt 20.02.2013, 20:11   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 4
[2013.02.16 21:21:46 | 000,000,512 | ---- | C] () -- C:\Users\MITCH\Desktop\MBR.dat
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B6AC352B
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.02.2013, 16:20   #13
Mitchbox
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 4001 removed from network.proxy.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 4001 removed from network.proxy.http_port
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 4001 removed from network.proxy.ssl_port
Prefs.js: 4 removed from network.proxy.type
C:\Users\MITCH\Desktop\MBR.dat moved successfully.
ADS C:\ProgramData\TEMP:B6AC352B deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\MITCH\Desktop\cmd.bat deleted successfully.
C:\Users\MITCH\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: MITCH
->Temp folder emptied: 1081139 bytes
->Temporary Internet Files folder emptied: 7809444 bytes
->Java cache emptied: 13869 bytes
->FireFox cache emptied: 120836552 bytes
->Google Chrome cache emptied: 83820130 bytes
->Flash cache emptied: 296 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1312 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 140063 bytes
 
Total Files Cleaned = 204,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 02222013_171112

Files\Folders moved on Reboot...
C:\Users\MITCH\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 22.02.2013, 21:16   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.02.2013, 23:11   #15
Mitchbox
 
Loadtbs-3.0 entfernen, Schäden beseitigen - Standard

Loadtbs-3.0 entfernen, Schäden beseitigen



Alles klar, ich mach das dann morgen Abend.

Antwort

Themen zu Loadtbs-3.0 entfernen, Schäden beseitigen
.dll, administrator, antivir, autostart, avg, avira, desktop, explorer, februar 2013, frage, home, html, install.exe, loadtbs-3.0, malwarebytes, microsoft, modul, musik, programm, prozesse, registry, security, service.exe, software, usb, virus, warnung, windows



Ähnliche Themen: Loadtbs-3.0 entfernen, Schäden beseitigen


  1. Windows Registry Schäden...
    Log-Analyse und Auswertung - 19.05.2015 (4)
  2. loadtbs 3-0
    Plagegeister aller Art und deren Bekämpfung - 02.03.2014 (5)
  3. loadtbs-2.1 & loadtbs-3.0 HILFE!
    Log-Analyse und Auswertung - 01.03.2014 (11)
  4. loadtbs 3-0
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (1)
  5. Schäden nach qvo6.
    Plagegeister aller Art und deren Bekämpfung - 24.09.2013 (16)
  6. Ist loadtbs-2.1 ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 19.08.2013 (54)
  7. loadtbs-3.0 u. evtl. mehr beseitigen!
    Log-Analyse und Auswertung - 31.07.2013 (5)
  8. loadtbs-2.1 & loadtbs-3.0
    Log-Analyse und Auswertung - 19.04.2013 (3)
  9. TR/Dropper.Gen5 und loadtbs
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (19)
  10. Loadtbs-2.1 in Systemsteuerung und als IE9 Addon
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (21)
  11. Trojaner deo0_sar.exe aus Gdata Total Protection Quarantäne entfernen/beseitigen
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (4)
  12. Symantec: Cybercrime-Schäden reichen an Umsätze im Drogenhandel heran
    Nachrichten - 13.09.2011 (0)
  13. BKA und Bitkom: 17 Millionen Euro Schäden durch Phishing
    Nachrichten - 06.09.2010 (0)
  14. TR/CRYPT.XPACK.GEN- mögliche Schäden?
    Log-Analyse und Auswertung - 26.07.2009 (1)
  15. autorun.inf + dns server schäden (?) + andere malware?
    Log-Analyse und Auswertung - 20.10.2008 (3)
  16. Hijackthis LogFile /Viren/Schäden
    Log-Analyse und Auswertung - 17.06.2006 (2)
  17. jaaste.dll und kb290333.dll ----> Schäden?
    Log-Analyse und Auswertung - 23.07.2005 (0)

Zum Thema Loadtbs-3.0 entfernen, Schäden beseitigen - Hallo zusammen, ich habe mit Avira Internetsecurity 2012 einen Vollscan durchgeführt, und das ist das Ergebnis: Code: Alles auswählen Aufklappen ATTFilter Avira Internet Security 2012 Erstellungsdatum der Reportdatei: Montag, 4. - Loadtbs-3.0 entfernen, Schäden beseitigen...
Archiv
Du betrachtest: Loadtbs-3.0 entfernen, Schäden beseitigen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.